For days, the systems of dental organization Colosseum Dental were down due to a cyber attack. Ultimately, the company saw no option but to pay the hackers a ransom to end the digital hostage crisis. But how is it possible that companies are increasingly victims of such a network intruder?
Mathijs Verschuuren knows all about that. He works as an ethical hacker at WhiteHats in Eindhoven. His job? Discover where it ‘leaks’ in the digital security of companies. And prepare them in case someone with malicious intent tries to pierce through them.
This can be done in various ways, says Mathijs. “First of all because of a technical problem. Then someone breaks in from the outside. For example, because of a web application of a company, which is not properly secured.”
“People make certain choices and they are not always right.”
Another scenario has more to do with the person behind that computer or telephone. “Think of phishing, where someone is tempted to click on a link. Or someone is convinced to perform a certain action. This can be done by asking someone with a false identity – for example a photo of an acquaintance – to transfer some money to a particular account.”
And we are all not sharp enough on that yet. “People make certain choices and they are not always correct. Sometimes we see, for example, that threatening emails are sent. We are sensitive to that.”
Yet the problem is just as often with the security of the large companies themselves. “If such an attacker breaks in and a company doesn’t have its security in order, someone can penetrate all systems. They then install something there, which encrypts the whole thing.”
“That ransom can be from 100,000 euros to millions.”
Once that’s done, you can predict what’s next: a ransom request. “That can go up from 100,000 euros to millions. Or I understand that companies sometimes pay? I can imagine that you really don’t want to lose certain data. And that you want to get back to work as soon as possible.” Yet he emphasizes – just like the High Tech Crime Team of the police earlier – that it is better not to talk about it.
But what does help? “You can take a lot of preventive measures. For example, have experts, who think the same as hackers, do a security investigation. And make sure that if someone breaks in, they don’t immediately have access to your entire system.”
“We are also learning from the hackers.”
Mathijs himself is busy building these partitions in company networks on a daily basis, in order to limit the damage caused by cyber attacks. Although, according to him, it is an illusion that you can exclude all risks. “You are never one hundred percent safe. Even companies that are proactive about this are not. We also learn from the hackers every day.”
Waiting for privacy settings…
ALSO READ: Dental organization paid ransom to end hacking attack