In only a few short years, supply chain companies have made huge investments in cloud storage, IoT infrastructure, and advanced cargo tracking software. This shift away from paper and pen has powered a revolutionary change in data processing and productivity, but it has also introduced new vulnerabilities into the global supply chain.
In 2017, a cyber attack on the world’s largest shipping company, A.P. Moller Maersk, forced the busiest ports on Earth to grind to a halt — and brought cybersecurity concerns to the forefront of discussion in the shipping world. Sadly, the risk of a major cybersecurity event has only increased since then, especially since COVID-19 hit the global stage in early 2020.
Things are changing faster than many logistics firms can keep up with. As a result, cyber-attackers have increasingly trained their focus on the industry. In this post, we’ll cover the state of cybersecurity for supply chain companies in 2020.
Cyber criminals thrive on chaos
Cyber attackers benefit from situations where normal IT security protections are disrupted. This could come in the form of service interruptions related to a natural disaster, such as the COVID pandemic, or a manmade disaster like a global recession. Cybercriminals take advantage of a climate of fear to penetrate organizations, steal data, and establish ransomware schemes.
The more pronounced and profound the disruption, the better the opportunity for cyber criminals. Something as simple as a malicious website made to resemble a legitimate information source can snag hundreds of users if protections aren’t kept up to speed.
Attacks are on the rise
Since early January, a variety of COVID-19 related tactics and techniques have been observed. Attacks have ranged from:
- Unsolicited misinformation bulk email scams
- Mobile apps to be used for eavesdropping
- Phishing emails designed to access personal data
- And more
According to Deloitte, the COVID crisis has created a perfect storm for cybersecurity vulnerabilities. The pandemic and resulting economic downturn have led to business continuity disruptions and heavy layoffs in the tech sector, both of which have impacted a number of third- and fourth-party vendors. A large merchandiser may have thousands of individual vendors that have experienced some level of disruption.
Even well-capitalized, cyber-secure logistics firms can be exposed to criminal activity through external vendor networks. When this happens, the WMS software that streamlines intermodal transfers and assembles picklists can leave your operations open to a ransomware attack that could cost millions to remedy.
More IoT, more problems
IoT devices have changed the way cargo is de-palleted, sorted, picked, and packed both portside and at the warehouse. Unfortunately, they’re often highly susceptible to attacks from cyber criminals.
IoT devices may have vulnerabilities originating from a number of sources, from hardware to wireless communications to the Cloud. Because they’re so open to attack, companies that rely on IoT should have good endpoint security management practices in place. Perhaps even more importantly, companies need to ensure that employees in the office and the warehouse are up to date on cybersecurity best practices for all applicable use cases.
Not every attack is a software problem
Most successful penetrations don’t come from open ports or outdated firewall protections; most hackers are let in the front door by distracted employees.
Phishing emails are the single most effective penetration method in the cybercriminal toolkit. Your associates, distracted and anxious because of news of outbreaks and civil unrest, are more likely to mistake a phishing email for the real thing. In recent years, phishing scammers learned to pose as trusted figures to steal passwords and access sensitive data. This puts your organization at risk.
Regular education and testing for employees is the most powerful weapon against email phishing. Something as simple as sporadic phishing test emails can keep employees on their toes and save the company millions of dollars in damage.
Technology is a double-edged sword
Software plays a vital role in moving goods where they need to go. Unfortunately, these same tools leave the supply chain vulnerable to attack from nefarious actors. All things are connected in the digital world, and poor cybersecurity hygiene elsewhere in the supply chain can create vulnerability at your firm without proper precautions.
Supply chains are more connected, complex, and dependent on technology than ever before — a reality that only compounds cyber risk. Ensure that your partner firms and customers are up to date on penetration testing, data siloing, and firewall protections. Request regular cybersecurity surveys from all network-connected third-party companies to ensure compliance with best practices.
Connectivity allows the supply chain to move faster, but can also provide more entry points for bad actors — especially if you’re using outdated logistics software, or not using it to its full potential.
Make sure you work with an experienced 3PL provider that’s up to date on the latest software and cybersecurity practices, like GlobeCon. A qualified 3PL partner can streamline drayage, freight forwarding, portside warehousing, and more — all while keeping data secure to minimize cyber risk.