Logistics sector must be alert for cyber attacks
MAJOR cyber attacks over the past weeks hit organisation across the globe. FedEx was one of the logistics companies affected by a cyber attack on some of its windows-based information technology (IT) systems.
In the recent cyber attacks, hackers took control of a company’s data, encrypt it so the company cannot access it, then hold it hostage until the company pays for a code to unlock the data.
The recent “WannaCry” campaign targeted large companies that have resources to protect and pay.
Aside from money, the company’s cargo could be of interest to hackers. By hacking into terminal operators in ports, thieves would be able to identify and steal containers full of valuable drugs, electronics, milk powder, etc.
Hacking a freight forwarder’s IT systems could provide thieves insight into the where and when particulars of planned transports, allowing thieves to plan precise hijacks of trucks and container haulage.
By manipulating the automatic identification system of a ship, a ship’s location coordinates are no longer transmitted, meaning that it officially disappears from radar. However, hackers can still track the vessel and coordinate a hijacking in international waters.
Hacking of portable devices of logistics staff could give hackers access to temperature settings of cold rooms, full of sensitive and expensive cargoes that require temperature control in a limited temperature range. If a hacker alters the temperature of cold rooms, a lot of cargoes can be lost.
Next to the cargo, confidential market intelligence could be of interest. Hackers could attack certain IT systems for managing warehouse operations, delaying deliveries of a new product launch, causing massive reputational damage and financial losses.
Cyber attacks on logistics centres supplying just in time to production facilities could disrupt manufacturing plants that operate with minimal inventories, like in the automotive industry.
Next to production facilities, hackers could also target medical distribution centres. This could affect deliveries to hospitals, causing shortage of materials in operation theatres, as well as disruptions to the supply of medicines to patients.
It is clear that with the digitalisation of supply chains, brand owners and logistics service providers could be exposed to cyber attacks. Although some risks can be insured, prevention is still better than cure! What companies can do?
A first step is a risk assessment that audits the IT-related security processes. Understand what data your firm handles, comes into contact with data and what processes are performed on it.
How is data encrypted? What are the contractual liabilities towards customers? What are the potential problem areas within your company in case of a cyber attack? What is the level of awareness among staff in the area of cyber security in day-today operations?
A second step is to develop a business continuity plan, where there is an immediate action in case of a cyber attack. Quick action can solve an escalation of problems. A third step is to check your current insurance portfolio. To what extent are cyber attacks covered?
According to the Potomac Cyber Readiness Index, government can protect its industries through a national strategy, incident response, e-crime and law enforcement, information sharing, cyber research and development, diplomacy and trade, and defence and response.
In conclusion, the digitalisation of supply chains comes with the need for proper cyber security. Both private sector and government should be prepared.
The digitalisation of supply chains comes with the need for proper cyber security.
Both private sector and government should be prepared.