You may have seen in recent news a hack of service provider Collins Aerospace, a provider of baggage and check–in services to several airports in Europe. I was getting ready to travel at the time and was flying out through London Heathrow airport (one of the affected airports), so I kept tabs on the developments. I wanted to be able to adjust my travel plans in case flights out of Heathrow were cancelled or delayed. An announcement on the airline website showed that all services were running normally, but I made plans to get there a little earlier than usual… just in case. 

I arrived five hours before my flight, half expecting a seamless travel experience. Boy was I wrong – I (and many others) had underestimated the impact of the cyberattack. The check-in counters for the airline were still busy checking in an earlier flight, so I had to wait until their check-in was completed. Unfortunately, the seat I found did not have a view of the check-in counters, so I didn’t notice that they finished the check-ins for the earlier flight. When I realised what was going on (about three hours prior to my flight) and lined up, more than 200 people were in front of me. The first thing I noticed was that the lines were moving painstakingly slowly. When I finally made it to the front of the line I saw why – for every person checking in, staff were making at least two calls, checking their computer several times, and issuing handwritten boarding passes and baggage tags. It didn’t seem to matter that I checked in online the night before and was just dropping my bags off. I can’t remember the last time I saw a handwritten boarding pass (or if I have even seen one). I felt like I was issued a fake pass and wouldn’t be let on the plane at the gate. I anxiously checked my watch – it was 30 minutes before flight time. 

After checking in and clearing inspection, I made a beeline for the boarding gate, thinking they’d start boarding soon. What I didn’t notice was that there were a few hundred more people after me, waiting to check in and get their boarding passes (it was a long-haul flight, so I was getting on one of the bigger planes). In the end we boarded and took off about two and a half hours after original departure time. Unfortunately, I had only the same time as layover for a connecting flight, which meant my next flight had just left when we arrived at our destination. I had to take the next flight a day later, missing some appointments I had made for that day. 

 I consider myself fortunate that I (as a security practitioner) experienced the effects of a cyberattack first hand. It’s easy to think of the inconvenience that such an attack can cause to passengers, but not other events. Follow-on effects like delays to next flight departure, missed appointments (like the dentist’s appointment I had made weeks in advance, or that Laufey concert you paid a hefty amount for), missed airport pick-ups or drop offs, and accommodation are some of the unseen impacts of cyberattacks. I thought to myself – what if more critical, time-sensitive matters were involved, like maybe a human organ being delivered to a recipient, perishable foods, or medicines being rushed to a sick patient? 

This incident is an example of the important role service providers play in the efficiency of an organisation’s operations. Ultimately the goal of any business is to deliver the product or service to the customer, and it is the business that remains accountable for the success – or failure – of its actions. That means your business must make sure its service providers can deal with disruptions from things like cyberattacks by doing due diligence, checking that business continuity and disaster recovery requirements can be met, and setting up service level agreements to ensure this happens.  

If you’re thinking about your third-party management framework and whether it’s enough to deal with disruptions, Axenic can help. Drop us a message, let’s see what we can do for you.