Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday October 01 2019, @07:31PM   Printer-friendly
from the $95-million-would-pay-for-a-LOT-of-backups dept.

Ransomware Incident to Cost Danish Company a Whopping $95 Million:

After a month, hearing aid manufacturer Demant has yet to recover after the attack.

Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month.

[...] Demant's troubles began at the start of the month, on September 3, when in a short statement on its website, the company said it was shutting down its entire internal IT infrastructure following what it initially described as "a critical incident."

What really happened on the company's network, we'll never know, as Demant never revealed anything except that its "IT infrastructure was hit by cyber-crime."

Reports in Danish media[1, 2] pegged the incident as a ransomware attack, and it sure did look like one from the outside.

Per its own statements, all the company's infrastructure was impacted -- and impacted severely.

This included the company's ERP system, production and distribution facilities in Poland, production and service sites in Mexico, cochlear implants production sites in France, amplifier production site in Denmark, and its entire Asia-Pacific network.

Companies usually recover after data breaches within days; however, Demant took weeks, is still recovering assets today, and expects to take two more weeks to recover in full. This pattern of destruction that takes months to recover from is usually encountered during ransomware infections only.

[...] These business upheavals have been a disaster for the company's bottom line. In a message to its investors, Demant said it expects to lose somewhere between $80 million and $95 million.

The sum would have been higher, but the company expects to cash in a $14.6 million cyber insurance policy.

Most of the losses have come from lost sales and the company not being able to fulfill orders. The actual cost of recovering and rebuilding its IT infrastructure were only around $7.3 million, a small sum compared to the grand total.

How many Soylentils have discovered a security vulnerability in your own company's code and succeeded in persuading management to provide sufficient time and resources to address them?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by JoeMerchant on Tuesday October 01 2019, @11:03PM (5 children)

    by JoeMerchant (3937) on Tuesday October 01 2019, @11:03PM (#901542)

    Sure, point being: the whole valuable dataset can be contained in a little widget that costs virtually nothing, so why not make multiple backups and keep them in multiple sites, instead of putting $90M+ at risk?

    That insurer paying out $14M should be mandating some changes in operations at all of their insured sites.

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by SomeGuy on Tuesday October 01 2019, @11:25PM (4 children)

    by SomeGuy (5632) on Tuesday October 01 2019, @11:25PM (#901557)

    the whole valuable dataset can be contained in a little widget that costs virtually nothing, so why not make multiple backups and keep them in multiple sites, instead of putting $90M+ at risk?

    Because that would involve telling the PHB that his terabytes of uncompressed TIF files for his PowerPoint presentations are not "valuable".

    • (Score: 2) by JoeMerchant on Wednesday October 02 2019, @02:11AM (2 children)

      by JoeMerchant (3937) on Wednesday October 02 2019, @02:11AM (#901645)

      telling the PHB that his terabytes of uncompressed TIF files for his PowerPoint presentations are not "valuable".

      Agreed, but if you wanted $14M in "data insurance" from me, I'd either be demanding $1M/month in premiums, or a data protection strategy that identifies the data of significant value and ensures that the offline, offsite backups are never more than 48 hours old and a much, much lower premium - actual rate to be determined by compliance rates found in monthly best practices audits - I suspect the premium could be lowered to the fully loaded cost of the audits + 0.1% of the amount insured, per month, if the audits find 100% compliance.

      Compared to the cost of the compliance audits, the cost of the actual backups would be trivial.

      --
      🌻🌻 [google.com]
      • (Score: 2) by canopic jug on Wednesday October 02 2019, @07:51AM (1 child)

        by canopic jug (3949) Subscriber Badge on Wednesday October 02 2019, @07:51AM (#901739) Journal

        Agreed, but if you wanted $14M in "data insurance" from me, ...

        This was partially addressed at Black Hat 2019 in the presentation How Do Cyber Insurers View The World? [youtube.com].

        But not mentioned in the recorded talk is an explicit mention of the culpability of M$ products in ongoing, successful breaches and ransomware attacks. It was mentioned when the industry started at the tail end of the 1990s. Back then premiums were much higher for the fools trying to run Windows and othef M$ products in production. Now it seems talked around. It is the elephant in the room now and as problematic as it gets, costing the world hundreds of billions per year [varonis.com]. If this damage were cause by another group than the politician Bill Gates and his minions, national defense would be all over it. It may be that the underwriters will just use it as an excuse to raise premiums for all custoemrs though.

        --
        Money is not free speech. Elections should not be auctions.
        • (Score: 2) by JoeMerchant on Wednesday October 02 2019, @01:17PM

          by JoeMerchant (3937) on Wednesday October 02 2019, @01:17PM (#901816)

          It may be that the underwriters will just use it as an excuse to raise premiums for all custoemrs though.

          I think this is endemic to the insurance industry - sure give a "safe driver" discount of 10 or 20%, vary premiums based on age, sex, etc. but, I believe that they know more than they let on in their rate setting, and they push everybody's premiums toward a point somewhat above the average, such that the irresponsible and higher risk are actually getting a good deal on insurance, costs borne by the rest of the group - even though they pay "discount rates" the discounts don't reflect the real reduction in risk that is known to be present.

          --
          🌻🌻 [google.com]
    • (Score: 2) by fido_dogstoyevsky on Wednesday October 02 2019, @02:16AM

      by fido_dogstoyevsky (131) <axehandleNO@SPAMgmail.com> on Wednesday October 02 2019, @02:16AM (#901653)

      Because that would involve telling the PHB that his terabytes of uncompressed TIF files for his PowerPoint presentations are not "valuable".

      There's a solution for that problem [theregister.co.uk].

      --
      It's NOT a conspiracy... it's a plot.