News / As Expeditors limps back online, there are lessons to be learned

© Dragonimages

Expeditors International is limping back into operation after the cyber-attack that hit the logistics firm on 20 February.

Management anticipates a “material adverse impact” on its balance sheet and is struggling to complete the filing of its annual report.

The attack forced Expeditors to shut down most of its operations. It has reported progress in resuming normal operations, but declared itself unable to predict when it will get back at full speed.

The attack has also forced the company to delay the filing of its annual report, due to problems accessing information in its accounting systems.

Cyber security has been a nagging concern for companies for years, and the current geo-political situation has elevated this threat. The US Cybersecurity and Infrastructure Agency has issued a warning about more possible cyber-attacks.

“Russia’s unprovoked invasion of Ukraine, which has been accompanied by cyber-attacks on Ukrainian government and critical infrastructure organisations, may have consequences for our own nation’s critical infrastructure, a potential we’ve been warning about for months,” it announced on its website.

“While there are no specific or credible cyber threats to the US homeland at this time, we are mindful of the potential for Russia’s destabilising actions to impact organisations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our allies. Every organisation — large and small — must be prepared to respond to disruptive cyber activity,” it says.

W Curtis Preston, chief technical evangelist at data resilience provider Druva, noted that the “increased connectivity in the quest for visibility” had heightened the risk for companies involved in supply chains, adding: “Hopefully they adopt cyber security frameworks at the same time as they’re adopting new technology.”

By and large, these tools can be highly effective. Following best practices of cyber security would stop the vast majority of attacks, probably by as much as 95%, he added.

The threat itself has not changed in recent years – it is still either about theft of data or locking-out data to demand a ransom for release. What has changed is that hackers have increasingly begun to attack back-up systems, and they are getting more and more sophisticated at this, Mr Preston noted.

Essentially, these days back-up data are held on a disk located  behind a back-up server that probably runs on Windows – an easy target for cyber criminals, he warns. To protect themselves, companies either have to fortify the defences or use a service that takes data offsite.

Having a good back-up system does not guarantee a company can recover easily from an attack. When Colonial Pipeline was attacked by hackers last year, dealing a severe blow to petrol supply in the south-eastern US, the operator actually had a fairly new back-up system, but it could not recover fast enough, Mr Preston noted.

Another challenge is that a company may have good back-up, but not a good disaster recovery system, he added. His company offers a menu of cloud-based solutions on an SaaS basis that runs and secures the back-up process, whereby all data are encrypted before being sent, then again in the cloud and deduplicated to reduce the amount of storage needed.

Mr Preston believes the supply chain arena is not very well set up, in terms of disaster recovery.

“If you’re a financial trading firm, you’re probably really set, but if you’re in the supply chain, it’s quite possible that you’re using basic technology from 10 or 20 years ago and you’re not set up very well at all,” he said.