Blog: Dean BestCyber attack - another wake-up call for business

Dean Best | 28 June 2017

A month after an international cyber attack hit entities including the UK's National Health Service and Spanish telecoms giant Telefonica, another has caused havoc around the world, affecting businesses including shipping group Maersk and, in our industry, Mondelez International.

Production at Mondelez's plant on the Australian island of Tasmania was halted yesterday (27 June) after the site's computer system went down, hit by a ransomware attack that has rolled out across the globe, taking companies in Europe and the US.

Mondelez has issued a short statement on its international, corporate website, confirming the Cadbury owner "was one of a number of large, global companies and private organizations impacted by the global cyber hack of June 27".

The company added: "As part of our global business continuity plans, we are working with outside specialists, including our IT partners and global cyber security agencies and experts to return to normalised operations as soon as possible.

"For our business customers, we remain committed to deliver our products and are working to minimise the impact to short-term deliveries. For our consumers, we do not expect any impact outside of more limited communication with the company at this time.

"We will continue to post updates to our corporate website and social media channels until this situation has been fully resolved."

Today, just-food has contacted Mondelez's Australian business, as well as an external spokesperson in the US to which the company's head office has directed questions, for an update on the situation but, at the time of writing, we have received no response.

Europol, the organisation that helps EU member states fight international crime, has said today the cyber attack is ongoing.

Throughout today, various media outlets have reported the malware originated in Ukraine, with some experts pointing to corrupted updates on a piece of accounting software.

However, whatever the origin, what the latest incident - which sees files encrypted and those affected receiving a demand for payment to open them - and last month's similar episode brings to mind is the need for businesses worldwide to have cyber attack near their top of their lists when drawing up the macro risks that could affect their operations.

In January last year, we reported on the World Economic Forum's Global Risks Report 2016, which suggested the threat of cyber attack was rising up the agenda.

However, experts still believed then there was a significant disparity in how the threat of cyber attack was rated among business leaders, with fears the risk was being under-estimated.

In the WEF's 2017 Global Risks Report, issued this January, the authors reflected on how the Fourth Industrial Revolution is bringing "huge opportunities for innovation, but also complex risks" - including that of cyber attack.

"In theory, greater connectivity brings intrinsic resilience: electricity networks with more supply points, for example, should be less prone to failure. However, as different infrastructure networks become more interdependent, there is also growing scope for systemic failures to cascade across networks and affect society in multiple ways," the report read.

"Systemic risks can come from many directions – whether these are cyberattacks or software glitches, solar storms or even just unexpectedly widespread and persistent clouds – and the increased complexity bring brought about by the 4IR makes the severity of those risks very difficult to estimate."

Nevertheless, a new report from Deloitte, published just two weeks ago, suggests over three-quarters of consumer goods executives "feel adequately prepared for cyber incidents". However, the report said more than 80% "have not documented and tested cyber response plans involving business stakeholders within the past 12 months".

Deloitte said: "Over three-quarters of the executives interviewed report being highly confident of their ability to respond to a cyber incident, yet they simultaneously cite many issues that critically impair their ability to effectively respond to cyber incidents that could be addressed by more involvement from C-level and board executives. This paradox suggests many companies operate with a false sense of security."

It added: "Many businesses are leveraging innovative technologies to help enhance the customer experience, build loyalty, and, perhaps most importantly, remain competitive in a digital world. However, companies should consider balancing their expanding digital footprints with a growing focus on cyber risk. Emerging technologies are often attractive avenues of opportunity for cyber criminals looking to expose weaknesses in an organisation’s digital ecosystem."

The attacks of the last month or so have brought to life the words set out in the reports of the WEF and Deloitte.


UK regulator shines light on Amazon's Deliveroo investment

Amazon's move to invest in UK food-delivery business Deliveroo caught the eye when it was announced in May – but it’s also attracted the attention of the country’s competition regulator....


Amazon tries again in UK food delivery

Perhaps today's most eye-catching corporate food story here in the UK is Amazon's decision to invest in food-delivery business Deliveroo....

Forgot your password?