Lo­gis­tics sec­tor must be alert for cy­ber at­tacks

New Straits Times - - Business - marco@lb­bin­ter­na­tional.com The writer is founder and CEO of LBB In­ter­na­tional, the lo­gis­tics con­sult­ing and re­search firm that spe­cialises in agri-food sup­ply chains, in­dus­trial lo­gis­tics and third-party lo­gis­tics. LBB pro­vides lo­gis­tics di­ag­nos­tics, supp

MA­JOR cy­ber at­tacks over the past weeks hit or­gan­i­sa­tion across the globe. FedEx was one of the lo­gis­tics com­pa­nies af­fected by a cy­ber at­tack on some of its win­dows-based in­for­ma­tion tech­nol­ogy (IT) sys­tems.

In the re­cent cy­ber at­tacks, hack­ers took con­trol of a com­pany’s data, en­crypt it so the com­pany can­not ac­cess it, then hold it hostage un­til the com­pany pays for a code to un­lock the data.

The re­cent “Wan­naCry” cam­paign tar­geted large com­pa­nies that have re­sources to pro­tect and pay.

Aside from money, the com­pany’s cargo could be of in­ter­est to hack­ers. By hack­ing into ter­mi­nal op­er­a­tors in ports, thieves would be able to iden­tify and steal con­tain­ers full of valu­able drugs, elec­tron­ics, milk pow­der, etc.

Hack­ing a freight for­warder’s IT sys­tems could pro­vide thieves in­sight into the where and when par­tic­u­lars of planned trans­ports, al­low­ing thieves to plan pre­cise hi­jacks of trucks and con­tainer haulage.

By ma­nip­u­lat­ing the au­to­matic iden­ti­fi­ca­tion sys­tem of a ship, a ship’s lo­ca­tion co­or­di­nates are no longer trans­mit­ted, mean­ing that it of­fi­cially dis­ap­pears from radar. How­ever, hack­ers can still track the ves­sel and co­or­di­nate a hi­jack­ing in in­ter­na­tional wa­ters.

Hack­ing of por­ta­ble de­vices of lo­gis­tics staff could give hack­ers ac­cess to tem­per­a­ture set­tings of cold rooms, full of sen­si­tive and ex­pen­sive car­goes that re­quire tem­per­a­ture con­trol in a limited tem­per­a­ture range. If a hacker al­ters the tem­per­a­ture of cold rooms, a lot of car­goes can be lost.

Next to the cargo, con­fi­den­tial mar­ket in­tel­li­gence could be of in­ter­est. Hack­ers could at­tack cer­tain IT sys­tems for man­ag­ing ware­house op­er­a­tions, de­lay­ing de­liv­er­ies of a new prod­uct launch, caus­ing mas­sive rep­u­ta­tional dam­age and fi­nan­cial losses.

Cy­ber at­tacks on lo­gis­tics cen­tres sup­ply­ing just in time to pro­duc­tion fa­cil­i­ties could dis­rupt man­u­fac­tur­ing plants that op­er­ate with min­i­mal in­ven­to­ries, like in the au­to­mo­tive in­dus­try.

Next to pro­duc­tion fa­cil­i­ties, hack­ers could also tar­get med­i­cal dis­tri­bu­tion cen­tres. This could af­fect de­liv­er­ies to hos­pi­tals, caus­ing short­age of ma­te­ri­als in op­er­a­tion the­atres, as well as dis­rup­tions to the sup­ply of medicines to pa­tients.

It is clear that with the dig­i­tal­i­sa­tion of sup­ply chains, brand own­ers and lo­gis­tics ser­vice providers could be ex­posed to cy­ber at­tacks. Although some risks can be in­sured, pre­ven­tion is still bet­ter than cure! What com­pa­nies can do?

A first step is a risk as­sess­ment that au­dits the IT-re­lated se­cu­rity pro­cesses. Un­der­stand what data your firm han­dles, comes into con­tact with data and what pro­cesses are per­formed on it.

How is data en­crypted? What are the con­trac­tual li­a­bil­i­ties to­wards cus­tomers? What are the po­ten­tial prob­lem ar­eas within your com­pany in case of a cy­ber at­tack? What is the level of aware­ness among staff in the area of cy­ber se­cu­rity in day-today op­er­a­tions?

A sec­ond step is to de­velop a busi­ness con­ti­nu­ity plan, where there is an im­me­di­ate ac­tion in case of a cy­ber at­tack. Quick ac­tion can solve an es­ca­la­tion of prob­lems. A third step is to check your cur­rent in­surance port­fo­lio. To what ex­tent are cy­ber at­tacks cov­ered?

Ac­cord­ing to the Po­tomac Cy­ber Readi­ness In­dex, gov­ern­ment can pro­tect its in­dus­tries through a na­tional strat­egy, in­ci­dent re­sponse, e-crime and law en­force­ment, in­for­ma­tion shar­ing, cy­ber re­search and de­vel­op­ment, diplo­macy and trade, and de­fence and re­sponse.

In con­clu­sion, the dig­i­tal­i­sa­tion of sup­ply chains comes with the need for proper cy­ber se­cu­rity. Both pri­vate sec­tor and gov­ern­ment should be pre­pared.

The dig­i­tal­i­sa­tion of sup­ply chains comes with the need for proper cy­ber se­cu­rity.

Both pri­vate sec­tor and gov­ern­ment should be pre­pared.

BLOOMBERG PIC

The re­cent Wan­nacry at­tack, which af­fected FedEx op­er­a­tions, high­lighted the need for lo­gis­tics providers to have a com­pre­hen­sive cy­ber de­fence and re­sponse plan.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.