For all the IT good guys out there, there’s an awful lot of bad guys too.
Cyber criminals won’t hesitate to prey on their tech-savvy comrades if there’s a quick buck in it. All it takes is a small chink in the security armour and they're crawling across servers, spreading viruses, and doing their worst.
And what if your system gets hacked? Embarrassing? Probably. Expensive? Definitely.
Delayed kick-off
Take the case of one software developer with a growing client list and a growing reputation. With the live date looming for a new online ticket system it had developed for a big-name local football club, staff came in to find their system in lockdown.
Criminals had infected it with ransomware after a junior employee had innocently visited a website that had itself been hacked. An unknown vulnerability in its software meant the criminals could access its servers, encrypting files and demanding a bitcoin ransom to unlock them.
Cue panic.
The encrypted files were vital to the work it was doing for the football club. The new ticket system was due to go live that week and, if ticket chaos ensued and word got out to the press, there’d be a lot of unhappy football fans.
More importantly, there’d also be a claim for damages from the club, and the IT company’s reputation could be ruined.
Cyber insurance is the fingertip save for IT
A potential own goal then. Except the company’s IT cyber insurance kicked into action, providing practical help and reassurance.
Here’s what happened:
- First, it paid for a skilled negotiator to make contact with the hackers and to talk to them in their own language. Cost: £1,500
- Second, once it became clear there was no other solution to what was an increasingly tense situation, it covered the ransom amount. Cost: £3,000
- Third, it provided a forensic expert to trawl through the developer’s systems, finding and fixing the Achilles heel the hackers used as their entry point. Cost: £3,500.
- Finally, because the company had added on optional cyber business interruption insurance, it paid out a carefully calculated sum to cover their loss of income and extra working costs. Cost: £500 a day for three days.
That’s a hefty £9,500 in total.
Relegation threat
It all could’ve been so much worse, too. Think about a scenario where someone at the software company has to deal with the hackers direct, without any real notion of how to approach the negotiation.
Things could quite easily have gone horribly wrong. And that could have led to the ransom demand being ratcheted up. Or the hackers simply walking away, leaving permanently encrypted files and a ruined project in their wake.
Plus, if the forensic expert hadn’t been on hand to detect and fix the weakness in the system, it would have left the IT company vulnerable to further attacks.
Finally, there’s the question of what would have happened to the IT company’s business prospects had the new ticketing system not been delivered on time. Its reputation would no doubt have taken quite a knock once news of the hack got out, potentially putting paid to lucrative new contracts – both with the club and others.
All of which goes to show, being match fit and adopting the right tactics goes a long way to putting you in a winning position.
Read more about what is cyber insurance and what it covers.
Image used under license from Shutterstock.