With the flow of information as crucial as the flow of goods and materials in a distribution operation today, it's vital that the information network be secure from cyberattacks. That's why a recent report on the growing danger of advanced persistent threats (APTs) should serve as a red flag for logistics managers.
APTs are an espionage tactic used by hackers and cyberterrorists to steal intellectual property from a company's computer systems. A recent survey of more than 1,500 security professionals conducted by ISACA (formerly the Information Systems Audit and Control Association) found that these types of attacks are on the rise. In fact, more than one in five survey respondents said their enterprise had experienced an APT attack.
What makes this particularly worrisome, according to ISACA, is that APTs pose a much greater danger to enterprises than "traditional" threats. "APTs are sophisticated, stealthy, and unrelenting," said Christos Dimitriadis, international vice president of ISACA, in a statement announcing the publication of the report, Advanced Persistent Threat Awareness: Study Results. "Traditional cyberthreats often move right on if they cannot penetrate their initial target, but an APT will continually attempt to penetrate the desired target until it meets an objective – and once it does, it can disguise itself and morph when needed, making it difficult to identify or stop."
Examples of APT attacks include the recently reported incidents of cyberespionage by Chinese military hackers targeting corporations and the media. Although in many cases, the hackers are trying to steal corporate secrets, some are simply looking to cause mischief. "Sometimes, the motives of the attack are disruption of the business," says John Pironti, an adviser with ISACA. "Other times, it's disruption of reputation. They don't need to steal data to be successful."
Although logistics managers may think this problem is strictly an information technology issue, that's not the case, says Pironti. That's because these types of cyberattacks are being launched more often at supply chain and distribution networks.
What makes these networks an attractive target has largely to do with access, Pironti says. Hackers have figured out that they can sometimes gain entry to a designated company's IT system by exploiting its network connections. That is, instead of attacking the company's computer system directly, they'll try to sneak in through the information connections it has with suppliers or carriers. "A small guy will be less protected than the big guy," he explains. "If I can't get into the manufacturer, let me see who they are working with and get in through that entry point."
In fact, Pironti says he knows of at least 10 cases where hackers have broken into logistics software to place phony customer orders. The company is then forced to go in and root out the fake orders, which results in a slowdown in its distribution operation and impairs its ability to ship orders on time.
To avoid those types of situations, logistics managers need to help ensure the "data integrity" of orders received for fulfillment and shipping to make sure that the "senders are who they say they are." Pironti says information transmissions should be encrypted as a safety precaution.
So, what additional advice does the security expert have for logistics managers? Pironti says that DC managers need to adopt a "trust but verify" approach for information exchanges with suppliers and carriers. On a regular basis, managers should check with their software vendors and ask for proof that monitoring systems are in place and up to date to safeguard against hacking. "People have to stop believing that they are not a target for hackers," he says. "You have to create a culture that's risk aware."