An employee at Maersk, the world’s largest shipping conglomerate, saw computer screens suddenly turn black and irreversibly lock in late June 2017. A highly engineered malware worm exploited company computers in Ukraine lacking the latest Microsoft Windows security patches. With this small foothold, the worm breached the company’s IT system and blocked access to all computers and servers worldwide, ultimately halting shipping operations for several days. The incident cost Maersk over $200 million in lost revenue, caused unquantified costs in perished goods and recovery efforts, and created a slew of unhappy customers.
The Maersk story is not uncommon. In 2015, 80 million customer records were stolen from Anthem because an unsuspecting employee responded to a phishing email. In 2017, the United Kingdom’s National Health Service suffered a ransomware attack that resulted in 19,000 canceled appointments due to the use of, once again, an outdated, unpatched version of Microsoft Windows. In 2019, data on 106 million Capital One customers was stolen via a misconfigured Amazon Web Services firewall. And the list goes on.