Why Supply Chain Companies Should Take Transportation Cybersecurity Seriously

Categories: Cyber Security.

Many of the biggest hazards facing companies in trucking and logistics aren’t found on the open road — they come from the web. Cybersecurity is a leading concern for businesses in the supply chain, as more cybercriminals than ever see shipping and fulfilment as a ripe target for attack.

Cyber attacks can have a serious impact on businesses both big and small. For example, a ransomware attack can take a shipping company offline for days or weeks and cost tens of millions of dollars to remediate. Meanwhile, freight languishes on docks and in warehouses, and customers are subjected to delays, disruptions, and data security risk of their own.

Attacks are on the rise with hackers taking advantage of COVID-19’s disruption to normal security protections. Companies should prioritize transportation cybersecurity in everything they do, from training employees to selecting vendor partners. Numerous recent cyberattacks on key industry operators bring to light the importance of digital security.

Exploiting vulnerabilities 

Over the last year, almost a dozen cyberattacks targeted companies working in the international supply chain industry. Examples include:

  • A ransomware attack on Forward Air caused substantial shipping delays at major airports.
  • A ransomware attack on shipping and logistics company CMA CGM severely impacted their ecommerce operations. This attack was first detected in a shipping subsidiary, and leadership decided to completely disable their IT systems to minimize damages.
  • Another ransomware attack, this time on Daseke, led to the personal data of truck drivers affiliated with the largest flatbed trucking company in the U.S leaking onto the dark web.

Cyberattacks can impact a business financially in the form of lost revenue and ransom money paid, or in serious reputational damage and loss of sensitive data. Cyberattacks can expose sensitive data about customers and partners, too.

To pay or not to pay?

When hit by an attack, a company may choose to pay the perpetrators sums in excess of several million dollars in an attempt to regain access to their encrypted data and systems. But is that the right decision? Here are factors to consider:

  • Approximately 60% of people paying the ransom won’t receive all their compromised data. Data loss is practically a given in these circumstances, as is a hit to your company reputation.
  • U.S. government agencies and cybersecurity experts advocate that people should refuse to pay the ransom, but this option typically doesn’t come without a cost. Companies choosing not to pay could risk sensitive information being uploaded to the dark web.
  • Detailed records such as accounts receivables, contracts between shippers and logistics providers, and email communications about shipments have been exposed by cybercriminals in the past.
  • Often these crimes aren’t made public until companies refuse to pay the hackers’ ransom, as was reportedly the case with Daseke.

At the end of the day, there is no perfect outcome — you can only make efforts to minimize the damage. If you think you have been breached, contact federal authorities and consult with a cybersecurity expert for advice.

Prevention: Better than any cure

The vast majority of ransomware attacks are completely preventable — according to Gartner Research up to 90 could have been deflected with good cybersecurity hygiene. Shipping and logistics firms need to stay up to date with best practices on all network-facing software and hardware, and keep staff trained on cybersecurity protocols.

Proactive cybersecurity measures, like siloing with login protection for sensitive proprietary and customer data, can limit the amount of data lost in the event of a successful breach.

When a cybersecurity attack occurs, companies have some control over how bad it can get and the time it takes them to recover. For one, due to the proliferation of ransomware attacks, a host of cybersecurity and insurance firms have emerged to protect companies. Of course, always stay up to date on simple things you can do to stay protected.


No matter how robust your cybersecurity protections are, at the end of the day you’re only as safe as your networked vendors. When choosing a partner at the port, it’s vital to choose a 3PL that takes cybersecurity seriously.

GlobeCon, a leader at the Port of Los Angeles and Long Beach, uses the most advanced technology to streamline drayage, freight forwarding, portside warehousing, and more — all supported by industry-best cybersecurity practices.

Learn how GlobeCon can streamline your freight logistics and operations. Contact us