Cybersecurity is a growing concern for logistics firms. In June 2017, a ransomware attack on shipping giant A.P. Moller-Maersk brought eighty ports and terminals around the world to a standstill. The attack affected not just them, but their complex supply chain of truckers, shippers, consignees, banks and border authorities, too. It cost the company $300 million.
During the same year, British shipbroker Clarksons refused to pay a ransom to cyber blackmailers, and saw seven months of stolen user data released by cybercriminals. From the biggest global operations to small-to-mid sized operators, everyone in the industry is at risk.
Why are logistics firms particularly vulnerable? What specific vulnerabilities exist in the logistics industry? And what, once we know the threats, can we do to stop them?
Why is logistics a target for cybercrime?
As a report by law firm Holland and Knight explains, cyber attacks can come from a variety of directions – and theft is not always the goal. Nation-states, non-state actors, hacktivists and organised criminals all take their shot at the logistics industry for their own ends, sometimes as a byproduct of operations elsewhere. Even Maersk might have been caught in the crossfire of a state-sponsored attack on the Ukraine – merely collateral damage.
Logistics networks are vulnerable to two kinds of attacks. In an untargeted attack, malicious software is let loose to target any vulnerability it can find, accessing or paralysing any system it can, and often spreading through simple apps for operations like accounting or tracking. Then there are targeted attacks, aimed at a particular company’s data, like the Clarksons hack. This specific attack came through one compromised user account which was used to actively collect poorly secured data from the rest of the system.
Jerry R. Scott (Head of Security Operations at DB Schenker) points out that increased connectivity will make cybersecurity a bigger challenge than ever for the logistics industry. “Cyberhackers”, he explains, “see over-the-road trucks as computers on wheels” – especially now that those trucks are wired to connectivity technologies that link them to entire fleets. Your IoT truck could be completely disabled by a well-timed hack, stranding driver and goods until the ransom is paid.
What are the cybersecurity challenges for logistics?
Understanding the challenges starts with understanding the cyberthreats themselves. Logistics firms are particularly at risk from:
- Embedded malware and network vulnerabilities from connected device
- Poor cyber security awareness in the company
- Poor cyber security practice by suppliers and partners
- Unpatched systems across long supply chains with multiple devices involved
- Specific pieces of crimeware: ransomware, remote admin tools and keyloggers
Ransomware literally holds your devices to ransom – “pay up, or we use your phone to leak this data you’ve left unsecured”. Remote Admin Tools are based on a legitimate tool for using a device you can’t physically access – but those tools can be used to access and edit files on that machine. Keyloggers are simple, silent apps that record every key you press or touch you make on a device – the same principle that trains predictive text apps on your smartphone.
“People leave loopholes for cybercriminals.”
The main thing to understand about these vulnerabilities is this: most of them exist between humans and machines, not in the machines themselves. If a person chooses to connect an unsecured, unscanned smartphone to the company network, they create a network vulnerability. If a person puts off patching their computer and updating their software, they leave room for crimeware to operate. People leave loopholes for cybercriminals; training people to close those loopholes is the cornerstone of good cybersecurity practice.
What should logistics firms do to meet cybersecurity challenges?
Most cybercrime targets the weak link in any system. The majority of the time, that weak link is people. For that reason, the best cyber defence starts with people, too. Education, culture and great people management are the key elements of cybersecurity right now.
That’s where a CISO is invaluable. While a CIO is vital for keeping a firm’s operational IT requirements on track, employing a CISO means that a business can maintain a specific focus on the ever-increasing burden of cybersecurity.
Hiring in a C-level role with a sole focus on safeguarding company data and information highlights that your business takes cybersecurity seriously. It’ll not only ensure that you’re adequately protected against the risk of attack, but will demonstrate to clients, to third party partners and to potential new hires alike that security is paramount.
- You may like: 5 big challenges for cybersecurity in the next 5 years
Not only is a CISO’s task to put security protocols in place, but also to define and set the culture of security within a business. In this way, your employees’ desire to keep business data secure will become second nature, instilled in the very heart of what the company is all about.
So what sorts of things might a CISO suggest to keep cyber attacks at bay?
Staff may need to connect their own devices to the company network, but those devices need scanning and screening, and staff need to work through multi-device management software that keeps track of everything happening on the network.
IT teams need to keep systems patched, up to date, and regularly scanned and secured – if there is a monitoring tool, it needs to be used, and notifications from the tool need acting upon.
On a supply chain level, the key areas to focus on (according to Security’s Bill Zalud) are:
- Visibility – tracking the location and integrity of cargo in real time so anomalies can be noted at once
- Validation – ensuring a solid chain of custody, with goods passing between trusted partners at every step
- Performance – estimating transit times and notifying when they’ve been met, allowing late deliveries to be tracked and investigated faster
- Mitigation – awareness of why and how firms might be targeted, and co-operation with law enforcement and partners to manage attacks ASAP
- Efficiency – balancing cost, risk and time when routing goods, and evaluating performance, treating no operation as routine
Professor Stuart Madnick (information technology and cybersecurity founder at MIT Sloan) recommends firms should subject any partner, contractor or service provider to a security audit as standard operating procedure.
Organisations need a way to evaluate their potential partners’ security and conduct stress tests on their own systems, establishing where there are points of weakness. Systems become vulnerable at the joints, where different programs and apps connect and network, or where a different organisation takes over responsibility, so those changeovers need attention.
The logistics sector is turning itself around, with flagship events like the Cybersenate Logistics Cybersecurity show later in 2019. This event brings together veterans and survivors of the cybersecurity wars – including Andy Powell, CISO for A.P. Moller-Maersk – to share stories, strategies and best practice, establishing what’s worked for them in preventing attacks and how they go about recovering.
In an industry that’s traditionally hands-on and hardware-focused, digital transformation means more than just bringing in new technology. It means transforming mindsets. Companies and people must understand how to use the tech safely and securely, bringing in the skill sets to lead that training – and, should the worst happen, to handle a threat in good time and good order.
Looking for a role where you can put your cybersecurity skills to good use? Take a look at our current vacancies.
Featured image via Adobe Stock (enanuchit)
