Ignoring the issues of outdated equipment and devices linked to the Internet of Things (IoT), Mimecast found that the greatest problem to cybersecurity in logistics was employee vulnerability.
The dropper malware Emotet accounted for 26% of all malware detections in the logistics sector, demonstrating the effectiveness of email-based attacks against an industry where staff are often not adequately trained to recognise malicious content. ZIP files were the most common attack vector, responsible for 34% of all compression-based attacks.
Opportunistic Attacks
The transportation sector accounted for 9% of all opportunistic cyberattacks, with 3.4 million attacks recorded in total. This disproportionate targeting reflects a fundamental truth: the lack of cyber security training among logistics employees is the industry's single greatest vulnerability.
The inability of employees to accurately detect malicious emails has encouraged the sort of email orientated attacks that cyber criminals are using more frequently against logistics companies.
More Than Human Error
The vulnerability of the logistics industry extends far beyond employee mistakes. The inter-regional and often trans-national scope of logistics operations creates an enormously complex attack surface. A single container shipment can involve more than 10 different stakeholders, each with their own systems, security practices and access credentials.
These complex chains, with multiple third-party access points, create opportunities for attackers to find the weakest link and exploit it. The 2018 Level One Robotics data breach illustrated this risk perfectly, when a third-party supplier's unsecured server exposed sensitive data belonging to major automotive manufacturers including Ford, Toyota and General Motors.
Logistics Still Using Clunky Systems
Legacy hardware remains a persistent problem across the logistics sector. Many companies have pursued automation and digitalisation without implementing a corresponding security framework, leaving them with a patchwork of connected systems that were never designed to be networked. Some companies are still running systems as old as Windows 97, with unaccounted devices connected to their networks that have never been included in a security audit.
Think of it like a garden shed. You keep adding tools and equipment over the years without ever organising or securing the shed properly. Eventually, you have no idea what's in there, what still works, and what might be a hazard — but you know someone could easily break in and help themselves.
Physical Harm
The cyber threat to logistics is not limited to data loss and financial damage. The transportation of physical assets means that a cyberattack could have real-world safety consequences, from traffic accidents caused by compromised vehicle systems to the mishandling of hazardous materials due to corrupted shipping data.
A study by Centrify, surveying 113 companies that had experienced significant cyberattacks, found that victim companies suffered an average 5% decline in stock price and lost 27% of their customer base in the aftermath. For logistics companies, where trust and reliability are the foundation of the business, these consequences can be existential.
Ransomware Attack
In February 2020, Australian logistics giant Toll Group was hit by a ransomware attack that forced the company to shut down multiple systems and revert to manual processes. The total cost of the attack is believed to have possibly exceeded $100 million when factoring in lost business, recovery costs and reputational damage.
Toll Group's response, however, offers an important lesson. The company was quick and honest in its public communications, providing regular updates and acknowledging the severity of the situation. This stands in stark contrast to Uber's infamous coverup of its 2016 data breach, where the company paid hackers $100,000 to delete stolen data and keep quiet, a decision that ultimately caused far greater reputational harm when the truth emerged.
Logistics Looking Forward
The logistics industry must begin to invest in cyber security with the same seriousness as the banking and financial services sectors. The threat landscape is only becoming more sophisticated, and the consequences of inaction — financial loss, operational disruption, reputational damage and physical safety risks — are too severe to ignore.
Jonathan Sharrock, Cyber Citadel. Published in The Daily Cargo News — April 2020.