SoylentNews is people
SoylentNews
from the $95-million-would-pay-for-a-LOT-of-backups dept.
Ransomware Incident to Cost Danish Company a Whopping $95 Million:
After a month, hearing aid manufacturer Demant has yet to recover after the attack.
Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month.
[...] Demant's troubles began at the start of the month, on September 3, when in a short statement on its website, the company said it was shutting down its entire internal IT infrastructure following what it initially described as "a critical incident."
What really happened on the company's network, we'll never know, as Demant never revealed anything except that its "IT infrastructure was hit by cyber-crime."
Reports in Danish media[1, 2] pegged the incident as a ransomware attack, and it sure did look like one from the outside.
Per its own statements, all the company's infrastructure was impacted -- and impacted severely.
This included the company's ERP system, production and distribution facilities in Poland, production and service sites in Mexico, cochlear implants production sites in France, amplifier production site in Denmark, and its entire Asia-Pacific network.
Companies usually recover after data breaches within days; however, Demant took weeks, is still recovering assets today, and expects to take two more weeks to recover in full. This pattern of destruction that takes months to recover from is usually encountered during ransomware infections only.
[...] These business upheavals have been a disaster for the company's bottom line. In a message to its investors, Demant said it expects to lose somewhere between $80 million and $95 million.
The sum would have been higher, but the company expects to cash in a $14.6 million cyber insurance policy.
Most of the losses have come from lost sales and the company not being able to fulfill orders. The actual cost of recovering and rebuilding its IT infrastructure were only around $7.3 million, a small sum compared to the grand total.
How many Soylentils have discovered a security vulnerability in your own company's code and succeeded in persuading management to provide sufficient time and resources to address them?
(Score: 2) by SemperOSS on Tuesday October 01 2019, @07:55PM (2 children)
Unfortunately, the two links to Danish sources given in the post are paywalled. If your Danish is up to it (otherwise you can always give Google Translate a try), these might be better choices: Hackerangreb koster dansk virksomhed over en halv milliard [www.dr.dk] (Hacking costs Danish company more than half a billion [kroner]) and Hackerangreb har kostet Demant over en halv milliard kroner [version2.dk] (Hacking has cost Demant more than half a billion kroner).
I am still amused/surprised/horrified that technological companies are so bad at security. If they have the same level of security in their hearing aids, they should be easily hacked. So if you are wearing Demant hearing aids and hearing voices, try looking around and see if you can spot the hacker.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 2) by nobu_the_bard on Tuesday October 01 2019, @09:56PM (1 child)
The people making the hearing aids aren't necessarily the same ones running the IT department.
That said, hearing aids historically aren't incredible on security, either...
(Score: 2) by toddestan on Friday October 04 2019, @02:19AM
The latest ones use Bluetooth so they can interact with smartphones, and this essentially forces them to have some sort of security if they are going to implement the protocol correctly. Slightly older ones use propriety wireless protocols, which are protected more by security by obscurity rather than anything else. Older hearing aids, of course, don't have any wireless capabilities.