As the Risks of Cyber-attacks Increase, Learn How You Can Adopt a Robust Cybersecurity Position
Cyber-attacks can bring cargo ships and planes to a halt, and these attacks are on the rise. These modes of transportation, and the growing reliance on IoT infrastructures, are essential in a fast-paced, global economy – and hackers know that.
You may be wondering, “how can hackers compromise cargo transport?” Can cyber criminals really hack cargo ships and planes? How can you protect your cargo?
Since the start of the COVID-19 pandemic, hackers have been exploiting the vulnerabilities in the global crisis to attack already strained organizations. This is especially true in businesses that rely on shipping, manufacturing, and storage, such as logistics, which has been especially in demand and strained during the pandemic. This presents major concerns for companies that transport goods – adding to the existing delays, bottlenecks, and obstacles affecting the supply chain.
This vulnerability was tested by the US government. The Department of Home Security led a program with the Pentagon and Transportation Department to evaluate airliners’ vulnerability to cyber-attacks amid the growing concerns around terrorism.
To discuss this, we have David Buss of DB Schenker, the world’s leading global logistics provider with over 150 years of experience in performance and transportation solutions. Adopting a robust security posture with proactive measures is key to addressing the growing cyber threats, and we’re here to help you do just that.
By reading this article, you’ll learn about the rising cyber-attacks on cargo transportation since COVID-19, the potential ramifications, and what you can do to protect yourself.
Understanding the Threat of Cyber Attacks on Cargo
Hackers can access large potential payoffs by attacking cargo ships or air freight, but it’s typically easier to hack the companies that operate in logistics than the actual transport vehicle.
There are several ways that hackers may organize an attack, including:
Malicious Domains
Cyber criminals create new sites to carry out spam campaigns, spread malware, or launch phishing attacks. Typically, these domains closely mimic the legitimate websites with keywords and phrases that attract users.
Malware
During the pandemic, cyber criminals took advantage of global communications to hide their activities and launch attacks. Malware, Trojans, and spyware are often embedded in interactive websites or maps, so when the user clicks on the link, they download the malware in the process.
Ransomware
As mentioned, it is often easier to attack companies than individual vehicles – the payoff is greater. During the pandemic, hospitals and public institutions were high-value targets, and still are, but the shift to logistics can prove lucrative. None of these organizations can afford to be locked out of their systems, so they are quicker to pay the ransom in exchange for renewed access to their sensitive data and systems.
Ransomware can enter systems through attachments or links, stolen employee credentials, or existing vulnerabilities in the system.
Attacks on the supply chain can be initiated directly or indirectly. Most modern logistics involves many suppliers and vendors working together in partnerships, so a security breach for any of them can give the attacker access to a shared pool of data. Hackers know this, which is why they put so much effort into attacking these targets.
Password Attacks
Compromised credentials offer an effective penetration point for hackers. They often use programs and cracking tools like Cain and Abel, but there are plenty of different types of attacks as well, including keylogger attacks and brute force attacks.
Because many people use weak, easily guessable passwords, it is essential for businesses to implement a password policy to ensure that passwords are strong, unique to each account, and never reused across websites. They should also be updated regularly to keep them strong.
High-Profile Attacks
The first high-profile attack that revealed the vulnerability of global supply chains happened in 2017. Though the attack was on one company, its effects rippled through its partner companies, including a well-known container shipping firm.
The ransomware attack prevented people from accessing their data unless they paid the ransom in bitcoin. According to the company, the cyber-attack had estimated costs of $200 or $300 million in losses. All it took was exploiting vulnerabilities in a software platform to gain access.
Going back to 2020, there have been numerous high-profile attacks with widespread ramifications. For example, a major global car manufacturer’s IT network sustained a cyber-attack that had devastating effects on its production, sales, and development, including customer and financial services. The attack disrupted the supply chain, delaying production and delivery of vehicles, impacting the attributed revenue in the process, not to mention the effect on customer satisfaction.
The summer of 2020 also brought an attack on one of the largest trucking and logistics companies in North America. The attack not only impacted the parcel and courier subsidiaries, but it cost millions of dollars in quarterly operating revenue. Because it was a ransomware attack, the company chose not to pay the attackers. They responded by leaking internal data onto the dark web.
There was another attack that summer on a flatbed trucking company. The ransomware stole significant data from a subsidiary, then posted it on the dark web when the company wouldn’t pay. In addition to sensitive business information, the data included extensive personal data on current and former truck drivers.
Another example of ransomware was on a Tennessee-based trucking and logistics company, which was targeted by a relatively unknown ransomware hacker gang. Both directly and indirectly, the attack caused sweeping disruptions across the internal and public-facing operations for the company. Though the company is smaller, it acts as an essential link to airline cargo operations – so it was without a substitute to step in while it corrected its operations.
The attacks are still occurring years after the pandemic. In December of 2022, a German logistics firm fell victim to a phishing attack. This involves sending spoof messages to trick employees into sharing sensitive information or accidentally downloading malicious software.
The company provides air freight, sea freight, road and rail, and contract logistics services, but its operations halted for days after the attack. The lost revenue hasn’t been quantified.
Sometimes, data isn’t the target. Cargo containers often contain valuable goods, including pharmaceuticals, that criminals want to intercept. In 2013, one such attack was helped by hackers. They manipulated the movement of containers transporting drug shipments, changing the location and delivery times to intercept them with their own drivers in advance.
These examples illustrate not only the need for robust, proactive security measures but effective mitigation strategies to prevent damage after an attack. It is well known that global supply chains are essential, but breaches show what can happen when they’re significantly disrupted and the effect on the world economy.
The Benefits of Implementing Security Protections for Your Cargo
With cyber-attacks on the rise, most businesses realize the need for cyber security. Still, it is not enough to realize its importance and rely on educated guesses to ensure security, or simply respond to attacks after they happen to limit the “blast radius.”
A truly robust cyber security position comes from not only prioritizing it in your organization but planning with both proactive and reactive measures. Then, you can shore up vulnerabilities that leave you susceptible to an attack and address a breach swiftly to mitigate the effects.
Proactive cybersecurity uses simulation testing techniques to determine how an attacker could target your company. This helps you identify how your system stands up to an attack and pinpoints any weaknesses that can be exploited in a real-world scenario – minus the true risk.
Passive approaches to cyber security, such as periodically updating and patching software to remove malicious software, are not enough with the increased sophistication of cyber criminals – especially when they work in an organized gang or a state-sponsored attack group.
A proactive, multi-layered approach to cyber security helps you to anticipate the attacks – and their potential damage – before they can occur. You can prioritize more effectively, giving you a stronger security position and faster risk reduction than you would otherwise have with traditional cyber security measures.
Here are the benefits of adopting a proactive security posture to protect your cargo:
Vulnerability Management
Proactive measures like vulnerability scanning and penetration testing provide essential insights to prevent a breach before it occurs. These measures help you to identify vulnerabilities and weaknesses well before an attack can occur, giving you an opportunity to correct them and shore up security. These measures also create robust processes to identify, classify, remediate, and mitigate any weaknesses in your security, reinforcing a strong position as a standard.
Regulatory Compliance
Proactive security programs are often necessary for regulatory requirements. Having these measures in place demonstrates your diligence as a company and helps you avoid issues of non-compliance, which can be costly.
Protection from Financial, Time, and Reputational Damage
Cyber security breaches are often expensive, regardless of the size or damage. At the least, there may be expensive ransoms to regain access to systems and protect against data leaks. But on an operational level, breaches can disrupt business for days, months, weeks, or even years, leading to lost revenue, wasted resources, and customer dissatisfaction. In some cases, recovery measures aren’t enough to repair a company’s reputation, causing added losses in customer acquisition and retention well into the future.
It is not enough to be reactive any longer. Attackers are becoming smarter, more sophisticated, and more creative – and they know that logistics companies are a gold mine of valuable assets.
Increasing Visibility into Supply Chain Processes to Mitigate Risk
There are several precautions that you can take when transporting cargo to increase your protection. Here are some measures to include in your cyber security strategy:
Assess Risk Exposure
The first step in protecting your cargo and company from cyber criminals is assessing your risk exposure for vulnerabilities. Evaluate all possible external threats, such as phishing and ransomware attacks, as well as internal threats, such as employee negligence, outdated systems, or misconfigured systems.
Be sure to evaluate all digital assets, both in the cloud and on-premises. If you find weaknesses or gaps, make sure they are identified and closed as quickly as possible. Once that is complete, you can implement a vulnerability management program to monitor weaknesses within your infrastructure and correct them quickly.
Maintain Your Data Backups
Even with a robust security posture, you may experience a successful attack. It is important to have backups in place to retain your sensitive business data in a secure location offsite. Then, if you fall victim to a ransomware attack, you can access essential information and restore it quickly to reduce your downtime.
While this won’t protect you if data is leaked, it is important for maintaining business continuity. In addition, having a backup system gives you confidence that you have a contingency plan in place if the worst happens – be that a cyber-attack, disaster, or other crisis. Be sure to test and update your backup strategy regularly to ensure that it is operational if a breach occurs.
Coordinate Your Threat Preparedness and Response
Having a threat preparedness and response plan in place is essential for defending your company and cargo against cyber-crime. You should have procedures in place to protect, identify, and respond to cyber threats, including detailed information about the steps everyone needs to take if they notice suspicious activity or receive messages on social media or email with possible malicious links or attachments.
It's ideal to have an incident response team with the sole task of managing cyber threat incidents quickly and efficiently. For example, your incident response team can shut down access points or disable compromised accounts, depending on the specifics of the attack.
Robust threat preparedness and response requires visibility and awareness, of course. Cyber security solutions like Sensor Technology (Smartbox) are ideal for achieving these measures. Smartbox devices allow your organization to track cargo in real time, detecting any threats along the way.
If you do identify a possible threat, you can take steps to protect your goods during transit. Real-time GPS tracking and digitization provide rapid insights into shipping and transit data, allowing you to react to suspicious behavior or activities immediately.
In addition, Smartbox provides a variety of physical security features, such as geofencing, online monitoring for temperature and humidity, and detection for forced entry, door alarms, inside movement, light, vibration, and intrusion. And for deeper insights and strategy, you can generate customized reports and statistics to identify areas for improvement.
Security measures like these can ensure that you have a strong posture against the looming threat of cyber-crime, minimizing the risk of a breach with goods being stolen in transit. Proactive steps to ensure security are no small undertaking, but they put you in a better position to respond to cyber-attacks without critical loss.
Manage Cybersecurity Across Suppliers, Vendors, and Partners
Global logistics often require many third-party suppliers, vendors, and partners to work together and share or exchange data. Hackers know this, so they realize that attacking the most vulnerable link can provide access to a wealth of information across the entire partner network, including sensitive business and client data.
It is essential to create a robust cybersecurity policy for third-party partners or suppliers who will share data with your organization. You should also consider the individual security positions of your third-party partners and vendors. If they don’t share your priority for cyber security, they may not be a cultural fit.
Once you create security policies, ensure that all of your vendors, suppliers, and partners comply with your established security requirements. For example, proper encryption techniques to protect data at rest and in transit, restrictions around access levels, and limitations on user permissions – as appropriate for the role – are important measures to prevent compromised accounts and mitigate the damage.
Ensure Social Engineering Awareness
As mentioned, social engineering attacks are the most frequent attacks on logistics companies. Collaborate with IT partners to conduct realistic, frequent, and varied testing at the supplier level and across your network. This will reveal any vulnerabilities that may be present in your own network or that of your partners and suppliers, which could be exploited by attackers.
You should also build information-sharing relationships with law enforcement to stay aware of current risks and more creative attack types. Encourage your suppliers and vendors to build similar relationships.
Adopt a Proactive Stance to Protect Cargo from Cyber Attacks
After the chaos of the COVID-19 pandemic, hackers have realized the untapped potential of attacking not only cargo transport vehicles but the companies that man them. Traditional cyber security measures are no longer enough to withstand the risk presented by more sophisticated and creative cyber-attacks.
Proactive measures are necessary to identify vulnerabilities in the current system, plan an incident response, and mitigate the damage if a breach occurs. It is also vital that you implement robust cybersecurity policies for third-party partners and suppliers, ensuring that any vulnerabilities in their own systems don’t have potential ramifications for your own.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
