Skip to content
Search AI Powered

Latest Stories

CYBERSECURITY

How to protect your company from cybercriminals

Logistics leaders need to assess risk, build up defenses, and remain vigilant as cybersecurity threats intensify. Here’s how to make sure you’re on the right path.

DCV23_11_cybersecurity_art.jpg

Logistics industry leaders are sharpening their focus on cybersecurity as supply chains become more connected and digitized—and as threats from cybercriminals intensify in nearly every sector of the economy. Cyberthreats were listed as one of the top three business concerns among 1,200 companies surveyed by global insurance firm Travelers this fall in the leadup to national Cybersecurity Awareness Month, observed each October. The results echoed data from a Gartner survey earlier this year that showed a heightened focus on the topic in supply chain circles: 60% of nearly 500 supply chain organizations surveyed said that by 2025, they will use cybersecurity risk as a “significant determinant” in conducting third-party transactions and business engagements. 

The topic is front and center in logistics largely because the supply chain is a prime target for cybercriminals, according to Dan Matney, a senior solutions architect and cybersecurity expert at supply chain consulting and technology firm enVista. Logistics and transportation companies are especially vulnerable because they can’t afford the downtime and delays that an attack or security breach brings, making them susceptible to hackers’ demands in order to get back up and running. 


“We’re seeing very standard cybersecurity threats across pretty much all businesses, but the impact to logistics and transportation [is considerable]. That’s why [attackers] try so much harder in this industry,” Matney says, emphasizing the impact of costly disruptions that can have ripple effects throughout the economy. 

Manufacturers are prime targets as well, and for similar reasons, explains Kirstin Simonson, cyber lead for global technology at Travelers.

“In many cases, a manufacturer’s systems need to be kept up and running 24/7/365. A cybercriminal could, for instance, use a malware attack to shut down systems to prevent a manufacturer from operating at all and disrupting the larger supply chain,” she says. “The cybercriminal could then request a significant ransom to restore the manufacturer’s operating systems.”

With the stakes so high, experts say it’s more important than ever to shore up your company’s cyber defenses. Here are three ways business leaders can make sure they’re on the right path.

ASSESS YOUR RISKS

The proliferation of technology on the manufacturing floor, in the warehouse, and on the road only exacerbates the risk of a cyberincident, as it creates more access points for cybercriminals to launch their attacks. 

“Anything that’s connected to the internet can be hacked, and with the increase in internet-connected sensors, automated machines, industrial internet of things networks, industrial control systems, [and so forth], each of these creates a potential vulnerability or risk factor,” Simonson explains, adding that cybercriminals will leverage known vulnerabilities and look for areas they can compromise using methods such as phishing and malware. Phishing is an attack via email, phone, or text designed to lure people into giving up sensitive data or access to accounts or IT systems; malware is software that is intentionally designed to disrupt a computer, server, or network.

The experts at enVista point to other methods used to attack transportation, logistics, and manufacturing industries: ransomware, which involves encrypting sensitive data and systems and holding them hostage until a ransom is paid; distributed-denial-of-service (DDoS) attacks, which overwhelm a system’s resources, rendering it inaccessible to legitimate users; and man-in-the-middle (MitM) attacks, in which hackers intercept communications between two parties, gaining unauthorized access to sensitive data.

The first step in avoiding any of these attacks is to conduct a cyber-risk assessment, which can be done in partnership with IT vendors, a technology consultant, or an insurance provider. Simonson describes this as a process of identifying the critical points in a company’s network so that managers “know what you have and what you need to protect.” This includes identifying where all those access points are within the organization.

Matney agrees, adding that: “If you don’t have that first step, all the other implementations beyond that are pretty useless.”

It’s also important to conduct a third-party risk assessment, as the Gartner survey points out. This means working with vendors and other business partners to make sure they have adequate cybersecurity measures in place and contractual language outlining standards and how they will be enforced. 

Taking that first step is becoming increasingly important: Nearly a quarter of companies in the Travelers survey said their company had suffered a cyberattack, with almost half of those occurring in the past 12 months.

BUILD YOUR DEFENSE

The next step on the cybersecurity journey is making sure you have tools in place to protect against an attack—firewalls, antivirus software, encryption technology, and the like—and that all software and systems are up to date, which can help keep cybercriminals from exploiting IT weaknesses. 

Physical security and access control are vital considerations as well.

“Whenever you’re dealing with getting into your building, that’s one layer. But past that front door, think about how [people can gain access] to critical information—the server room or the ability to plug into a port in the wall and [get] on the network, for example,” Matney explains. “Those are things folks don’t think about. Access control and physical security are the basics before we get into different technologies [for detecting and responding to potential threats].”

Simonson agrees, emphasizing the importance of making sure those who need access to secure systems have it—and that those who shouldn’t have access don’t. This means developing identity and access management plans as well as password management protocols. Those steps could include multifactor authentication, which adds a layer of protection for accessing vital systems, platforms, or applications; essentially, the process asks users for a third identification factor—an access code to be entered after a user name and password have been provided, for example—before a user can gain access to the system.

Building a defense can also include the installation of solutions such as endpoint detection and response technology, which monitors the physical devices connected to your company’s network to detect suspicious activity and respond to threats. 

Companies should factor all of this work into a comprehensive incident response plan. 

“This is no different than if you live in a fire-prone area or hurricane-prone area,” Simonson explains. “You build some kind of business resilience plan for that. [A similar plan] needs to be in place for a cyberevent as well.”

Many companies have a long way to go before they reach these goals, however. The Travelers survey showed that at least 25% of businesses have not taken essential steps, such as installing a firewall or virus protection and implementing data backup and password update protocols. A larger percentage say they don’t use endpoint detection and response (64%), don’t conduct cyberassessments for vendors (57%) or customers’ assets (56%), don’t have an incident response plan (50%), or don’t utilize multifactor authentication for remote access (44%).

EDUCATE, AND DON’T LET UP

Employee awareness is an important part of the defense strategy as well, and the good news is that most professionals say they understand the growing risk of cyberthreats in the workplace: 81% of respondents to the Travelers survey said they feel that having proper cybersecurity controls in place is critical to the well-being of their company, up from 78% last year and 69% in 2018.

Companies should capitalize on that awareness with proper training. For instance, enVista advises companies to regularly educate workers about cyberthreats, phishing scams, and best practices for secure online behavior, Matney says, adding that insufficient training and bad habits are all it takes for an attack to slip through the cracks in your defense system.

 “A lot of the attacks [in this industry] are through phishing and bad links that have compromised an entire network,” Matney says. “[A lack of] training and awareness are probably the weakest links.”

Simonson adds that it’s important to get the entire organization involved in the cybersecurity mission—and to continually educate, evaluate, update, and adjust your company’s strategy.

 “Everyone has a role to play in a holistic approach to cybersecurity,” she says, adding that cyberattacks will only intensify as companies take a defensive position because criminals will step up their efforts to find ways around those defenses. “This isn’t something you can build a strategy for today, put it on a shelf, and it will magically work for the next five years. Companies need a living approach to cyberhygiene and cyberawareness. Fortunately, there are tools and information out there that can help.”

The Latest

More Stories

team collaborating on data with laptops

Gartner: data governance strategy is key to making AI pay off

Supply chain planning (SCP) leaders working on transformation efforts are focused on two major high-impact technology trends, including composite AI and supply chain data governance, according to a study from Gartner, Inc.

"SCP leaders are in the process of developing transformation roadmaps that will prioritize delivering on advanced decision intelligence and automated decision making," Eva Dawkins, Director Analyst in Gartner’s Supply Chain practice, said in a release. "Composite AI, which is the combined application of different AI techniques to improve learning efficiency, will drive the optimization and automation of many planning activities at scale, while supply chain data governance is the foundational key for digital transformation.”

Keep ReadingShow less

Featured

dexory robot counting warehouse inventory

Dexory raises $80 million for inventory-counting robots

The British logistics robot vendor Dexory this week said it has raised $80 million in venture funding to support an expansion of its artificial intelligence (AI) powered features, grow its global team, and accelerate the deployment of its autonomous robots.

A “significant focus” continues to be on expanding across the U.S. market, where Dexory is live with customers in seven states and last month opened a U.S. headquarters in Nashville. The Series B will also enhance development and production facilities at its UK headquarters, the firm said.

Keep ReadingShow less
container cranes and trucks at DB Schenker yard

Deutsche Bahn says sale of DB Schenker will cut debt, improve rail

German rail giant Deutsche Bahn AG yesterday said it will cut its debt and boost its focus on improving rail infrastructure thanks to its formal approval of the deal to sell its logistics subsidiary DB Schenker to the Danish transport and logistics group DSV for a total price of $16.3 billion.

Originally announced in September, the move will allow Deutsche Bahn to “fully focus on restructuring the rail infrastructure in Germany and providing climate-friendly passenger and freight transport operations in Germany and Europe,” Werner Gatzer, Chairman of the DB Supervisory Board, said in a release.

Keep ReadingShow less
containers stacked in a yard

Reinke moves from TIA to IANA in top office

Transportation industry veteran Anne Reinke will become president & CEO of trade group the Intermodal Association of North America (IANA) at the end of the year, stepping into the position from her previous post leading third party logistics (3PL) trade group the Transportation Intermediaries Association (TIA), both organizations said today.

Reinke will take her new job upon the retirement of Joni Casey at the end of the year. Casey had announced in July that she would step down after 27 years at the helm of IANA.

Keep ReadingShow less
NOAA weather map of hurricane helene

Florida braces for impact of Hurricane Helene

Serious inland flooding and widespread power outages are likely to sweep across Florida and other Southeast states in coming days with the arrival of Hurricane Helene, which is now predicted to make landfall Thursday evening along Florida’s northwest coast as a major hurricane, according to the National Oceanic and Atmospheric Administration (NOAA).

While the most catastrophic landfall impact is expected in the sparsely-population Big Bend area of Florida, it’s not only sea-front cities that are at risk. Since Helene is an “unusually large storm,” its flooding, rainfall, and high winds won’t be limited only to the Gulf Coast, but are expected to travel hundreds of miles inland, the weather service said. Heavy rainfall is expected to begin in the region even before the storm comes ashore, and the wet conditions will continue to move northward into the southern Appalachians region through Friday, dumping storm total rainfall amounts of up to 18 inches. Specifically, the major flood risk includes the urban areas around Tallahassee, metro Atlanta, and western North Carolina.

Keep ReadingShow less