Preparing for the worst
Organisations should work on the assumption that it won't be possible to prevent every future attack, so they should ensure they have comprehensive recovery plans. That's the advice of Lewis Woodcock, the head of cybersecurity compliance at Maersk, the global shipping company that suffered devastating damage as a result of the 2017 NotPetya attack. As ZDNet reports, he was speaking at the CyberUK conference, where he also pointed out that Maersk wasn't even the target of the attack, but still suffered 50,000 infected devices across 600 sites in 130 countries. The episode is estimated to have cost the company some $300 million, and it took 10 days to rebuild its IT infrastructure. Woodcock said protection is critical, but it's also essential to have a data recovery plan which requires a comprehensive understanding of the organisation's key business processes.