“Customers usually come to us after they have been hacked and it becomes clear that there is no solution via their cyber insurance,” Geert Baudewijns begins. “In an ideal scenario, a company has recent backups and can avoid paying a ransom. But our experience shows that 7 out of 10 victims end up paying for the keys to become operational again. Many feel they have no choice but to negotiate and make a payment in order to quickly resume their activities in full.”
Geert and his teams have led more than 450 negotiations. “Over the years, we have built up a lot of experience. This enables us to quickly assess the seriousness of the case and provide the affected organisation an indication of their options. For most customers, this is already reassuring. A cyber incident can always be solved, but the big question remains what the appropriate solution is…”
Paying cyber criminals remains controversial
Secutec is a Belgian company with 100 employees spread across offices in Europe, Canada and Australia. “As a negotiator for clients worldwide, we establish contact with the hackers and we investigate: what do they expect? Is it realistic? And then we negotiate how a deal can be reached. If we can close the case – usually with a payment – then we facilitate that, too. We trace the payment and follow up the release of the affected systems or data.”
Paying cyber criminals remains controversial, and many people find it unethical. “But if the customer is up against the wall, they have no choice but to negotiate. Of course, we proceed with caution: we check, double-check, triple-check… because there are also ‘fixers’ who have nothing to do with the incident but who follow the communication of hackers on the darknet and then approach victims themselves,” Geert knows. “That is precisely why you need negotiators who know their way around, who can quickly determine whether you are talking to the right person. Negotiating with hackers is a profession in itself.”
Full control is virtually impossible
Protecting IT systems from intrusion is more and more difficult, especially as networks become increasingly complex. “It is virtually impossible to fully control your network today. As soon as there is a vulnerability in the firewall, hackers start to exploit it. They have a kind of ‘bible' with IP addresses and technologies used, which allows them to strike quickly. Their goal is to obtain admin data that they can use at a later time. Once they have that data, they can penetrate the network weeks or months later. We therefore recommend that you always have an up-to-date XDR solution within your network, so that inappropriate activities can be detected immediately.”
One of the challenges Geert experiences is that business leaders often have limited knowledge of IT and cyber security. “That is why the Cyber Security Coalition is a valuable ecosystem. The more cyber security is discussed at a high level, the more it reaches the CEO and stays on the company’s radar. It is also crucial that we exchange experiences and work together, even with competitors. In cyber security you are never the best, you can never win the battle alone. Thanks to the Coalition, we can talk to each other in confidence,” concludes Geert Baudewijns.