May 22 Screen with security graphics showing cybersecurity

Supply Chain Cybersecurity Should Be On Your Radar

Categories: Trucking.

While other industries were shifting to digital solutions, many companies on the supply chain operated using the old methods — paper and pen, in many cases. Now that tech innovation is starting has penetrated into warehousing and logistics in a big way, there’s a lot of cybersecurity catch-up to be done.

Supply chain cybersecurity increasingly worries the big players in the logistics and warehousing world, especially among companies that have vulnerabilities stemming from dozens or even hundreds of networked vendor partners.

The same software that schedules truckloads and manages picklists can become your worst enemy during a ransomware attack. Fortify your defenses before hackers get ahold of your network.

What can companies of all sizes do to protect themselves from malevolent elements online?

Liability Insurance

In some instances, the least technical solution is the most essential. The first thing any supply chain company should consider is cybersecurity liability insurance. In the event of a ransomware attack, you could spend five or six figures regaining access to your systems or retrieving data. A breach may directly impact your clients, who could sue you for damage done to their business.

The likelihood that you’ll experience a cyberattack at some point is high and getting higher. The extent of the damage done to your network will vary, but ensuring your business against this eventuality is an unfortunate (and necessary) part of doing business in the digital age.

Firewall Protections

Companies with software that may only be a few years old need to ensure that their firewall protections meet cybersecurity best practices. Threats to your network are always evolving. Your WMS may be adequate for picking and moving cargo, but without frequent cybersecurity tests and updates, it could leave you exposed.

Hackers who deployed a ransomware attack against Bay & Bay, a trucking company based out in Minnesota, accessed their network through a remote desktop protocol — a common firewall opening. Hackers used a common account with a guessable name and a free-to-download password cracking software to gain access.

Updated security protocols would likely have prevented this attack. Instead, Bay & Bay lost access to their network (and their ability to manage their fleet) for several days and paid out nearly six figures in damages.

IoT Vulnerability Awareness

The expansion of IoT technology is driving innovation across the supply chain. Cargo can be sorted, de-palleted, picked, and packed faster thanks to warehouse IoT tech. Companies can now track the flow of goods from the port to warehouse shelves, using the data collected from RFID tags. Unfortunately, the same IoT devices that drive this innovation are susceptible to cyberattacks.

Protecting your software from attacks that originate in IoT devices requires good endpoint security management combined with a workforce that’s informed on cybersecurity best practices. Even trucking companies that rely on a network of IoT software in mobile devices, TVs, and networked laptops can be penetrated by hackers if they let their guard down.

Third-Party Vendors

Companies invest a lot of resources into building firewalls and data protections that wall their data off from the outside world. Unfortunately, that isn’t enough when your vendor partners aren’t keeping up their end of the bargain.

Third-party software integrations are a common cause for data breaches. Consider the high profile case of Target, whose point-of-sale systems were breached by malware from a third-party HVAC vendor (the breach leaked credit and debit card info of more than 70 million customers).

The average supply chain company works with dozens, if not hundreds of individual vendors. Assessing the risk these vendors present to your network security isn’t easy, but it’s a necessity.

Simple Email Protocols

Often the easiest protection is the most effective. The majority of threats to businesses don’t come from coordinated DDoS attacks or penetration through open ports. Email phishing remains the most common way to access a company’s internal networks.

Education is the best weapon against email phishing. Regular training for employees can save a company thousands of dollars in damage.

Key cybersecurity best practices (via National Institute of Standards and Technology):Develop your defenses based on the principle that your systems WILL be breachedStart from the premise that a breach is inevitable, and you’ll make better preparations for next steps. Preventing a breach is one part of cybersecurity, but limiting the impact of a breach – data loss, leaked info, network access, sensitive communications, so on – mitigates the attacker’s ability to exploit the information they do access.

Cybersecurity isn’t just a technology problem, it’s a people and processes problem

Most breaches come down to human error, not the failure of technology. IT security systems won’t protect data and intellectual property unless individual employees throughout the supply chain – both the physical and digital – adhere to best practices. A great password doesn’t work if you write it on a post-it and stick it to your monitor.

Security is security

Protecting your company online also requires physical security. Limit employee access to data through login protocols and strong admin protections. If someone accesses your network physically, you should have gatekeeping measures in place to prevent them from getting digital access, too.

The digital landscape can be intimidating. New technology brings unfamiliar perils to the logistics world, but it also presents an opportunity to move cargo faster, smarter, and cheaper.

Learn more about new tech at the Port of Los Angeles. Contact us!