Rebuilding after NotPetya: How Maersk moved forward

In the wake of NotPetya attacks, Maersk’s IT and security teams embraced transparency, greater collaboration with business, and a risk-based approach.

Maersk container ship / shipping containers / abstract data
Jorgen Norgaard / WhatAWin / Getty Images

Few cyber incidents are as well-known as the NotPetya attack in 2017. The attack crippled a number of companies, none more publicly than shipping giant Maersk, which temporarily lost its entire global operations.

Speaking at the 2019 Gartner Risk Summit in London, Adam Banks, Maersk’s chief technology and information officer, and Maersk's CISO, Andy Powell, gave an account of the day NotPetya struck the company. They detailed how they responded to and recovered from the incident, and what the company learned.

How NotPetya affected Maersk

Maersk, a major global shipping and logistics company has 76 ports, around 900 ships, approximately 4 million containers, and around 1,000 warehouses. A large vessel carries 22,000 containers, each equivalent to an articulated lorry. “This is a data-centric business,” said Banks. “If you think about the way data is used in this sort of business, unlike financial services, you can lock it up, you can't create a centralized data pool and put every form of defence around it.”

“This industry did a fantastic job in the 60s and 70s of standardizing containers. In my opinion, that made one major mistake: Every single one of those containers looks the same,” said Banks. “There is no way of telling what's inside each box. It's been sealed by customs, so someone's got to work out which ship it goes on and what's in it, and all of that is done with data.” Each container, he added, requires roughly 300 pages of information for customs and support and import/export documentation.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.