D : Stephen , your company suffered from a serious cyberattack in 2017 . Walk us through what happened and how you found out about it .
WE REALLY THOUGHT WE WERE ROCK SOLID , AND WE JUST HADN ’ T LOOKED AT WHERE OUR WEAKNESSES WERE . WE KNEW OUR STRENGTHS AND THOUGHT , WELL , WE ’ RE GOOD .
"
SB : They got into our system on a Tuesday and spent four days there moseying around , finding where would be the best place to hack . They finally found the weakest point in our system — a 12-year-old XP platform in the plate plasma machine — and they came in through that back door because it was open to the internet . Then they snooped around through the other areas of estimating and project management , and then they found the link in finance . They spent about a day and a half in there , and there were all sorts of pot shots against the firewall of accounting , and they couldn ’ t get into that . When they finally realized they weren ’ t getting any further , they blew up the rest of the system at 10:00 am on a Saturday morning .
CD : When you say something blew up , what happened ?
SB : The system started to show signs of failure . We couldn ’ t open emails ; we couldn ’ t access files properly . We had files from 41 years ago that were in the process of being transferred to our new system that we spent two years developing like drawings , specs , financials . We had all these documents from 1980 to 2018 that had just been put on the platform , and 60 % of them were gone . We thought gone permanently . In the end , we did have to go back and recreate certain drawings . There were projects that we lost all documentation , and some of them were important . The good news is they hit older projects . Stuff that was current , we didn ’ t lose anything that we couldn ’ t replace or quickly go back and recreate . But there were a couple big jobs that we were doing some claims on , and 90 % of our documents were gone . We don ’ t keep hard copies anymore . So , suddenly , we ’ re like , how do we go forward ? The backup , the backup is gone .
CD : You say you had to recreate something . Like drawings , or . . .?
SB : It was more like the standard operating systems , so like our ISO . There might be like 900 different documents in your ISO program ; we lost 700 . We had to go back and recreate them . We couldn ’ t send emails or turn on machines in the plant . It took us 40 – 72 hours to inspect the machines , get a new motherboard , stick that in the machine , and say , okay , can we power up these machines , can we power up the blast machine ? We lost about three and a half days total of FAB time , and then we got back online and got that going . We had to buy all new computers . We had to consider everything we used as being damaged . All our computers were gone .
CD : How did you recover the emails ? How were you able to communicate with everybody ?
SB : We phoned everybody and said , “ We ’ ve been hacked .” Back then , many still took their laptops home and did work remotely from home . Again , that would be a problem because the hackers could come in and ruin your home computer , so , we had to buy all new computers . We had a little , tiny $ 50,000 cyber clause in our insurance agreement , but it ’ s only for hardware , so all the time we spent recreating or with your support team recovering data , you can ’ t claim that . We got $ 17,000 from insurance for the whole thing , but to get that , you have to buy specific claims . You have to be careful , because in a general liability policy , there is a small portion that is for cyber , but it ’ s very small and it ’ s not easy to claim . If you want that , buy independently and it will cost you $ 10,000 –$ 20,000 a year . It cost us four-and-a-half to six months in actual time frame and over $ 220,000 to review all our systems .
CD : How were you notified of the amount that the hackers wanted you to pay out ?
STEELPLUS . COM • 9