Exploring Cybersecurity Insights for 2025: Learnings from Maersk’s Former CISO
.
This article analyzes key insights and lessons from his perspective, providing indispensable advice for future-proofing our cybersecurity strategies.
Article:
A Watershed Moment Aboard The SS Maersk: NotPetya Strikes
In June of 2017, a ransomware attack known as NotPetya shocked the world by crippling one of its most significant targets: AP Moller Maersk.
The shipping giant was brought to an operational standstill as the rapidly spreading malware infiltrated its systems, resulting in a staggering $300 million in damages .
An unseen nemesis had swiftly struck at its heart.
More than just a cautionary tale on the threats posed by cybercrime, Maersk’s recovery marked a turning point for the cybersecurity industry, according to the company’s former Chief Information Security Officer (CISO) Adam Banks.
Facing A New Reality: Recognizing System Efficiency Vs.
Cyber Resilience
As Banks pointed out, many companies have long prioritized system efficiency over security.
This mindset poses a critical vulnerability in our digital era, where ransomware attacks like NotPetya can exploit system weaknesses to devastating effect.
“For a time, we lost sight of the need for resilience.
We allowed efficiency to become everything,” Banks said. “NotPetya was a wake-up call reminding us that when you digitalize, you also expose yourself to new risks.”
A Lesson Learnt: Building Robust Foundations
The painstaking process of recovery forced Maersk to reevaluate its cybersecurity framework.
Banks stressed the need for robust foundations built upon regular reviews of system vulnerabilities, robust AMI backups, and proper network segregations.
He emphasized that foundational cybersecurity practices still contribute significantly to a resilient defense by preventing lateral movement within systems necessary for malware like NotPetya to inflict maximum damage.
Moving Forward: Cybersecurity in 2025
Banks foresees cybersecurity in 2025 being defined by well-established foundations and the strategic implementation of emerging technologies.
He underlines the importance of a balanced defensive strategy, combining robust essential practices with agile technologies like AI and machine learning.
“Our job as security professionals is to manage risk, not eliminate it.
And in doing so, we must ensure foundational security doesn’t get left behind in the shadow of the bright, shiny new technologies,” Banks concluded.
Follow-Up Reading:
1. “Maersk forced to reinstall 4000 servers, 45000 PCs due to NotPetya attack” – ZDNet
2. “The lessons from the 2017 cyber-attacks on Maersk and the NHS” – HPE
3. “How NotPetya, a single piece of code, crashed the world” – Wired
