Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Security Businesses The Almighty Buck IT

Shipping Company Maersk Says June Cyberattack Could Cost It Up To $300 Million (cnbc.com) 43

An anonymous reader shares an article: Container shipping company A.P. Moller Maersk on Tuesday said it expects that computer issues triggered by the NotPetya cyberattack will cost the company as much as $300 million in lost revenue. "In the last week of the [second] quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco," Maersk CEO Soren Skou said in a statement. "Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect that the cyber-attack will impact results negatively by USD 200-300m." Maersk Line was able to take bookings from existing customers two days after the attack, and things gradually got back to normal over the following week, the company said. It said it did not lose third-party data as a result of the attack.
This discussion has been archived. No new comments can be posted.

Shipping Company Maersk Says June Cyberattack Could Cost It Up To $300 Million

Comments Filter:
  • by CaptainDork ( 3678879 ) on Wednesday August 16, 2017 @03:08PM (#55028637)

    ... business.

    Pay now for system security, or pay later.

    • Will C level execs who skimped on IT/Infosec be paying the price?

      • by mfh ( 56 )

        Nah they have important vacations and yachts to enjoy on the golden parachute for all their hard work. :S

        • And they will fire the frontline IT people who requested a budget for preventing attacks like this.

          • I recommended infosec solutions my entire career and business did the risk analysis and said, "No."

            Shortly after I retired (not making this up), they got hit with ransomware.

            They had enough backup to recover.

            Day before yesterday, I was talking to one of the partners at the gym about shit and he mentioned that the firm bought "ransomware insurance."

            They need to fire the dickhead who still thinks there are nude photos out there of Anna Kournikova.

    • ummm... this statement is for their insurance claim, they pay those and roll the dice on actual security.

      • What the world needs now is sweet litigation.

      • ummm... this statement is for their insurance claim

        Which gives them an incentive to inflate the number. Their order taking was down for two days, but container shipping is often booked weeks in advance, so I doubt if this really cost them much. Their actual losses are likely closer to $0 than to $300M.

        • by Blue23 ( 197186 )

          My company deals with them, and what I've heard Nth-hand is that they couldn't unload or load ships in dock and that there was a lot of port costs associated with that as well. My guess would be not able to get the customs documentation and inventory and the like.

    • by gweihir ( 88907 )

      Management by bean-counting can get pretty expensive...

  • by Anonymous Coward
    They will stop at nothing!
  • In whether they had insurance for cyber attacks, and if they were covered.

    A chunk of $300 Million would buy a lot of IT talent, for the next time...

    • In the long run, insurance companies/rates will be the stick that forces companies to get this right.

      • by zlives ( 2009072 )

        for right now insurance is way cheaper than actual competent IT.

        • Because insurance companies are stupid? A few 0.3 billion dollar payouts will fix that. In fact, they are the _only_ thing that will fix it.

          • Do you think that they are just going to hand over the cheque without going through every bit of their business in order to find the tiniest excuse not to pay out? All it is going to take is for an insurance company to find a reason one time not to pay out on a claim and you are going to see a lot of companies start scrambling to see how secure they are. But there will always be a few that will have their head stuck in the sand no matter what and won't do a thing.

            • I know how insurance companies operate? The only thing they do on time and in total is collect premiums.

              But they do have a clue about assessing risk, not a big old clue when it comes to IT, but that will change.

          • by zlives ( 2009072 )

            oh no no, i said "claim" and when the insurance company (perhaps rightfully) doesn't pay because of negligence on insured's part... then it goes on the tax write off. so no harm done, except most employees got paid for 2 days to sit around.

            • Tax write offs reduce losses by the marginal tax rate. No harm done?

              Bet the parent company is incorporated in Monaco or someplace equally crooked.

  • True Price of (Score:2, Insightful)

    by Anonymous Coward

    WINDOWS AND MS OFFICE.

  • Just patch it. (Score:4, Informative)

    by ErikTheRed ( 162431 ) on Wednesday August 16, 2017 @03:42PM (#55029031) Homepage

    Maersk claimed that “updates and patches applied to both the Windows systems and antivirus were not an effective protection.” Garbage. The patches against this attack were released in mid-March and April. They got hit at the end of June. There's no good reason to delay patching endpoints for more than a week at most, Most problematic patches for mainstream operating systems are pulled within 24-48 hours, so even three days is fairly conservative now.

    • by martinX ( 672498 )

      Sometimes the prevention comes with a bit of pain...
      ---
      Queensland Health’s electronic medical records system hit by “very serious ransomware attack” [couriermail.com.au]
      Janelle Miles, Kara Vickery, Anthony Templeton, The Courier-Mail
      May 25, 2017 2:04pm
      Subscriber only
      Cameron Dick OP-ED: Technological advances from eHealth strategy
      MOVES to protect Queensland Health computer systems from an international cybersecurity attack are believed responsible for a failure within the state’s electronic medical record

      • by sdw ( 6809 )

        What idiot organization with 200-300M to lose in 2 days uses Windows for anything? With a couple percent of that, they could create parallel implementations in two alternate operating systems and networks to be far more immune to everything.

    • There's no good reason to delay patching endpoints for more than a week at most

      I see you've never worked in a multi-national company that had to support many business critical computer applications across many different configurations across the globe.

      Most problematic patches for mainstream operating systems are pulled within 24-48 hours

      All problematic patches are never tested against the majority of business critical software. This is why things get tested and why it takes time. It's also why we maintain a list of black listed patches, until either MS or the vendor affected resolves them.

      • If these applications are business critical, shouldn't they be set up in a way that keeps them from being harmed by malware?

        For example, my company often worked with data that didn't belong to us and was considered sensitive. We maintained a second network that never touched the public network, or computers that could connect to the public network. That was business critical.

        Is that possible?

        • For example, my company often worked with data that didn't belong to us and was considered sensitive. We maintained a second network that never touched the public network, or computers that could connect to the public network. That was business critical.

          Nothing in the article said all of Maersk got taken down. Maybe it was just the business critical part that handled external data.

          The only other thing I know about it is that Maersk was the cause of the infection at the Port of Rotterdam. Though the Port had pretty damn good business continuity and kept processing ships on pen and paper.

  • learns a hard lesson on cutting corners in IT....

    My guess is that the C level idiots will just toss a huge amount of money at some overpriced consulting firm like IBM to make themselves feel better, and not really fix anything.

  • Another data point for the case that containers are inherently insecure. And this is Maersk, an actual business that has been working with container technology since the 60's.
  • There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.
  • Be interesting to know why they were not up to date with their Windows OS or the patches? Companies sometimes lag behind because of legacy systems. It would also be interesting to know what the cost of upgrading these systems are? Less than $300MIL?

  • What do you wanna bet they pay their programmers like shit, ignore known security issues, and devote zero resources to cleaning up technical debt? If so, serves them right.

  • We want to know how badly Durex was affected.

The moon may be smaller than Earth, but it's further away.

Working...