It is very rare that we hear exact numbers from companies who were victims of a cyberattack. Although Ponemon Institute publishes a research report annually on this topic that gives an insight from a global perspective, the data is aggregated so it doesn’t provide details of individual cases. That is why the quarterly report of A.P. Moller – Maersk is an extraordinary read for security professionals. Just to recap, A.P. Moller – Maersk was one of the major high-profile victims of the NotPetya malware at the end of June 2017. According to a Splash247.com report the time,
“in the two days since the Maersk Group was hit by the Petya ransomware attack, operations at many of its sites across the globe have returned to manual.”
As the company’s press release states:
“in the last week of the quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco. Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect the cyber-attack will impact results negatively by USD 200-300m.”
That is approximately 1% of the global yearly revenue of the Danish shipping behemoth.
As it turns out from the Ponemon research, US organizations have the highest average cost of cybercrime ($17.36 million), and Australia has the lowest ($4.30 million). In the Maersk case, the numbers are 10 times higher. Since Maersk is number 558 on Forbes Global 2000 list, we can be sure that there are many more companies who had, have or will suffer the same amount or even higher losses due to cybercriminals, not to mention the thousands of smaller companies who may have suffered losses in line with the Ponemon average. Therefore, we can conclude that cyberattacks are even more costly than stated in the report.
There are various solutions to avoid these losses. First of all, cybersecurity should be a priority for all companies. There aren’t verticals or companies whose daily operations that do not rely on IT, but there are verticals and companies who don’t care with IT security as they are unregulated or they simply follow the “nothing has happened yet” principle. We have to warn them that a whole industry’s operations can be upended by cyberattacks like the shipping industry experience in the summer of 2017. Besides the Maersk case, HMS Queen Elizabeth is running outdated Windows XP and theoretically exposed to exploits, and based on a BBC report some crucial nautical communication systems, such as Ecdis and VSat also have vulnerabilities. Moreover, when two modern, highly equipped US Navy ships collide with other vessels in the span of three months (4 cases in total this year), a cyberattack is one of the first things that occurs to experts. We don’t know who will be the next victim, but don’t be surprised if a new industry joins the list of compromised victims.
Amongst others, Ponemon highlights some key factors from the technical perspective of successful companies that are also essential to reduce the cost of cybercrime (excerpt):
In Maersk’s case, NotPetya was the main source of financial loss. Our friends at Scademy have published an extensive list how NotPetya could have been eliminated. One of their pieces of advice is to “restrict the local administration access to privileged users; avoid giving each of your users’ local admin access to all machines unless necessary to protect against the PsExec vector”.
We at Balabit are working on products that can successfully reduce the financial losses due to cyber incidents and truly support those the efforts mentioned above, especially the privileged user problem. Balabit Privileged Access Management (PAM) is primarily designed for the support of rapid incident investigation to reduce the detection and recovery time. Here you can find how to accelerate your incident response with privileged access management. Balabit Privileged Session Management is an efficient module of our PAM solution to reduce third-party risks. Here you can find some tips for managing third party system administrators. Together with Balabit Privileged Account Analytics module which is specialized for analyzing privileged user behavior, it also gives a good option to combat with insider threats as it is described in our essential guide to privileged user monitoring. Moreover, Balabit Log Management product line can help you to build an efficient log management infrastructure as you can read in our log management essentials report.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
When a child goes near something hot, a parent will ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser