UNDER CYBER ATTACK

IT STARTED with an inconspicuous message on Toll Group’s website about a precautionary shut-down of its IT systems and unfolded into the highest-profile cyberattacks in Australian transport and logistics history – let alone the corporate world.

In the meantime it’s brought into sharp relief the vulnerability of an industry ever-reliant on technology to fall victim to cybercrime, especially if a corporate giant with vast resources such as Toll is susceptible.

Though it’s still early days in the aftermath, the attack may have a lasting technological and financial impact on Australia’s T&L sector.

Rapid timeline

The warning message appeared on a Friday, January 31, soon after “unusual activity” was detected in some of Toll’s IT systems, a company spokesperson says.

“Based on our early assessment, we moved quickly to disable our servers in order to contain the risk,” they explain. After further risk assessment revealed the extent of the incident, the company moved into crisis management mode, disabling its IT network.

“That included shutting down some 500 applications that support all of our operations and deploying our business continuity plan, which included a combination of manual and automated processes to maintain operations and services.”

The original message flew under the radar over the weekend – but then came the social media grumblings from customers, and speculation from media and IT analysts.

Toll had to act fast – not just behind the scenes, but also publicly.

On one hand it was dealing with a ransomware attack, consulting with authorities including the Australian government’s