I’m not the first to say it but can certainly attest to it, cyberattacks are no joke. And when I say attack, I mean crime. Theft. Invasion. Disruption. Threats. Criminal actions.
Today’s cyber criminals or threat actors, as they are commonly known, show up when and where you least expect them. We know from experience.
It’s the phone call no business owner wants.
For me, the call came from our Technology Services VP at approximately 6:30am on a weekday morning in early 2021. His exact words: “We’ve been hit.”
From as early as 2:00am that morning, more than 30 gigs of data moved out of our system before things began impacting our programs and triggering internal alarms. Thankfully, we had processes and protocols in place and our team took swift action to mitigate impact and loss.
The next immediate call was to our insurance carrier. Because of the nature of our business, we have a comprehensive cybersecurity rider on our policy. It triggered immediate actions and within hours, we had help from best-in-class industry response teams. We followed their direction and let them do what they do best. Although the coverage had a high deductible, it was worth it to have the expert help.
Our internal team will be the first to tell you it was an incredibly intense 24 hours while they worked to identify the impact and begin turning programs back on. For some applications, it took as long as a week.
The non-technical aspects were equally intense, with the biggest question being, “Pay or don’t pay?” It was clear the ransom demand was driven by the threat of external exposure, and it became easy to see how an event like this could trigger chaos, confusion and emotionally charged decisions.
I greatly appreciate how our team stayed calm through the storm and had our systems back up and running in record time. And I cannot overstate the importance of backup systems to quickly restore data and get things operational.
In case you’re wondering, we chose not to pay the ransom. For us, it was the right decision.
We have since applied learnings from the experience and fine-tuned our internal training, communications and processes, across all departments and functions.
I strongly encourage any size business to have a detailed cybersecurity plan in place. Study it. Review it. Keep it current. And by all means, pay close attention to your insurance cybersecurity rider.
Because Standley Systems offers a Managed IT Services offering, we felt it might help others to know, when it comes to cybersecurity, we speak from a voice of experience. Our technical teams are trained and equipped to help evaluate client response and recovery plans and can help navigate these turbulent waters should this nightmare happen to you. We hope and pray it does not.