- A whole army of “recovery” companies will have descended on Expeditors as it battled to recover from a targeted cyber attack.
- The company said that, on discovering the “incident”, it shut down most of its global operating systems.
- It is unclear how far along the process Expeditors is, and the impact on its business.
A whole army of “recovery” companies will have descended on Expeditors as it battled to recover from a targeted cyber attack on Sunday, says an article published on loadstar website.
Battles to recover systems
Expeditors, which has endeavoured to keep the market updated, said yesterday its network was operating, using its global business continuity plan.
“Our employees continue to leverage back-up procedures and alternative solutions to support our customers and stakeholders,” it said.
“Cybersecurity and information technology experts and partners are focused on remediation efforts across our systems. We appreciate everyone’s support and collaboration. Additional updates will follow as the situation evolves.”
The company said that, on discovering the “incident”, it shut down most of its global operating systems, but added that this “significant event” could have a “material adverse impact on our business, revenues, results of operations and reputation”.
While Expeditors did not confirm what type of attack it had suffered, an anonymous tip to BleepingComputer suggested it was a “massive ransomware incident”.
One senior executive, whose company suffered a major cyber-attack in the past, explained to The Loadstar what it was like to “go dark”.
“It took us a about a week to get over the shock. It was very hard to know who was where, and we needed boots on the ground.”
Recovery from cyber attack
After the initial shock, and trying to connect with employees and customers globally, the next surprise was the arrival of an industry of specialists, he added.
“Authorities, insurance companies and consultants get involved very early. It’s an interesting process. There is a whole industry that does this as a specialty. The field of cyber attack recovery is amazing.
“Restoration takes weeks, if not months. There are no shortcuts, no easy fixes, things come up at a different pace.”
The global element of logistics makes it harder, he says. “You want to know what might have been lost, and what the different rules in different countries are.
“Things had to be done manually, and people had forgotten how. You are prepared for business continuity, with things like typhoons, or earthquakes. You have a way of coping, and coordinating across the globe.”
A cyber attack affecting only your own platform is a different beast, he said, and communication is critical, yet difficult to achieve.
“We are now more aware of how to deal with the challenges. We have created a series of deployments internally, and a cyber security department. When you are rebuilding, you need a protective environment that is more secure than ring-fencing 30-year-old processes. Everything we’ve purchased is now under the scrutiny of security.
“It was pretty interesting. But we don’t want it to happen again.”
Impact on its business
It is unclear how far along the process Expeditors is, and the impact on its business. While it has issued updates to the market, some customers remain concerned.
The company said: “Since it is extremely early in the process, we cannot provide any specific projections on when we might be operational, but we will provide regular updates when we are able to do so confidently.”
It added that it was “incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future”.
Luckily, it had $1.7bn in cash and cash equivalents on 31 December; news of the attack came as Expeditors published its full-year results.
Revenues rose 72%, to $16.5bn, of which $6.7bn came from air freight, $5.5bn from ocean and $4.2bn from customer brokerage and other services. Operating income went up 103%, to $1.9bn, with net earnings at $1.4bn.
Noting the “severe imbalance between capacity and demand”, like other forwarders, it has opted for air charters and said it was working with carriers across sectors to secure capacity.
“Despite the lack of space, we experienced record-high air tonnage in the fourth quarter, as we used more air charters than at any other time in our company’s history, even with extremely elevated rates,” said Jeffrey Musser, president and CEO.
“Ocean container volumes, by contrast, declined during the quarter as we were somewhat limited in our ability to secure necessary capacity from ocean carriers, and hampered by the time and resources required to process shipments and meet sharply growing customer demand.”
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!