That was almost six months ago. December 14, 2021, Time revealed that DBS Group had been the victim of hackers. The Lausanne-based company, which owns 12 real estate brands in Switzerland, including Domicim, Brolliet and Duc-Sarrasin, had a 615MB data volume stolen from 485 files. DBS Group, which has about 700 employees, had refused to pay a ransom to the hackers. Christophe Hubschmid, director of the group, returns to this crisis in the framework of the Forward forum, organized on Thursday by the EPFL, p Me et Time.
Le Temps: Several months after this attack, what traces remain in your company?
Christophe Hubschmid: Of course, one does not emerge unscathed from such a situation. But I am extremely pleased with the way we have handled it. Today, all of our systems are back to normal, we have reinstalled our data, and our computer has been upgraded much faster than we expected before the attack. We have greatly accelerated our migration to the cloud, all our software is now running this way.
These cyberattacks are often heard psychologically affecting employees. What happened to you?
There was the shock of the attack, of the sudden disconnection of our systems, of having to work differently… A shock all the more important as the coronavirus crisis was still very present then. Our computer scientists worked 24 hours a day for the first few days, with the immediate support of external specialists. They were only able to take a vacation four to five months after the attack. We wanted to inform our employees in the most transparent way immediately, on a regular basis, through sessions and question and answer sheets.
How big was the stolen data?
Honestly, she was minimal. We estimate that less than 0.3 per thousand of our data has been stolen and published on the darknet. It was not sensitive data, and in addition some information was not readable without our software. It was initially a management controller computer station that was attacked, and the attack was quickly circumscribed. This is one of our collaborators who clicked on a link in an email sent by an external partner. It was very well done, and our antivirus did not give the alert. This partner’s mail server had been infected and remotely controlled by hackers.
Insensitive data, you say, but some of your customers shouldn’t have liked you being hacked?
Make no mistake. We took the trouble to write to our customers, via several thousand letters, to explain to them what had happened. Only three customers then wrote to us asking if their bank details had leaked, which was not the case. We have been in closer contact with our large institutional clients, and they have all been very understanding and satisfied with our shared experience. Because what happened to us can also happen to them, of course.
Why didn’t you pay a ransom to try to prevent data leaks online?
This was ruled out because paying would obviously not have assured us that this data would not be published and did not guarantee that we would be protected from hacking. In addition, this data was limited and not sensitive. We have a backup copy of all our information. Finally, we should have reinstalled all our computers anyway to make sure we didn’t leave any doors open for hackers. So paying has never been an option, we never even wanted to know how much the hackers would have wanted to charge us. No contact was made with them.
Have you significantly increased your IT and cybersecurity spending?
Yes. The budget was already very high, it increased even more. There is hardware, software, accelerated migration to the cloud. And there is staff training, which never stops. We already had continuous training in place within the group, we strengthened them, a single click that could allow an attack to take place… The problem is that you have to find the right dosage: because at the end of ‘For a while, and it’s human and normal, prevention speeches are hardly listened to. So we need to find new ways to train employees. We’ve also put in place dual authentication systems for access, and of course that complicates everyone’s work a bit, and needs to be explained.
Did you take out insurance against cyberattacks?
Yes, and she covered some of the costs. I will not give an exact figure. I can only say that the insurance premium is high, but the deductible is reasonable. And so the insurance paid for part of the hundreds of thousands of francs that this attack cost us in terms of restoring our computer systems.
What advice would you give to other companies in the face of these cyberattacks?
Make regular backups of your data in secure, offline locations, train your staff on an ongoing basis, then communicate seamlessly and quickly with your employees, customers, suppliers… And the story never ends, I leave on the principle that we will be attacked again. But we will be even stronger to deal with it.
#cyberattack #cost #hundreds #thousands #francs