Hit enter to search or ESC to close
21 June 2019
A cyber-attack was the last thing Auckland business owner Steve Osborn was expecting when he fired up his computer one morning last year.
Even when confronted with the unfamiliar and unremovable new ‘home’ screen on his monitor, he wasn’t entirely sure that what he was looking at was real or a hoax.
“I’m pretty interested in technology and computers anyway, and I had heard that there were a lot of hoax viruses around, so I decided to play it safe and call my IT guy,” he says.
Steve’s outsourced IT contact gave him the verdict he was dreading. The cyber-attack was real; demanding Steve’s successful sign writing company pay a bitcoin ransom the equivalent of around NZ$9,500.
“Attacks like these are random in nature. Unfortunately, on this occasion we were that target and there was no getting around it,” Steve continues.
“My IT manager essentially said I had two options; work it out or throw it out. There’s no way I was going to pay the ransom – I have heard of other scenarios where a payment is just the beginning of the demands and data is released back to the targeted company only in bits and pieces and even then, there will be a lot that is just gone forever. So, I decided we needed to get rid of our hardware and start again.”
Steve says that, rather than the actual cost of replacing the company’s computers, it was the interruption to business that was the hardest part of the experience to deal with.
“You don’t realise until you essentially have to throw everything out and start again, just how long it takes to get back up to speed,” he says.
“Just in the normal day-to-day operation you’re busy, you’re meeting deadlines, you’re speaking with clients about new work. But then take all that normal business activity and then also start all your processes all over again; it’s pretty stressful.
“We had projects that were underway that we simply had to bin and start from scratch. Even something as small as a desktop shortcut that just used to sit there becomes a headache when you can’t go and click on it in a hurry.”
Steve says his company took two-to-three months to really get back on its feet following the cyber-attack.
He also had to go through the process of contacting client companies with signage work in train and advising them of the situation, reassuring them that none of their data was affected by the breach.
And while he knows what the incident cost him in terms of new computers and systems, he says the lost time and opportunities while the company recovered are inestimable.
“You can’t put a number on the time it takes to get things back to normal. You can’t bill for all the rework you have to do because you’ve lost files. It’s those sorts of costs which are the hardest part to stomach.”
Steve, who has been working in and around signwriting since he was a kid, purchased the business 10 years ago. The trajectory has been steadily upwards since then; today he has several vans and staff on the road and counts a number of corporate entities as clients. Outfitting vehicle fleets with signage is a specialty.
Of the cyber-attack itself, Steve says he is certain of two things: make sure you have cyber insurance in the first place and accept it has happened and move on as quickly as you can.
“Attacks like this really are down to chance, but there are more of them happening these days. After this experience we are careful with our back-ups and even about how we store information; how we manage our file systems.”
“It’s good that companies such as Crombie Lockwood have an extra focus on cybercrime. “There are no guarantees in business – certainly not when it comes to cybercrime – but if you work smarter and do as much as you can to safeguard your systems, then that’s all you can really do.”
“We like to think we run a good business and work with some amazing clients. We’ve established a name for ourselves and we’ve continued to move forward after that event. You just have to.” he says.