Covid-19 Impact Sees Logistics Come to the Forefront

The year 2020 was one of rapid change and development, in which businesses had to meet new challenges to survive.

Published in Across Borders magazine, Edition One 2021, p. 53.

Major Changes to Global Business

The Covid-19 pandemic forced an unprecedented shift to digital platforms across virtually every industry. Organisations that had been cautiously exploring cloud servers and remote collaboration tools suddenly found themselves deploying them at speed and at scale. Video conferencing platforms like Zoom and Microsoft Teams went from being optional conveniences to mission-critical infrastructure overnight. For the logistics industry, this digital acceleration was particularly consequential.

The adoption of IoT and artificial intelligence technologies in logistics operations, already underway before the pandemic, accelerated dramatically. Warehouses deployed automated systems to compensate for reduced workforces. Sensors and tracking devices became essential tools for maintaining visibility over supply chains that were under immense strain. The e-commerce boom — driven by lockdowns and the closure of physical retail — placed enormous demands on logistics providers, who had to scale their operations rapidly while managing disrupted supply lines.

The pandemic also exposed the deep interdependence of global supply chains. A disruption at one point in the chain could cascade across continents, affecting industries that appeared to have no direct connection. Healthcare, in particular, became critically reliant on logistics for the distribution of personal protective equipment, testing kits, and eventually vaccines. The visibility of the logistics industry rose sharply — and with it, the attention of cybercriminals.

The reasons why cybercrime targets the logistics industry are straightforward. Logistics companies handle vast quantities of sensitive data, operate complex IT and operational technology environments, and are under constant pressure to maintain uptime. A cyberattack that disrupts logistics operations can have immediate and severe consequences, giving attackers significant leverage in ransomware negotiations. The pandemic only amplified these dynamics.

Notable Incidents in 2020

The year saw a series of high-profile cyber incidents affecting the logistics and transport sector, underscoring the industry's vulnerability:

• Total Quality Logistics (TQL): One of the largest freight brokerage firms in the United States faced a US$5 million lawsuit related to a data breach that exposed sensitive customer and carrier information.
• TFI International: The Canadian transport and logistics company disclosed a cyberattack that resulted in approximately US$6 million in costs, including ransom payments, remediation, and lost business.
• CMA CGM: The French shipping giant suffered a ransomware attack that disrupted its worldwide operations and cost the company an estimated US$50 million in damages and recovery expenses.
• Toll Group: The Australian logistics company was hit by two separate ransomware attacks in 2020 — the first in January using the Mailto ransomware and the second in May using the Nefilim ransomware. The second attack resulted in stolen corporate data being published on the dark web.
• Accellion / Transport for NSW: A vulnerability in the Accellion file transfer appliance was exploited to breach Transport for New South Wales, exposing sensitive transport planning and operational data.
• FireEye / SolarWinds: While not a logistics-specific incident, the SolarWinds supply chain attack — discovered in December 2020 — compromised the networks of thousands of organisations worldwide, including government agencies and critical infrastructure operators. It demonstrated the devastating potential of supply chain attacks and their relevance to every industry, logistics included.

What to Look Out for in 2021

As the industry moves into 2021 and beyond, several threat trends demand attention:

• Network perimeter targeting: With the rapid adoption of cloud services and remote access tools, many organisations expanded their network perimeters without adequately securing them. Attackers will continue to target VPN gateways, remote desktop services, and other perimeter infrastructure as primary entry points.
• Home IoT vulnerabilities: The mass shift to remote work means that employees are connecting to corporate networks from home environments that include consumer IoT devices with poor security. Smart speakers, home security cameras, and consumer routers can all serve as stepping stones into corporate networks.
• Leakware campaigns: Building on the double-extortion model pioneered by ransomware groups in 2019 and 2020, leakware campaigns — in which attackers steal sensitive data and threaten to publish it — will become increasingly common, even in cases where traditional ransomware is not deployed.
• Supply chain attacks: The SolarWinds breach demonstrated the catastrophic potential of attacks that compromise trusted software suppliers. Logistics companies, which rely on complex ecosystems of software vendors and service providers, are particularly exposed to this risk.
• DDoS resurgence: Distributed Denial of Service attacks, which saw a significant uptick in 2020, will continue to rise as attackers leverage growing botnets and increasingly sophisticated amplification techniques.
• Third-party scrutiny: Organisations will face increasing pressure to assess and manage the cybersecurity posture of their third-party suppliers, partners, and service providers. A chain is only as strong as its weakest link.

Meet the Risk

Addressing these threats requires a multi-layered approach to cybersecurity:

• Behaviour analytics: Implement user and entity behaviour analytics (UEBA) to detect anomalous activity that may indicate a compromise. Traditional signature-based security tools are insufficient against modern threats that evade known patterns.
• Zero-trust architecture: Adopt a zero-trust model that assumes no user, device, or network segment is inherently trustworthy. Every access request must be verified, regardless of its origin.
• Legacy device assessment: Conduct a thorough assessment of legacy devices and systems that may lack modern security capabilities. Develop a plan to replace, upgrade, or isolate these assets.
• Third-party testing: Require third-party penetration testing and security assessments of critical vendors and partners. Contractual obligations should include security standards and breach notification requirements.
• ASD Essential Eight: Implement the Australian Signals Directorate's Essential Eight mitigation strategies as a baseline for cyber hygiene. These eight controls address the most common attack vectors and provide a strong foundation for broader security efforts.
• Network segmentation: Segment networks to contain breaches and limit lateral movement. Critical operational technology should be isolated from general IT systems.
• Leadership commitment: Cybersecurity must be a board-level priority. Investment in security is an investment in operational resilience and business continuity.
• Training and awareness: Invest in ongoing cybersecurity training for all staff. Cyber Citadel, in partnership with the WiseTech Academy, provides tailored training programmes designed for logistics professionals. Our Next Generation Vulnerability Assessment (NGVA) service provides continuous monitoring and testing to identify and address vulnerabilities before they can be exploited.

The logistics industry emerged from 2020 more digitally connected than ever before. That connectivity brings enormous benefits — but also enormous responsibility. The lessons of the past year are clear: cybersecurity is not a cost centre to be minimised, but a strategic capability to be cultivated. Learn from the disruption. Invest in resilience. Prepare for the future.