3 Pemimpin Dr, #06-04 (07), Singapore 576147
+65 8839 6772

The Maersk Breach – Cyber Resilience and Human Resilience

The Maersk Breach – Cyber Resilience and Human Resilience


On 27 June 2017, shipping and logistics giant Maersk was hit by NotPetya ransomware. NotPetya is a malware originally developed as a disk-wiping cyber weapon by Russian military. The malware’s target was businesses in Ukraine – but it quickly got out of hand and was spreading throughout networks around the world, with almost 50,000 infected endpoints and affecting thousands of applications and servers across 600 sites in 130 countries.

Maersk, headquartered in Denmark with hundreds of sites in countries across the globe, was amongst the badly hit in crossfire of NotPetya. The world’s biggest carrier of seaborne freight, each of Maersk’s massive ships carries up to 20,000 containers and transports about 15 per cent of global trade.

A significant player in sea trade, Maersk has to juggle both recovering, rebuilding affected networks and manage its existing operations. Without info-technology and computer systems, this “serious business interruption” could only be resolved by tedious manual processes that took days. Maersk bounced back quickly enough but not without first incurring huge financial losses estimated at $300 million.

Security Lapses

NotPetya was able to infiltrate Maersk systems when an employee in Ukraine responded to an email featuring the NotPetya malware and had asked IT administrators to install the accounting software M.E.Doc on a computer.


In the aftermath of the cyberattack, Maersk further enhanced cyber resilience by implementing immediate and long-term digital initiatives and strengthening the IT infrastructure platform with enhanced IT service continuity and recovery. In addition, the firm also purchased cyber insurance to mitigate the potentially negative financial impact of successful cyber-attacks in the future.

Learning Points

  1. Collateral damage is always a possibility

    The Maersk breach serves as a wakeup call that not all cyberattacks are targeted and that organisations can sometimes find themselves as unintended victims of cyberattacks. As such, cyber defence shouldn’t be approached with the mindset that breaches will always be intentional and targeted, but instead with the intention of providing well rounded protection from both targeted and non-targeted attacks.

  2. Consistent updates and monitoring for new threats

    Cyberattacks are evolving day by day. Response and recovery plans have to be tested and updated frequently in order to include new mitigation actions of new possible cyber threats. Consistent updating of processes and software is also one important way to protect networks and critical systems from new threats.

  3. Protection of important and critical accounts

    Preventive measures to protect against cyber breaches are important, however recovery measures should not be neglected as well. Both have to be in place and must be tailored to your organisational needs and critical accounts.

    To best implement both protective and recovery measures, it is crucial to really understand the core business processes and have an in-depth knowledge about the systems and applications which run in the organisation. Only with that knowledge are cyber scientists able to thoroughly understand how to protect, secure critical accounts and to recover info and data systems in worse case scenarios.

    In addition, to ensure that the organisation is still able to operate even though critical services are down, a data recovery plan tailored for your organisation must be in place.

  4. Cyber resilience and human resilience

    In the unfortunate event that the cyber attackers are able to get pass all the defences, building cyber and human resilience is key. This ensures that the organisation and all its employees are prepared to respond swiftly and recover quickly from the attack.

    Cyberattacks cut across levels and departments and employees at all levels (low- medium – top) have to be well trained to be aware of possible cyber threats (e.g. safety precautions before downloading software off the net) and response plans to deal with cyber breaches and mitigate damage.

    In addition, cyber awareness programs should be as comprehensive as possible and made available to staff at all levels to develop human resilience. This is so that employees will become aware of even more issues than they are exposed to beyond department and levels and well equipped to deal with any potential cyber breach.

    Being proactive is a must; an investment in organisation’s protection and employees’ awareness will prove to be more affordable than the subsequent financial losses due to a cyberattack.

Enjoyed this article? Curious to find out how you can better protect your organisation, data systems and critical accounts in the event of a cyberattack? Contact us now for an in-depth consultation to obtain cyber security measures best tailored for your needs. CyberForSec TM team will work with your employees, train them in cyber security awareness and guide them in adopting the appropriate cyber security skills in their work processes.