November 05, 2019
Hullinger Shares Details of Alphabroder’s Cyber Attack
In a Power Summit session, the CEO explained how the promotional products industry’s largest supplier handled a recent ransomware breach.
When a company suffers a major cyberattack, the inclination might to be cover it up or withhold details to avoid the embarrassment of being a victim. Alphabroder (asi/34063) took a different tack. “I’m not happy being up here talking about it,” said CEO Norm Hullinger while on stage at The ASI Power Summit for a session on cybersecurity, “but we want to help others in this industry.”
In a blow-by-blow account, Hullinger laid out the details of the ransomware attack that hit the promotional products industry’s largest supplier on Oct. 14: from the initial curious reports that morning to contacting the forensic and negotiating experts to hand-wringing over whether to pay the ransom. The decision that alphabroder faced was difficult. The supplier’s IT team said it could rebuild its databases and get its order and shipping protocols back up in three to four days. “[But] when time is of the essence, and we’re taking 40,000 orders a day, every minute counts,” Hullinger said.
The hackers initially demanded $3.2 million. Negotiators brought that down to about half, and after Hullinger solicited advice from friends and experts and conversed with the supplier’s executive team, alphabroder decided to pay the ransom. “We aren’t saying we did the right thing or the smart thing,” Huillinger said. “We just did a thing, and we want people to learn from that.”
Norm Hullinger of alphabroder on their ransomware attack and paying the ransom: "We aren't saying we did the right thing. We just did a thing and we want people to learn from that." #ASIPowerSummit pic.twitter.com/1HdWDQcFRv
— C.J. Mittica (@CJ_Advantages) October 28, 2019
It’s not that alphabroder was unprepared, said Hullinger. The company did have a cybersecurity plan in place, and did carry insurance that mitigated some of the cost. But according to Hullinger, the supplier had a lot of pieces in place, but didn’t bring them together in a comprehensive fashion that would have better prepared the company for the attack. “We had a pretty good plan, and the advice we had was that it was pretty good, but in hindsight we could have been better,” he said.
Joining Hullinger on stage was Matt Soseman, cyber security architect at Microsoft. He cited four key things to be prepared for a cyberattack: having a plan of action, being secure with passwords and identity, patching often, and keeping a robust backup program.
The hackers who attacked alphabroder were in the company’s systems for five to seven days. That’s far less than the average of 200 days Soseman cited. “That’s like me coming to your house,” he said, “sleeping on your couch and eating from your refrigerator, and you would never know it.”
In fact, Soseman said there were companies in attendance at the Power Summit who have breaches right now. “It’s not a matter of if,” he said, “but when.”