Hoppenbrouwers Techniek sees cyber-attack as a challenge

The cyber attack was discovered when an employee called the helpdesk on 2 July around 6.30 pm. He could no longer access his laptop. It soon became clear that the helpdesk itself was also having problems. "Then the conclusion was: we were probably hacked," says Henny de Haas. Hoppenbrouwers Techniek had fallen victim to a global cyber-attack. "The malware got in via an update to our Kaseya software, which allows us to manage endpoints and systems remotely. Everyone using this software who had installed the update was affected."

Finding a window

All this while De Haas thought he had armed himself well against cyber attacks. "We had been insured against damage by hackers for about 4 years. Our security was certified, we use 2-factor authentication when logging in and our computers are closely monitored. When joining the company employees have to take an exam on all the rules around Wi-Fi, passwords and so on. So, awareness among employees is quite high. But those hackers only need to find a window somewhere and they are in."

Everything could be infected

After the notification on Friday evening, the IT department contacted a specialised security company. "They started taking stock and making a plan of action for the coming weekend," he said. Once De Haas himself was alerted, he quickly understood that it was not just about the servers. "From the laptops to the security of the buildings, everything could be infected. In addition to the IT department, a lot of other employees have IT knowledge, so we created teams that all took care of part of the systems. Anyone who thought they could contribute something was invited to think along."

Webinars for staff

On Saturday, in every Hoppenbrouwers branch, a team of employees was busy checking computers, reviewing construction and installation projects, calling mechanics. "By Saturday afternoon, we had solved 80 % of the problems. Saturday evening, we were able to restore a backup and the server was slowly but surely cleaned up. By Sunday evening I was able to log in again and on Monday we were able to get back to work." In between, staff and the outside world were kept informed. "With the help of the communications department, I presented 2 webinars, explaining to our staff all the steps we were taking. On a dedicated website, staff could read constant updates. And I also spoke to 5 radio stations and some TV stations."

Demand for ransom

After the weekend, work resumed. "We called some more customers because some invoices had disappeared from our system, but apart from that, the damage was not very bad. The IT department and security specialists did spend over a week checking and cleaning up the last things." And then, of course, there was the ransom demand. "This was a global attack on more than a thousand businesses and the hackers demanded seventy million in ransom. Should we have gone around with a collection bag? We did not respond and did not pay. We were busy enough plugging the holes."

Practising emergency plans

Looking back, De Haas is surprised at how his business took action so quickly. "We had no plan beforehand what we would do in such a case. But neither could I have imagined beforehand that we would develop an effective approach so quickly during that weekend. In retrospect, I think we should have had an emergency plan and tested it. Nobody does that, but actually that is crazy. You do fire drills too, don't you?"

Cohesion within the business

When asked what De Haas learned from this, a surprising answer comes: "It may sound crazy, but I would not have wanted to miss it. You do not wish this on anyone, but I learned a lot from it. In our business, we work in self-managing teams and responsibility is low down in the organisation, so employees are used to thinking along with te business. By bringing all those people together in a crisis, you organise so much brainpower, then the solution comes naturally. I found the unity that emerged in the business very moving." In addition, awareness has become even sharper than before. "Because the chances of us getting hacked again are as high as anyone else. Of course, we monitor the systems even more closely, we have software that signals strange activity on the network and we have our own cyber specialists. But when hackers really start looking, they will always find a weak point. Only, like with burglars, the company with the best lock might get past by."

Cyber attack as a challenge

In any case, the setback has not made De Haas throw in the towel. The business has an ambitious vision for 2030 that is being implemented as planned, says De Haas. "We expect to triple our turnover and double the number of branches so that we have real national coverage. By then, we will have 5,000 employees, be 100 % carbon-neutral and circular, and aim for an excellent customer experience. I see this cyber-attack as a challenge and I feel empowered by it."

There a no English subtitles availble for this video. For automatic generated subititles, go to the settings wheel. Choose 'ondertiteling' and then 'automatisch vertalen'.