“For most business owners, digital security is difficult to integrate, and that’s understandable,” says Erwin van Beinum, Ctac’s Director of Cyber Security. “But the question is not whether you will be hacked as a company, but when.” Anyone who is hacked can refer to the GREEN BOX from Ctac’s DIGIMIJ subsidiary for help. This green toolbox contains everything you need to get up and running again after an incident.
The number of cyber attacks is increasing rapidly. Dutch SMEs are also attractive prey for hackers who want to steal data, take systems hostage or even take down systems completely. Organisations prefer not to talk about how much they have paid in the past to regain access to systems that were taken hostage. However, the amounts can be considerable. For example, Maastricht University paid EUR 197,000 to escape the clutches of hackers. Research from security company Crowdstrike shows that the ransom to be paid after a hostage hack can easily reach EUR 1.5 million.
The entities behind these attacks are well-organised criminal organisations with the time, resources and expertise to break into even the most advanced systems. “A break-in or hostage hack takes months to prepare,” says security expert Van Beinum. “Many business owners are not aware of this. But you are facing large groups where 20 experts may spend six months researching your systems. Once they are inside, they’ll slowly but surely figure out what’s happening inside your systems. They nose around the network layer, and they know your operating system and all the applications. They read your emails, know your plans, your designs, your contracts and your suppliers. They know everything. They then use this knowledge to knock you out completely. They hit you where it truly hurts. The investment is worth the effort: they only need to be successful once to earn tens of thousands or even millions of euros.”
Disastrous consequences
The effects of a hostage attack or a hack are disastrous. “You can’t do anything,” says William Verkoelen, Director of Ctac subsidiary DIGIMIJ. “Your business comes to a standstill and your people can’t do anything. The consequential damage is also substantial. Sensitive data is out on the street. You run the risk of claims for damages. Your good name is dragged through the courts. Don’t pretend otherwise: a hack is a major drama.”
Through DIGIMIJ, Verkoelen helps SMEs protect themselves against hackers. Although the risks are huge, he also notices that many companies are not taking cyber security into consideration – or are barely doing so. “Most business owners are busy and focused on current events that happen day to day. They postpone security measures until some time in the future. But then suddenly it happens. It comes down to one of two situations: either you are prepared for them or you are not. If it’s the latter, you have a problem.”
Everything you need to get started
Verkoelen intends to help fellow businessmen to prepare properly against a hack. For one thing, DIGIMIJ’s teams can help customers adopt the right preventive measures. For another, DIGIMIJ ensures companies can resume operations after a devastating hack or hostage attack. The secret weapon DIGIMIJ has developed to do this is called the GREEN BOX. Verkoelen: “The GREEN BOX is literally a green toolbox. This toolbox contains everything you need to get your business back up and running when you can no longer access your systems after a hostage attack. You might also need to use the toolbox if, say, your company burned down – something that happened to me in 2020. With the GREEN BOX, you can quickly get back up and running, and minimise downtime for your business.”
The GREEN BOX is simple to activate, explains Erwin van Beinum. “We are starting from a scenario where someone takes plenty of time to get into your systems and then deliberately destroys your business process. We then asked ourselves what needed to be in the toolbox to allow businesses to recover as fast as possible.” For security reasons, Van Beinum and Verkoelen do not tell us exactly what the GREEN BOX contains. Verkoelen: “Let’s just say that the GREEN BOX has everything needed to start back up step by step and gain access to your systems. We make sure the GREEN BOX is reviewed every two months. That way, you can always rely on having up-to-date, accurate protocols and data.”
Do all the thinking in advance
The real value of the GREEN BOX lies in the fact that you prepare when things are calm. Verkoelen remembers all too clearly what he had to do after the fire in his company. “It wasn’t a hack, but the effect was similar. You no longer have any control. You are powerless. In that kind of situation, you are not thinking clearly. We were able to restart things from home, but after a hack this wouldn’t be an option. That’s why the GREEN BOX is such a great concept. We help our customers to do all the thinking ahead of time, in peace and quiet. There’s no need to go through it all when disaster strikes.”
Incident level 1 for hacks and hostage attacks
When William Verkoelen had to deal with the serious fire that burned his company to the ground, the fire was rated as a level 1 incident. “That means that almost a hundred people are called out, a drone flies over it and ambulances are standing by. At this point, all kinds of protocols are triggered and the machine starts to turn. It’s great to see that people who understand business are doing the right things for you. With our GREEN BOX, we also want to create that feeling. In the event of an emergency, the protocol will kick into gear. The GREEN BOX is an incident level 1 process for hacks and hostage attacks.”