Recently, federal agencies warned that ransomware is currently the fastest growing malware threat, with more than 4,000 attacks per day. Global phishing and malware campaigns that have been targeting critical industries around the world have recently switched to ransomware attacks, an indicator of how successful ransomware has become for cyber criminals as a money-making vehicle.
Ransomware is a type of malware that prevents computer users from accessing their system or personal files, with the malware authors demanding payment in order to regain access. The earliest versions of ransomware were reported in the late 1980s, with ransom payments being sent via postal mail. Today, ransomware authors direct their victims to send payment via cryptocurrency or credit card.
The Problem
Of all of the industries in developed nations, the transportation and logistics industry is one that has benefited to a great extent from improvements in efficiency, and the one which is most vulnerable to external forces that threaten that very same efficiency. It is believed that hackers’ modus operandi would be the same as in other recently target industries, i.e. exploiting vulnerabilities such as remote access to networks, insufficient security configurations, outdated firewalls, weak passwords, and a lack of proper employee engagement.
According to industry security experts, the two areas most vulnerable to attack include:
- Blocking Transport: Hackers breaching logistics technology and programs could interfere with transportation, leaving entire sectors of the population without adequate supplies of goods.
- Malicious Tampering: Hacking into the Programable Logic Controllers (PLCs) that transportation and logistics companies use to manage and/or automate large portions of the logistics supply chain which could lead to significant inefficiencies and widespread shortages of goods and services
It’s a foregone conclusion that hackers are continually “upping their game,” and that continual vigilance is the best avenue toward security in the long term. Unfortunately, there are many reasons that organizations neglect cybersecurity. Listed below are a few of the top “fails” of organizations that later suffered cyberattacks.
Lack of funding often leads to an organization overlooking cybersecurity initiatives. Based on current data, around 25% of organizations surveyed reported this as the reason for deficiencies in this area. While cash flow can account for a business neglecting cybersecurity, more often than not it is due to a lack of prioritizing cybersecurity across the corporate culture. In other words, it hasn’t happened to them yet, so they’re ignoring it.
Believing adequate security protocols are sufficient often leads to a false sense of security amongst managers and business owners. Most travelers wouldn’t want an “adequate” commercial airline pilot in the cockpit, and with good reason. Entry-level anti-virus software won’t prevent a cyberattack; having a comprehensive cybersecurity plan will not only reduce the likelihood of attacks, but can also minimize damage should one occur.
Making assumptions with regard to the security parameters of security software, particularly when engaging managed security service providers, can be a deadly business. Supposing all security compliance issues have been met because “this is what the system is supposed to do” can leave holes in key areas that hackers will exploit sooner or later. One should never presume that every safety and enforcement issue has been addressed unless they are in the service contract or the software documentation.
Neglecting security upgrades in a timely fashion can be as dangerous as not having security measures in place at all. As tedious as implementing upgrades can be, software vendors provide them coming for a very good reason. When they detect security flaws, they immediately issue updates, and it is the responsibility of the end user to install them. Unfortunately, many end users don’t do this right away, which opens the door for cyberattacks to flourish.
The Solution
What can organizations do to reduce the likelihood of a cyberattack? Well, proactively avoiding the above pitfalls is an excellent start. In addition, a digital security strategy that promotes investment in technology tools, processes and procedures is essential.
Training employees in digital best practices and implementing digital standards for suppliers and vendors can go a long way toward ensuring that your security infrastructure isn’t compromised from within. Sharing information with industry peers and keeping up-to-date as regards published threats will avoid your organization being blindsided by novel dangers that will most certainly arise.
When prospects raise financial objections, the sales professional often comes back with the refrain “You can’t afford not to.” While this can be annoying if you happen to be the prospect, it’s an axiom that definitely rings true with regard to cybersecurity.
In the case of organizations in the transportation and logistics industry, prioritizing digital security is not only the right thing to do, but it serves to protect the supply chain as well as consumers. Larger organizations definitely can’t afford to skimp, since their operations can actually carry national security implications. Finally, a solid cybersecurity regime can be used as a selling point for customers, and can create a competitive advantage over organizations that would rather learn the hard way.
