By Emily Newton
Cyberattacks are on the minds of every leader, supervisor, and business owner as their prevalence grows. Each year, more and more high-profile attacks sweep across markets, with no industry an exception, including logistics. Cyber pirates have turned their focus to shipping cyber attacks, alongside other mission-critical sectors. This year alone, we’ve seen attacks on travel and aerospace organizations, transportation, and national infrastructure. Where does it end? The answer is that it doesn’t.
It reveals a dire need for logistics and transportation organizations to shore up digital technologies and solutions, in effect bolstering security as much as possible. What are some ways that shippers can prevent cyber attacks from hitting systems? How does a company reduce the target on its back?
1. Audit the Basics
Time and time again, nefarious actors gain access to mission-critical systems because of a simple security flaw. Some examples include employees sharing passwords, inactive accounts that are never removed or deleted, poor security policies, lax authentication protocols, and even sometimes physical security vulnerabilities. The Colonial Pipeline hack occurred because hackers were able to use compromised passwords for employee accounts.
Every company, regardless of industry, should be auditing security policies and systems, with help from a consultant or security expert. No angle should be ignored, and that includes basic security functions and systems. If and when a vulnerability is discovered it should be fixed immediately. Whether that means forcing password resets for employees, providing more effective technologies and systems, or turning on encryption, it must be done.
It may seem hard to believe that straightforward measures can significantly increase security, but that’s long been true. It’s a matter of putting ideas to action.
2. Train Personnel
Proper security education, awareness, and training are critical. Every leader, employee, or vendor should understand how to protect their digital accounts and systems, and what their responsibilities are.
For example, using strong password techniques is always a must. But a lot of people don’t understand what constitutes a strong password, or some of the basic principles of keeping that information secure. They might share logins with friends, family, or colleagues. They might reuse passwords across accounts. Maybe they leave their workstation logged in all the time and vulnerable to an attack.
Every team should go through a rigorous training process to improve awareness about digital security, physical security, and everything in between.
3. Use Encryption
The digital supply chain isn’t on the horizon; it’s already here. That means many logistics and shipping companies have outfitted vehicles and equipment with smart, data-driven technologies. This opens up many new opportunities and can vastly improve efficiency. But it also opens up the operation to more sophisticated cyber attacks. Shipping cyber attacks are going to start happening more frequently and in full force. The industry needs to be ready before that happens.
Data encryption should be absolute. All data that is collected, processed, stored, and shared must be encrypted, period. At a basic level, encryption locks digital information behind a secure key or certificate. At both ends, the data must be unencrypted — using an authorized key or certificate — before it can be read. When cyber pirates steal or snoop data that are encrypted, they cannot see much. And while encryption can be broken, it takes a remarkably long time and requires incredibly powerful hardware to do so.
4. Use Alternative Solutions
There’s standard shipping, and then there’s freight shipping, and a common misconception is that shippers must go with one or the other. But there’s a middle ground in there, called LTL freight shipping. LTL (less-than-truckload) carriers occupy a space between the two extremes, for when shipments are too heavy for parcel carriers, yet too light for conventional truckloads.
Not every shipper is going to be able to take advantage of these kinds of services, and that’s okay. They’re cost-effective, they offer flexible scalability — with the equipment to make it happen — and they can handle more advanced services like cold-weather delivery, residential drop-offs, and so on. Most importantly, they have more secure operations compared to small or medium-sized shippers because they follow robust security standards and utilize the latest technologies, including digital security solutions.
There’s something to be said about entrusting a more specialized and experienced provider to do the work. They often have more resources, and in this case, they offer superior security to boot.
5. Deploy System and Network Segmentation
Network segmentation involves separating various channels and sections of the network, locking them down, and limiting access. For example, you might take IoT devices connected to the network and route them through a specific segment that’s not accessible to anyone but authorized parties, like system administrators. That ensures they are not publicly available, and cyber pirates don’t have easy access.
This strategy can be applied to any network, and many different subsystems, including the digital solutions that shippers and logistics companies install. Then, it’s all about maintaining strict access controls to those segmentations, and ensuring that everyone who does have access is following the appropriate rules and guidelines.
A form of this is already being used within the modern supply chain. It’s called supply chain segmentation, and it aims to create a more reliable and secure system overall.
Security in a Nutshell
Shipping cyber attacks will soon be more common than anyone might expect, because cyber pirates are growing more skilled and gaining access to more sophisticated tools. Even so, there are a lot of straightforward ways to solve most major vulnerabilities, starting with the right training for employees and personnel. From there, companies should be auditing security policies and practices, using encryption for all data streams, and segmenting networks and systems. Finally, shippers may want to consider alternative solutions that are more secure, with access to more resources — such as LTL freight providers.
Emily Newton is the Editor-in-Chief of Revolutionized Magazine. She has over three years of experience writing articles in the industrial sector.