This is a must read article for all business executives.
Too often the cybersecurity industry is accused of selling FUD (fear uncertainty and doubt) to drive sales. For those of us interacting with major global enterprises on a daily basis, hearing horror stories like this is sadly business as usual.
A little known fact is that those trusted in the cybersecurity business don't talk about the specifics of what they actually see on a daily basis. We have to point people to infrequent validation articles like this, in order to get people to wake up and smell the coffee.
Any executive reading this article, can't say they haven't been warned.
The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its creators intended. Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft. The result was more than $10 billion in total damages, according to a White House assessment confirmed to WIRED by former Homeland Security adviser Tom Bossert, who at the time of the attack was President Trump’s most senior cybersecurity-focused official.