Almost six months ago. On December 14, 2021, Time revealed that DBS Group had fallen victim to hackers. The Lausanne-based company, which owns twelve real estate brands in Switzerland, including Domicim, Brolliet and Duc-Sarrasin, has 615 MB of data stolen, divided between 485 files. DBS Group, which has about 700 employees, refused to pay a ransom to the hackers. Christophe Hubschmid, director of the group, looks back at this crisis as part of the Forward forum, organized on Thursday by EPFL, SME at Time.
Le Temps: A few months after this attack, what traces remain within your company?
Christopher Hubschmid: Of course, we will not appear unscathed from such a situation. But I’m so happy with the way we handled it. Now, all of our systems are back to normal, we’ve re-installed our data, and our IT has been upgraded faster than we expected before the attack. We have greatly accelerated our transition to the cloud, all of our software now runs this way.
We often hear that these cyberattacks are psychologically scar employees. What happened to you?
There was the shock of the attack, of the sudden disconnection of our systems, of having to work differently … A shock that was even more so because the coronavirus crisis was still there at that time. Our IT specialists, on the other hand, worked 24 hours a day for the first few days, with the immediate support of external specialists. They did not take a vacation until four to five months after the attack. We want to inform our employees immediately in the most transparent way, regularly, through sessions and question-and-answer sheets.
How much data was stolen?
Honestly, it’s minimal. We estimate that less than 0.3 per thousand of our data has been stolen and published on the darknet. It is not sensitive data, and in addition, some information is unreadable without our software. It was the management controller’s computer station that was first attacked, and the attack was very quickly circumscribed. One of our employees clicked on a link contained in an e-mail sent by an external partner. It was very well done, and our antivirus did not give an alert. This partner’s mail server is infected and controlled remotely by hackers.
Not very sensitive data, you say, but shouldn’t some of your customers appreciate that you’ve been hacked?
Think again. We struggled to write to our customers, through several thousand letters, to explain to them what had happened. Only three customers wrote to us asking if their bank details had been leaked, which it wasn’t. With our large institutional clients, we have built closer, more documented interactions, and everyone is very understanding and satisfied with our experience sharing. Because what happened to us can also happen to them, of course.
Why didn’t you pay a ransom to try to prevent any online data leakage?
This is not included, as payment clearly does not guarantee us that this data will not be published and does not guarantee that we will be protected against piracy. Moreover, these data are limited and insensitive. We have a backup copy of all our information. Finally, we still need to reinstall all of our IT to make sure it doesn’t leave any doors open to hackers. Payment is therefore never an option, nor do we ever want to know how much hackers want to charge us. No contact with them.
Have you significantly increased your IT and cybersecurity spending?
Yes. The budget is already very high, even higher. There’s the hardware, the software, the accelerated transition to the cloud. And there’s staff training, which doesn’t stop. We already had continuous training in place within the group, we strengthened them, one click can allow an attack to take place … The problem is you have to find the right mix: due to the end of t for some time, and it is human and normal, avoidance speeches are no longer heard. So it is necessary to find new ways of training employees. We’ve also implemented double authentication systems for access, and of course this somewhat complicates everyone’s work, and needs to be explained.
Do you get insurance against cyberattacks?
Yes, and he answered some of the costs. I will not give an exact number. I can only say that the insurance premium is high, but the deductible is reasonable. And therefore, insurance paid part of the hundreds of thousands of francs it cost us in this attack in terms of restoring our computer systems.
What advice would you give to other companies in the face of these cyberattacks?
Make regular backups of your data in secure and offline places, constantly train your staff, then communicate clearly and quickly with your collaborators, your customers, your suppliers. .And the story isn’t over yet, I’m leaving thinking we’re going to attack again. But we will be stronger to face it.