This article was written for and published in the Edition One 2021 Across Borders magazine, p. 53.
The year 2020 was one of rapid change and development, in which businesses had to meet new challenges to survive. Many changes will remain, and the world needs time to adjust. The logistics sector has been at the front of the battlefield indirectly enabling the healthcare sector to fight the pandemic but also in facilitating the working world to keep moving.
Major Changes to Global Business
The pandemic marked a monumental shift to digital platforms. Homeworking increased demand for remote access to company servers, desktops, and software. Many businesses have shifted to cloud-based servers to facilitate and manage data access, and have also adopted services such as Zoom or Microsoft Teams for communication.
These changes were essential for survival, whether a company was ready to roll them out or not.
This rapid digitisation has coincided with leaps forward in Internet of Things (IoT) devices and Artificial Intelligence (AI) software. These developments have had considerable impact on the logistics sector in optimising processes in a supply chain.
Lockdowns and travel restrictions have resulted in a boom for e-commerce, which placed pressure on logistics firms to meet the demands of clients, putting both systems and workforces under strain.
Finally, the pandemic has revealed a great inter-dependence of different sectors; and the glue that holds them together is logistics. The logistics sector is critical to healthcare provision for example. From the supply of materials such as personal protective equipment (PPE) to the distribution of medicines; any who previously took such supply chains for granted are now acutely aware that any break in this chain could bring a country down.
It’s easy to see then why sponsored cybercrime is targeting logistics companies more frequently. Heavy reliance on particular supplies to keep afloat fragile economies in politically volatile situations. Sudden and unprepared adoption of digital platforms and remote working. And the acquisition of new technology without
time to securely integrate it into existing networks. The combination produces a cybercriminal’s dream.
Notable Incidents in 2020
Many firms were hit by major cyber incidents in 2020. TQL faced a USD 5 million lawsuit after the breach exposed partner carriers. TFI International in a ransomware attack lost USD 6 million just from having to resort to manual sorting, and subsequently had data posted to the dark web when it refused to pay the ransom. CMA CGM (CEVA logistics) had to disable its IT systems after an attack mostly targeting e-commerce operations; this is estimated to have cost USD 50 million.
Though the defining logistics incident of the year was on Toll Group: two sequential and independent breaches that led to hundreds of gigabytes of stolen data, some of which was published to the dark web. The second of these attacks used ransomware which exploited Remote Desktop Connections, software that is being increasingly relied upon by remote workers.
The attack on cloud computing provider Accellion, which compromised their flagship file-sharing platform designed to make sharing with third parties secure, affected many users including Transport for NSW. This is another example of an attack on software more companies now rely on due to remote working.
And to cap off the year was the breach on cybersecurity firm FireEye which resulted in the theft of their own hacking tools. It was revealed to be part of a wider attack affecting more than FireEye: the adversaries had used a network monitoring tool provided by a company called SolarWinds as a vector to gain access. Thousands of companies use this monitoring product, including Visa and Microsoft.
What to Look Out for in 2021
As employees settle into remote working, an increase in targeting of network perimeters is expected. A rising number of smart and home-IoT devices, often not secured by design, and connected to personal networks means increased perimeter vulnerability which is also difficult to monitor.
Governing bodies are recognising the increased risk, and more regulations are likely to come into effect addressing the issue of secure connectivity of devices, on top of stringent data privacy laws.
Cybercriminals know this and will use it for blackmail. Leakware campaigns threaten to report companies to a governing body such as the ICO if ransoms are not paid. But the reality is that the data is worth more than the ransom, and cybercriminals are now stealing data then locking systems so that they can leak and then sell on the data whilst still holding businesses to ransom.
Attacks on company supply chains have been effective, so we can expect more of these. Distributed Denial-of-Service (DDoS) attacks are likely to rise which can bring servers offline, something which attackers know companies can’t afford.
There will likely be greater scrutiny for logistics firms who are often third-party providers. The FireEye incident has revealed the risk of third-party interconnected systems, and the attack on Accellion suggests that when it comes to data sharing the third-party connector could (literally) be the weakest link.
Meet the Risk
With spread out employees all trying to connect to each other, new importance is placed on workforce management via behaviour analytics and activity monitoring. In addition, zero-trust procedures should be implemented to ensure connected devices are identified and secured.
Companies need to assess unsecured devices already in place, whether these are smart devices not secured by design or old legacy devices adopted when the company was acquired. Legacy devices running old unsupported operating systems, or that haven’t been patched, have been a favourite target of hackers in the recent past.
Companies also need to assess any third parties being used. If they are connected to the company network in any way, or even if they just provide software as a service, they should be tested and validated.
The ASD Essential 8 checklist can help guide companies on how to best secure their networks and improved cybersecurity practices, but logistics providers should think particularly about separating their information technology from their operational technology, and properly segmenting their networks to prevent lateral movement of an adversary.
It is worth remembering that better leadership can be critical to creating a cyber-aware workforce, and this can have real security benefits.
Cyber Citadel have teamed up with Wisetech Academy to offer cyber awareness training for employees. After a training period, Cyber Citadel will then test its effectiveness by running an artificial spear phishing campaign. Such exercises not only improve security but also show regulatory bodies that a company is making real effort and progress.
Cyber Citadel also offers a Next Generation Vulnerability Assessment (NGVA), using a mix of automated and manually reviewed tools to better simulate an attack and to provide better risk assessment and key recommendations and results-driven advice. This streamlined service provides a simple and cost-effective way for a company to assess their security.
2020 accelerated change. Learn from it to prepare for the future.
Also, watch our video detailing our cyber security outlook for the logistics industry.