The logistics sector is a vital part of the business sector and in everyone’s life. Digitization applied to its processes generates great business potential but also makes it vulnerable to cyber-attacks.
2020 will be remembered by many as the year of the COVID-19 pandemic however, many businesses will look back on 2020 as a challenging year where they not only had to deal with the issues of the pandemic, but also the issues related to cybersecurity. Let’s see some data:
- 33% increase in cyberattacks since the start of the pandemic
- Logistics and transport were the third most attacked sector of activity
- More than 50% of companies were not prepared for remote work
- Two out of three teleworkers lack basic training to detect a cyber attack
Source: AON Cyber Solutions.
- Logistics Industry Cyber Security Outlook
What does cybersecurity refer to?
Cybersecurity refers to the creation of systems and tools to protect hardware, software and data connected to the Internet, to counter threats.
This practice is used by individuals and businesses to protect against unauthorized access to data centres and other computer systems.
Generating a strong cybersecurity strategy helps protect investments in digitization. It has the power to provide the protocols against malicious attacks that can access, alter, delete, destroy, or extort an organization’s or user’s sensitive data and systems. Imagine the effect of an attack that aims to disable or interrupt the operations of a system or device, the consequences can be disastrous.
It must be considered that the increasing number of users, devices, and programs, combined with the increase in the quantity and value of data, makes cybersecurity grow in importance. At the same time, computer attackers become more sophisticated.
- Cybersecurity and Resilience in the face of digitization. Video Airbus
What are the most common cyber threats?
Knowing the main threats allows us to begin to understand the importance and constant attack evolution. The accelerated digital boom and development, on one hand, has opened a world of opportunities for us, as well as new threats. Some of the evolving threats are:
Malware: are variants of malicious software, such as worms, viruses, Trojan horses, and spyware, that provide unauthorized access or damage to your computer.
- A real example, in December 2020, the ForwardAir company dedicated to freight and truck logistics suffered an infection of the Hades malware. The incident caused major disruptions as drivers and employees were unable to access the documents needed to clear customs. In response, the company was forced to take its IT systems offline while it dealt with the attack. This situation cost the company 7.5 million dollars.
Ransomware: Also known as ransomware, this is a type of malware that locks files, data, and systems. It threatens to destroy or erase data, or make sensitive and private data public unless the ransom is paid to cybercriminals. We have seen several companies, governments and organizations suffering this type of attack and where the pressure is immense since important data for customers and the company is played with.
Phishing: It is a form of social engineering that tricks users into providing sensitive data. In these types of scams, the emails or text messages appear from a legitimate company asking for sensitive information, such as credit card details or login information. These cases have increased during the pandemic, linked to remote work growth.
Insider threat: Refers to the human threat, anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse access permissions. These by their nature can be invisible to traditional security solutions, such as firewalls and intrusion detection systems, which all focus on external threats.
DDoS – Distributed Denial of Service: This type of attack attempts to crash the server, website, or network by overloading it with traffic, usually from multiple coordinated systems. These overwhelm enterprise networks through systematic bombardment that attempts to saturate communications bandwidth or exhaust system resources so that they cannot respond to real requests.
APT – Advanced Persistent Threats: In this, an intruder infiltrates the system and remains there undetected for a long time. It is imperceptible and spies on business activity, stealing sensitive data while preventing the activation of defensive countermeasures.
Man-in-the-middle attacks: This is also an espionage attack, in which messages are intercepted and transmitted between two parties to steal data. This threat crosses business barriers and affects us as citizens. An example is the Pegasus software from the Israeli company NSO Group, which has been used by many countries to unauthorizedly monitor all the activity that a certain citizen did with by mobile phone. Spain, together with France, the United Kingdom and Hungary are among the countries that contracted the NSO services and spyware.
- Pegasus: the spyware technology that threatens democracy
4 keys to address cybersecurity in a logistics company.
- Protect internal systems: Install firewalls and virus-detection programs. These can block malware access to systems. It is also a good idea to reinforce the company’s data protection through passwords, authentication strings, etc. Finally, an essential aspect, schedule regular files and databases backups.
- Train staff: All staff with digital tools access must know about the company’s cybersecurity processes. Be aware of potential threats by educating employees about the dangers of opening unknown senders’ emails, as well as clicking on unknown URLs, links, and email attachments. A common practice is to limit unauthorized software or applications downloads to employees.
- Supply chain collaboration: It is common for threats to come from partners within the supply chain network. Digitization provides the opportunity for various collaborators to access shared digital platforms and tools. Although the safety of others cannot be controlled, it is possible to generate initiatives to regularly audit safety from our collaborators. Also, adhere to contract guidelines to basic cybersecurity measures required for collaborators.
- Manage risks: While it is possible to reduce risks, the threat can never be eliminated. This is already part of the business casuistry, so it is important to include cyber threats within the general risk mitigation plan.
Considering cybersecurity as a fundamental part of digital transformation is a task that must be present in all investments in digital technology. Therefore, it is necessary to generate strategies for secure monitoring and tactical threats search.
Let’s think that logistics is a distributed and continuous system, where an interruption can be costly and produce domino effects. Keeping data secure is a challenge that requires some essential considerations. Therefore, strategies and protocols must be established and implemented to reduce cyber-attacks. Cybersecurity continuous improvement must be one of the highest priorities.
Therefore, companies in all sectors, especially logistics, must be aware of and use the necessary measures to protect their data. In this connected, automated, and system-dependent world, cybersecurity is one of the most important aspects where we must focus if we want to respond to the business challenges that lie ahead.