GTD apologizes for handling the crisis due to cyberattack

Last October 23, 2023 was a before and after for GTDafter being the victim of a cyber attack on its IaaS (infrastructure as a service) platforms caused by a ransomware-type malware that affected 3% of all the company’s services – in which, according to the firm, some 350 clients were affected -, from the latter, criticisms were made of the management of that crisis and the handling of the delivery of information.

That fact opened a judicial avenue for GTD. Last March, the Ionix firm – a fintech founded by Nicolás Luksic in 2009 – filed a lawsuit against him for termination of contract with compensation for damages, arguing that after the cyber attack “inexplicably” the telecommunications company did not give him notice of what happened. , Between other reasons.

The CEO of GTD, Fernando Gana, addressed the episode at the seminar “Cyberattacks: Resilience in the digital age”, held by the company, concluding that one of the three key learnings is the importance of communicating with integrity and transparency.

In relation to criticism of the management of the problem by clients, Gana pointed out that “in any crisis – not just cybersecurity – communication is a big issue, being prepared for it.” At this point, he added that “What is relevant is that the expectations of those in charge are not always met and, in our case, forgiveness to those of us who do not meet them.””.

Likewise, the executive highlighted that “at GTD we act consistently with our values, of being agile, close and reliable every day, and that is part of our challenge, but we had very little information and we questioned ourselves: how do we communicate to our clients? What do we communicate? We hope there is more information? Who do we notify first? ”He said, remembering that in this incident they faced 350 different realities.

In that sense, he assured that during the month of data recovery “all of our managers, executives and also directors were in contact with our clients to be able to report what was happening.” To this he added: “we know that in many cases more frequency was expected in this communication, but our technicians were working 7/24 and we only asked them for information at the pre-established control points, in the protocols.”

The learnings

Among the learnings, Gana highlighted the collaborative work with his users, and stated that he had spoken with each of his clients to understand their architecture, noting that communicating with them “was not trivial.”

“The relevance of knowing the information and architecture of each of our clients was very important when determining the relevance, the order of recovery (of data) and the way to face that challenge. lRecovery is effective the more information we have and the faster we have it, the better the recovery time is,” Gana said.

He added the importance of maintaining a resilient culture in the world of cybersecurity, in addition to communicating with integrity and transparency and collaborative work during data recovery – a process that cost US$ 4.3 million.