How safe is your supply chain? According to logistics industry insurance provider TT Club, not enough attention is being paid to the frailty of global transportation systems when faced with cyber-attacks. Many logistics companies, the group said, are not only unaware of their security vulnerabilities from new technology, they are also largely ignorant of the frequency with which these attacks have occurred.
At Trans-Pacific Asia Conference, held earlier this month in Shenzhen, China, TT Club’s Alexis Cahalan warned that the logistics and freight forwarding community’s lack of “open communication and reporting of damaging past cyber experiences” can lead to greater risk.
This isn’t the first time the logistics industry has been accused of under-reporting theft and other security lapses, but now, Cahalan and others are warning that new technology could actually increase vulnerability. “Risks are increasing rapidly, not just in terms of greater hacking and malware activity,” Cahalan warned. “The desire for supply chain visibility and efficiencies is driving technologies, such as IoT (internet of things) and access through smart phones and the like. There is a danger that rapid adoption of such technology means many companies have yet to consider thoroughly the cyber security implications of BYOD (bring your own device) procedures.”
Recent revelations of hacks at the National Security Administration (NSA) underscore how sophisticated cyber-criminals have become, while also pointing to the importance of having rigorous, and well-enforced protocols. The NSA has said that one major breach occurred when a contractor took a computer home to work on a project, allowing hackers to exploit a weakness in the system. For logistics companies with far-less-sophisticated security protocols, compliance is all the more important.
TT Club stressed that defensive action in such a challenging security environment “can’t be whittled down to just one area of operation.” The insurer said that human behavior was a supply chain’s greatest strength, but warned that it was also a weakness that could be targeted.
“Employee awareness of the potential dangers of day-to-day activities will help with cyber defenses. Trust in e-mail communication, auto-connect wi-fi settings and password protocols, peripheral equipment and flash drives, [and] computers in general, should all be monitored and reviewed,” Cahalan concluded. “Staff and contractors should be brought to understand that the critical balance between ease of operation and security may bring inconvenience. A corporate culture that articulates, enforces and educates cyber defense will achieve much in terms of mitigating risk.