Lessons from the Past, Predictions for the Future

This article, “Cybersecurity in Logistics: Lessons from the Past, Predictions for the Future,” was written for and published in the 1st Edition 2023 Across Borders magazine, p. 42, by JONATHAN SHARROCK

The cybercrime landscape is constantly changing, but one thing is for certain – the risk of attack goes up year on year. Awareness is improving, however, and businesses just need to take the reins and drive home good cybersecurity practices.

Supply Chain Insecurities

Supply chains are increasingly the weakest link in security posture, accounting for 62% of system-level intrusions over the year 2021-22 according to the latest Verizon report. This trend has continued, with an IBM reporting a fifth of all cyberattacks in 2022 originating with supply chain compromise. Human-related elements remain the dominant cause of data breaches, whether by spear-phishing, misuse of credentials, targeted social engineering, or poor security practices. With 82% of data breaches in 2022 originating with a human cause, if companies want to improve their security posture they must start with their workforce.

Remote and hybrid workforces are becoming permanent features of organisations, and so remote access, cloud storage, and mobile devices are becoming central elements of network vulnerability. File transfer service GoAnywhere has already been targeted this year by the Clop ransomware group resulting in data breaches for around 130 companies using the tool.

Desktop and file-sharing vulnerabilities are the leading cause of ransomware attacks, with emails following closely behind. The frequency of these attacks is increasing, driven by the accessibility of AI-based tools, such as deep fakes and voice cloning as well as generative AI which is capable of creating novel content rather than simply acting on existing data, which will facilitate social engineering attacks. The availability of Ransomware as a Service (RaaS) and the Cryptocurrencies needed to pay for it on the Dark Web are also contributing to the financial success of the online criminal marketplace and will continue to encourage this democratisation of cybercrime.

Already in 2023, email-based marketing platform Mailchimp has been hit by a social engineering attack, its second in the last year after a phishing attack in 2022 imitated the authentication service Okta to obtain credentials and infiltrate over 100 companies. This highlights the need to consider people and processes, as well as technology in cybersecurity policy. Multi-factor authentication, for example, is an essential tool in securing a company network and reducing reliance on secure passwords. But, as the Okta-impersonation incident makes clear, users need to be aware of potential scams and security protocols should not assume that granting access means that the user is genuine or that the connection is secure. Removing assumptions is the key principle of Zero Trust Architecture (ZTA), an approach which is gaining traction.

Zero Trust Architecture

ZTA will likely become essential in larger organisations operating remote workforces and cloud storage. The logistics sector relies heavily on partners and third-party service providers. Since they cannot be guaranteed to meet the security standards of your own company, layers of risk are added to the network. Auditing security practices of partner organisations should become standard practice, but implementing ZTA guarantees the security of your own network.

Critical Infrastructure businesses should adopt ZTA, as breaches to these systems cost around 1.5 million AUD more than average, yet surprisingly the uptake is lower than in other sectors. Legislation will catch up with these issues in 2023, with the U.S. alone introducing five new comprehensive consumer privacy laws, and security compliance programs such as the Australian Energy Sector Cyber Security Framework (AESCSF) already extending their jurisdiction. Prohibiting ransom payments to perpetrators is also being considered in Australia, with other countries looking to be informed by such legislation. Paying ransoms is already not advised, but this indicates the seriousness with which states are prepared to tackle this issue.

ZTA aside, emphasis should be on getting the basics right. Run Vulnerability and Penetration Tests (VAPT), carry out a security posture review, and implement basic but effective measures. The ASD Essential 8 is a concise guide to basic digital hygiene, and reaching the recommended level of maturity for your organisation in the Essential 8 model should be a priority. It demonstrates your commitment to cybersecurity, which is increasingly important for meeting the requirements of legislation and industry standards, as well as cyber insurance.

A data breach is inevitable, but what really defines good cybersecurity is the incident response plan. Good plans contain the fallout from an attack: cost, client perception, and reputational damage. Good plans that are tested save money – 3.75 million AUD on average. Risk quantification can save even more by predicting the cost of response, productivity loss, legislative fines, and reputational damage, and mitigating in advance. These practices also contribute to evidence of risk assessment in the event of an insurance claim.

Time is Money!

Ultimately, time is money. According to the 2022 IBM report, it took over 9 months on average to identify and contain a serious data breach, and over 10 months for supply chain issues. The most effective way to reduce this is by continuous monitoring through a Security Operations Centre (SOC), such as Aegis from Cyber Citadel. This SOC-as-a-service offers affordable real-time monitoring, threat detection, and rapid response. Cyber Citadel has also formed a partnership to bring clients complete visibility of their risks, current security posture, and improvements over time. This means company executives can directly follow cybersecurity progress and ensure they are compliant with the necessary regulations.

The last two years have revealed how much the cyber landscape is changing, but also what lies ahead. To prepare businesses, Cyber Citadel is working with the Freight Trade Alliance (FTA) to bring companies the latest, most important information and resources needed to keep the logistics sector secure. If there is something you want to know about, get in touch with Cyber Citadel or the FTA and we will endeavor to make the next article, webinar, or video meet your needs.