1-888-PIVOT-POINT | 1-888-748-6876
Talk with an Expert »
Select Page
GDPR & Privacy Shield - What They Mean for Your Business

I have written a couple of blog posts in recent months that touched on keys to avoiding ransomware and I stand by the recommendations that I’ve made regarding ISO 27001 scoping, security awareness training, and more.

ISO 22301 Roadmap ThumbnailBusiness Continuity Management ensures that your organizations critical business functions will continue to operate in spite of incident or disaster.

Download our ISO 22301 Implementation Roadmap now!

The ISO 22301 roadmap will help you understand what a Business Continuity Information Security Management System is and guide you, step by step, from preparation through certification.

That being said, the story that recently broke regarding global shipping company Maersk incurring $300 million in damages due to a NotPetya malware attack (so-called because it “masquerades” as the Petya cryptoworm) has me rethinking ransomware a bit:

Ransomware is a Denial of Service Attack

We need to better recognize that ransomware is intentionally or unintentionally a Denial of Service attack.  While in most cases it is a Denial of Service to a file or group of files, it can also be a Denial of Service to other types of computing assets, either directly or indirectly caused by lack of access to files.  Unfortunately, in Maersk’s case, those impacted assets had an enormously disruptive impact on operations.

Re-Assess the Cyber Liability of Your Supply Chain

We need to reconsider the indirect risk that ransomware poses to us via critical suppliers/partners.  Our Enterprise, Information Security, and Vendor Risk Assessments need to be revisited independently and in concert with each other to address this evolving threat agent.  Our Cyber Liability policies need to be reviewed to re-assess third-party coverage and incident response requirements. 

That stems from the fact that the Maersk attack “disrupted operations for two weeks,” and that for “up to two days, Maersk’s affected terminals couldn’t move cargo.”  How many downstream companies were also notably impacted by these delays?  How vulnerable is your company to an upstream (vendor) ransomware event of this nature?  Further, how much liability might you incur if an upstream event impacts your downstream (clients)?

Transparency Helps Us All

I applaud Maersk’s transparency and know firsthand it has positively impacted other companies in the logistics and supply chain vertical, as we have had several notable introductory calls with potential clients that explicitly referred to the Maersk situation as a driving force to their new information security initiatives.

If you too are looking for ways to mitigate the risk ransomware and other types of malicious software may directly (or indirectly) affect your organization, reach out!