Ask the experts

Let’s learn from mistakes.

But ideally, not from our own.

March, 2020
Source: brand eins, 03/2020 edition: Instructive Attack, Text: Stefan Scheytt

Why do we need MOUNT10? Doesn’t our IT department already do outstanding work?

Those are questions we regularly hear. But nothing makes the necessity of a complete data defense concept and a seamless safety net more tangible and understandable than a few illustrative real-world examples. And in the March edition of magazine brand eins, readers were able to find an object textbook lesson of what happens to dozens of businesses every single day:

A family company that specializes in electronic control technologies as well as safety systems for machines, and is perhaps best known for its bright-red emergency shut-off button that guarantees the safety of countless millions of machines worldwide, becomes a victim of a cyberattack that changes everything.

Zero hour: The company located close to Stuttgart, with annual revenues to date of roughly € 345 million, is hit by a blow in October 2019 that every business has right at the top of their list of horror scenarios – a cyberattack with devastating consequences. All of the company’s servers and communications systems are infected with blackmail software by means of a virus. A classic example. With a single click, everything is dead, it’s not even possible to make a phone call or send an email anymore. Suddenly, 2500 employees are no longer able to access company data. The company has 42 subsidiaries worldwide that are crippled from one moment to the next. And the company’s security strategy now comes across as bitter irony.

Precisely what such an attack means for a company, especially one that has an intrinsic technology focus, simply cannot be described in stark enough terms. Patents, blueprints, technical drawings, addresses, customer contacts, accounts, parts lists, reports and certificates, wage slips etc. etc. etc.… all right down the drain. The reason? No industrial espionage, no attack by a hostile nation or act of revenge by a disgruntled former employee – though all would certainly have been possible. No, this was blackmail, pure and simple. The data was being held for ransom until the company paid the specified amount in the form of bitcoins. The impacted company owner finds a befitting metaphor, referring to it as a 5-alarm fire, the devastating effects of which only become visible once the smoke has cleared and everything before you lies in ruins. The field of rubble was indeed massive and the owner can count himself somewhat luckier than many others, because at least his company was able to rise slowly from the ashes after a complete standstill lasting 3 long months. Week upon week, they were unable to make a phone call, while the heavy gates at the entrance to their business premises had to be shoved open and closed by hand. Even today, a half year later, some areas of the business still look like a crime scene, taped off, access prohibited, experts scanning the computers for clues. Thousands of their computers around the world had to be completely reformatted. Flying blind for months with millions in losses.

In the meantime, the company had to go purely “old school” using file folders, pen and paper. They still haven’t recovered from the shock – psychologically, especially – and have turned their back on digitalization to a great degree. They no longer trust team software and workspace tools, making greater use of bulletin boards and exchanging data physically, in printed form. But are those the right conclusions to draw from such a catastrophe? At least when the owner takes stock of things, he doesn’t see the solution merely in terms of strengthening the firewall:

„Because someone sometime will find the right ladder to climb over our protective wall, now’s the time to minimize the effects of a potential new attack by means of a more complex and more detailed network architecture. If we do, only a few computers will be affected, the fire will be localized instead of turning into an uncontainable wildfire. Our plan is also to give our employees more intensive training to heighten awareness for external threats.“

The title of the brand eins article was “Instructive Attack” – but here at MOUNT10, not all of the lessons they learned are something we would personally be willing to bet our own company’s future on. The impacted company owner is still looking for solutions in-house and is defending against new attacks by denying the future, turning away from digital media and merely focusing on minimizing potential impact. Want he is not doing, is defending against data loss per se. What the situation actually demands is an external security custodian such as MOUNT10, who would provide him in future with an uncompromising safeguard against data loss, data manipulation and potentially a fatal blow. His company has been given a second chance. He should make the most of it.