Protecting a global shipping business against ransomware
As one of the world’s largest shipping companies, Bernhard Schulte Shipmanagement (BSM) wanted to become more proactive in its approach to cyber security, particularly in relation to the detection of ransomware. Working with Redscan gives BSM greater visibility across its global network of offices and ships to better detect and respond to threats when they arise and ensures that appropriate controls and processes are in place to meet its compliance obligations.
- Globally dispersed network
- Hybrid infrastructure
- Strict compliance responsibilities
Bernhard Schulte Shipmanagement (BSM) is one of the world’s largest shipping companies, with more than 135 years in the industry. The company provides integrated maritime solutions through nine ship management centres worldwide and manages around 600 vessels, with 20,000 employees on shore and at sea.
Following the NotPetya malware attack which affected three of shipping giant Maersk’s global businesses in 2017, the team at BSM were only too aware of the damage that cybercrime could inflict on its operations, finances and reputation. The NotPetya attack spread throughout Maersk’s IT operations, forcing it to undertake a complete reinstallation of its infrastructure, including 4,000 servers and 45,000 PCs, and costing it $300m USD.
While BSM had some security controls in place to support threat detection, these did not provide visibility across its complete hybrid cloud infrastructure, encompassing Office 365. Nor did they provide confidence that attacks would be identified quickly enough to minimise potential damage and disruption.
With only a relatively small number of IT specialists for its size, the company wanted to identify a third party to help alleviate the demands of day-to-day threat detection, enable it to be more proactive in its approach to cyber security and mitigate future security risks. BSM also needed to ensure that appropriate controls and processes were in place to meet all its data protection obligations, including the ability to detect and report breaches in line with the GDPR.
- Long-term partnership
- Comprehensive security monitoring
- Addressing threats 24/7
BSM was looking to build a long-term partnership with a top tier MDR provider. Its choice was based on a range of criteria, including technical expertise, approach to threat detection and quality of customer references. After spending some time identifying the security partner that would best meet its requirements, BSM selected Redscan and its ThreatDetect™ Managed Detection and Response service. BSM was also impressed by the personal touch that the Redscan team demonstrated in proposing a solution that would best meet its threat detection requirements.
Petros Andreou, Head of IT at BSM, says:
“Redscan was the company which met all the criteria we had in mind. I always pay attention to personal relationships with potential partners. Right from the start, I had an Account Manager working with me helping me to identify the best solution for our needs and providing the information I needed to make my decision.”
While the personal aspect was an essential part of BSM’s decision to work with Redscan, so too was the turnkey nature of ThreatDetect – which supplies the people, technology and intelligence the company needs to identify and respond to both current and emerging cyber threats, 24/7.
BSM recognised the value of ThreatDetect in improving visibility across its infrastructure and the impact the service would have in driving a reduction in the mean time to detect and the mean time to respond to threats. ThreatDetect’s Security Operations Centre (SOC) professionals operate as a virtual extension of BSM, providing the high-quality insight and mitigation guidance its IT team need to respond to incidents whenever they arise.
To ensure that BSM’s security is as robust as possible, Redscan also conducts managed vulnerability scanning and CREST-accredited penetration testing to help identify and address vulnerabilities across its global infrastructure.
“The human factor is something I’m always looking for. I don’t want to talk with bots – I want to talk with people. This personal approach is something I noticed from my first engagement with Redscan and it is still true today.”