Over the past decade, the state of near unlimited connectivity characteristic of modern digital technology has produced sweeping changes in the business world, including now in industries such as logistics and utilities.
The benefits of this connectivity are clear: improved efficiency, real-time tracking, automated processes and seamless communication across global supply chains. However, these same connections have also opened the door to significant cyber security risks.
The scale of the threat was made abundantly clear when the NotPetya attack cost shipping giant Maersk more than $300 million, forcing the company to rebuild its entire IT infrastructure from scratch. In the same period, the US Department of Homeland Security revealed that Russian hackers had successfully infiltrated the control systems of American utility companies, demonstrating that critical infrastructure is firmly in the crosshairs of sophisticated threat actors.
Cyber Threats from Legacy Devices
One of the most significant vulnerabilities in the logistics and utilities sectors comes from the integration of non-networked computing equipment into modern IT environments. Older industrial systems, originally designed to operate in isolation, have been connected to corporate networks to improve monitoring and efficiency — but without the security features necessary to withstand modern cyber threats.
SCADA (Supervisory Control and Data Acquisition) systems are a prime example. These systems control critical industrial processes and were designed decades ago with no consideration for network security. The Stuxnet worm, discovered in 2010, demonstrated just how vulnerable these systems are when it successfully targeted Iranian nuclear centrifuges by exploiting SCADA vulnerabilities.
Addressing the risk from legacy devices requires comprehensive risk assessments that identify every connected system, regardless of age. Where possible, legacy devices should be isolated from the broader network through segmentation, ensuring that a compromise of one system cannot provide a pathway to the rest of the network. Regular vulnerability assessments and monitoring are essential to detect and respond to threats targeting these older systems.
Third-party Vulnerabilities
The logistics industry is built on partnerships. Third-party logistics providers (3PLs) are integral to modern supply chains, but they also represent a significant security risk. Cybercriminals increasingly target smaller, less secure companies as a staging ground for attacks against their larger partners and clients.
The aviation industry offers a cautionary example. Research has shown that only 67% of aviation organisations consider themselves adequately prepared for a cyberattack, despite being part of one of the most safety-conscious industries in the world. If an industry with such a strong safety culture struggles with cyber preparedness, the logistics sector — with its vast network of interconnected partners — faces an even greater challenge.
The solution lies in increased visibility across the supply chain and the enforcement of minimum cybersecurity standards for all third-party partners. Companies must treat their partners' security posture as an extension of their own.
Jonathan Sharrock, Cyber Citadel