Container port CEO highlights “painful” cyber attack as call for stronger cybersecurity culture

NASSAU, BAHAMAS – The Nassau Container Port’s top executive acknowledged yesterday that the port underwent a “painful exercise” in dealing with a cybersecurity attack in April, noting that while the losses were minimal, it underscored the need for a culture of cybersecurity awareness.

APD in its annual report, noted that it paid no ransom over the April 2024 intrusion, which temporarily rendered data systems “inaccessible” and forced Nassau’s main commercial shipping port to revert to manual processes to resume operations. The disruption was described as “minimal,” and the issue was resolved in just over two weeks.

Dion Bethel, APD’s president, and CEO, speaking at the CyberTek Bahamas: DragonTek Cybersecurity Summit, noted that the incident highlighted why firms need to invest in protective measures. Bethel noted that APD was transparent about the event to increase awareness of potential risks and cybersecurity threats among other companies.

“Everyone talks about backups, but how often do we test them to ensure we can recover?” Bethel explained. “We went through a painful exercise. Our losses were minimal in terms of the cost to our shareholders and the recovery process, but we were able to produce an unqualified audited financial statement because we had the necessary systems in place that we could rely on in a manual environment. As painful as it was, we stand by what we’ve built APD on — you can’t inspect what you don’t inspect. If you don’t have systems in place and you’re not checking to see if anything unusual is going on, it’s all for naught.”

He also stressed that without the necessary measures in place or the assistance of a cybersecurity provider, companies may be unprepared for cyber threats.

“Cybersecurity is an expensive department, but managing that risk and having a culture of awareness is critically important,” Bethel added.

He also highlighted the importance of penetration testing — a simulated cyberattack that evaluates a computer system’s security.  Penetration testing is a controlled form of hacking that helps organizations find and fix vulnerabilities before attackers can exploit them, contributing to business resilience.