#GartnerSEC: Maersk’s Adam Banks Reflects on NotPetya Response and Recovery

#GartnerSEC: Maersk’s Adam Banks Reflects on NotPetya Response and Recovery

Speaking in the opening keynote session of day two at the Gartner Security & Risk Management Summit 2019 in London, Adam Banks, chief technology and information officer at Maersk, reflected on the company’s response and recovery following the NotPetya attack in 2017.

Banks said that when Maersk was hit by NotPetya, the company was “not unusually weak,” and this is really important, because too often organizations feel immune to cyber-attacks because they do not consider themselves to have obvious security flaws.

However, Maersk was (and is) a company that is extremely data-centric. “Whilst we have a global flow of cargo, we equally have a global flow of information,” but because of the import/export work Maersk does, it cannot “lock up” data or create a centralized data pool and “put every form of defense around it.” The value of the data is in its distribution.

When NotPetya first hit, Maersk was unable to determine exactly what was occurring, Banks explained. It took several hours to establish the cause of the attack, and the wide-spread impact. IT services, end-user devices and applications/servers were dramatically affected. As many as 49,000 laptops were destroyed and 1200 applications were inaccessible.

“I didn’t go home for 70 days,” Banks said, as he worked tirelessly with the rest of the business to respond and recover.

“The first thing we did was to make some fairly big decisions about how to manage this. Mearsk is an asset-centric business with a ..