Seattle Washington-based logistics giant Expeditors International Inc.
said it shut down most of its operating systems in response to a cyberattack that emerged on Sunday, raising fears of further strain on already fragile global supply chains.
In a statement posted on its website, the freight forwarding company said it currently has a “limited ability” to conduct operations, including arranging freight shipments and handling customs and distribution activities. .
Expeditors manages freight movements by air, sea and land at more than 300 locations worldwide, employing approximately 18,000 people.
The company warned in its quarterly report released on Tuesday that the cyberattack could have a significant negative impact on the company’s results, without giving an estimate of when its operations would resume. Expeditors did not disclose the nature of the attack or the systems directly affected. Spokespersons for Expeditors did not immediately respond to a request for comment.
Restoring systems after a cyberattack can be a cumbersome and complex process, said Jake Williams, lead instructor at cybersecurity training firm SANS Institute. It usually takes at least 48 to 72 hours to get back online, said Williams, who has worked with logistics companies on disaster recovery, but that can stretch to weeks without very good backups.
“For a company like Expeditors, there are so many externalities that restoring IT systems doesn’t restore business,” Williams said.
The attack is the latest in a series of hacks to affect the logistics industry. In December, German company Hellmann Worldwide Logistics SE & Co. KG suffered a cyberattack that resulted in a data breach. A cyberattack in January at Mabanaft GmbH & Co. KG Group and Oiltanking GmbH Group, two units of fuel logistics provider Marquard & Bahls AG, disrupted terminal operations.
Analysts are concerned about how hacks can damage supply chains, especially for ocean freight, which are already stretched due to the effects of the Covid-19 pandemic.
Mr Williams of the SANS Institute said cybersecurity should already be a priority for logistics providers. “This shouldn’t be the thing that wakes up logistics organizations and says, ‘Hey, we should probably take cybersecurity seriously,'” he said.
The Atlantic Council, a think tank focused on geopolitical issues, released a report in October highlighting the need to strengthen the security of the maritime transportation system, which accounts for about a quarter of the United States’ annual gross domestic product. Many of the largest shipping companies have suffered cyberattacks in recent years, as has the International Maritime Organization, which serves as the global regulator for the industry.
The US government released guidelines to strengthen maritime cybersecurity in December 2020, warning that the sector’s growing reliance on technology was introducing new systemic concerns. An executive order issued by President Joe Biden on February 24, 2021 specifically mentioned cybersecurity as a risk to supply chains.
— James Rundle contributed to this article.
Write to Nicolle Liu at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8