Skip to content
Search AI Powered

Latest Stories

Cybersecurity

Supply chains wake up to growing cyberthreat

As logistics-sector companies go increasingly digital, they face a rising threat from hackers and ransomware attacks. But experts say there are steps they can take to minimize the risk.

Padlock made of blue light

Supply chains are becoming more digital by the day, as companies add electronic sensors to everything from pallets and containers to conveyors, forklifts, and dock doors. While all that hyperconnectivity is great for supply chain visibility, connecting every truck and warehouse to the internet of things (IoT) also has a downside: It makes businesses more vulnerable to hackers, who can use those links to steal data or install ransomware—software that freezes a company’s entire network until the victim pays a steep fee.

Fortunately, companies don’t have to go it alone when it comes to security planning. There’s a wealth of information on cybersecurity available online, including protocols developed by government agencies and industry organizations to help businesses lessen their risk (see sidebar).


A COMPLEX PROBLEM

That’s not to say it will be easy. In the logistics sector, keeping track of every online asset can be a complex job, says Sharon Reynolds, chief information security officer (CISO) at the Dallas-based telematics technology vendor Omnitracs. In the transportation sector alone, trucks are rapidly becoming digitalized with internet connections like in-cab devices, IoT sensors, and links for routing and dispatch tracking.

Furthermore, modern supply chains involve complex webs of suppliers, who often share real-time data with each other. “Before, you could screen partners by just checking the financials of the company to make sure they’re reliable, and maybe get references. But with supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks. Now, you have to understand your entire cyberthreat exposure, because all the partners are interconnected,” Reynolds says.

That web of connections makes companies more vulnerable to attacks because a network is only as secure as its weakest link, agrees Pal Narayanan, executive vice president and chief information officer–Americas at contract logistics and supply chain services provider Geodis.

“You have partners with partners, and some of those partners operate right within your four walls,” Narayanan says. “That’s because the rising demands of e-commerce require increased automation and mechanization, like robotics, conveyors, or warehouse control systems. They’re all bringing their computer systems inside your [warehouse].”

In Geodis’s case, those connections add up quickly, as the company operates 160 warehouses and partners with 15 automation providers. Narayanan’s challenge is to get all those automated devices to work together and still be secure. “To protect your systems, you need to have security along with nimbleness and flexibility,” he says. “If you’ve got Fort Knox-level security, then you can’t grow your business because nobody’s coming in and nobody’s going out. So you have to find a balance.”

THE PRICE OF FAME

Person using laptop


With supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks.

Striking a balance between business agility and cybersecurity has become increasingly difficult in an era when hackers are ramping up their attacks on the sector. “In the past, logistics was flying under the radar. Before Amazon, it wasn’t sexy, it wasn’t in the mainstream, so hackers focused on financial, banking, and medical companies,” Narayanan says. “But now, with how important online shopping has become and the impact of Covid, logistics has been thrust onto center stage, and with fame comes a challenge.”

A recent industry report underscores that point. In a study titled Supply Chain Disruptions and Cybersecurity in Logistics, cybersecurity services company BlueVoyant reported that hackers launched three times as many ransomware attacks on shipping and logistics companies in 2020 as in 2019.

Most of the recent attacks resulted from phishing—where hackers posing as legitimate companies persuade employees to disclose their passwords—or access to unprotected network connections called “remote desktop ports,” BlueVoyant said in the report. 

But that’s hardly the only threat. Another rapidly growing vulnerability is the spiraling number of IoT connections, which are forecast to grow to 23.6 billion worldwide by 2026 from 8.6 billion in 2021, according to technology advisory firm ABI Research. While that exponential growth will usher in a new era of connectivity and productivity, it will also result in new threat vectors, ABI says.

CLOSING THE SECURITY GAP

The good news for logistics professionals looking to bolster their digital defenses is that, as relative latecomers to the game, they can learn from other industries’ experiences, says Omnitracs’ Reynolds. 

For example, many companies suffered painful hacks in past years because manufacturers of IoT-enabled devices like webcams and digital video recorders (DVRs) had originally released their products without basic security requirements like password protection. It wasn’t long before hackers began taking them over as “botnets,” which are collections of private computers that have been hijacked to send out spam and malicious software.

Those botnet attacks can also be launched from home appliances like printers and refrigerators, which connect to residential internet networks that are typically far easier to hack than their office counterparts, says Chris Sandberg, vice president of information security at freight fleet technology specialist Trimble Transportation.

And that botnet threat matters not merely because a hacker might take over your fridge, but because the ubiquitous kitchen appliance is a node on the internet and can be used as a resource to launch attacks on any target worldwide.

That security gap means that many companies have become far more vulnerable over the past year as their employees started working from home offices during the pandemic. “The more people work from home, the larger your attack surface is,” Sandberg says. “If you push a fence out and can’t see it all, you can’t see what cuts through that fence.”

And the same principle applies to trucks that are increasingly wired with connected devices like infotainment systems, manufacturers’ diagnostic sensors, telematics, and electronic logging devices (ELDs), he adds.

ADDING LAYERS OF CYBERARMOR 

As for what companies can do to protect themselves, Sandberg recommends starting with policies where you can rack up some easy wins. His advice: Identify critical resources and vendors, create disaster response plans, train employees not to share accounts, urge them to use multifactor authentication, encourage them to create complex passwords and change them frequently, and add cybersecurity awareness to truckers’ pre-trip checklists.

Other security specialists remind companies to conduct frequent data backups across their entire systems, decreasing the chance they’ll have to pay hackers a ransom to get their data back.

Building better cyberdefenses might sound daunting, but corporations can succeed if they approach it as a business problem like any other, says Omnitracs’ Reynolds.

“Complicated business problems are being solved by these companies every day. So, they just need to treat it like risk management. And there are only four things you can do with risk: Avoid it, reduce it, transfer it to someone else, or accept it,” she says. 

Given the mounting threats, Reynolds urges logistics professionals to get out ahead of the problem and ensure they have a comprehensive cybersecurity plan in place. “I think you can’t afford not to; this is a part of doing business,” she says. “But we can learn from other groups that have discovered these realities,” Reynolds adds. “This is an incredibly resilient industry, so I don’t think it’s a challenge that’s insurmountable.” 

The Latest

More Stories

Trucking industry experiences record-high congestion costs

Trucking industry experiences record-high congestion costs

Congestion on U.S. highways is costing the trucking industry big, according to research from the American Transportation Research Institute (ATRI), released today.

The group found that traffic congestion on U.S. highways added $108.8 billion in costs to the trucking industry in 2022, a record high. The information comes from ATRI’s Cost of Congestion study, which is part of the organization’s ongoing highway performance measurement research.

Keep ReadingShow less

Featured

From pingpong diplomacy to supply chain diplomacy?

There’s a photo from 1971 that John Kent, professor of supply chain management at the University of Arkansas, likes to show. It’s of a shaggy-haired 18-year-old named Glenn Cowan grinning at three-time world table tennis champion Zhuang Zedong, while holding a silk tapestry Zhuang had just given him. Cowan was a member of the U.S. table tennis team who participated in the 1971 World Table Tennis Championships in Nagoya, Japan. Story has it that one morning, he overslept and missed his bus to the tournament and had to hitch a ride with the Chinese national team and met and connected with Zhuang.

Cowan and Zhuang’s interaction led to an invitation for the U.S. team to visit China. At the time, the two countries were just beginning to emerge from a 20-year period of decidedly frosty relations, strict travel bans, and trade restrictions. The highly publicized trip signaled a willingness on both sides to renew relations and launched the term “pingpong diplomacy.”

Keep ReadingShow less
forklift driving through warehouse

Hyster-Yale to expand domestic manufacturing

Hyster-Yale Materials Handling today announced its plans to fulfill the domestic manufacturing requirements of the Build America, Buy America (BABA) Act for certain portions of its lineup of forklift trucks and container handling equipment.

That means the Greenville, North Carolina-based company now plans to expand its existing American manufacturing with a targeted set of high-capacity models, including electric options, that align with the needs of infrastructure projects subject to BABA requirements. The company’s plans include determining the optimal production location in the United States, strategically expanding sourcing agreements to meet local material requirements, and further developing electric power options for high-capacity equipment.

Keep ReadingShow less
map of truck routes in US

California moves a step closer to requiring EV sales only by 2035

Federal regulators today gave California a green light to tackle the remaining steps to finalize its plan to gradually shift new car sales in the state by 2035 to only zero-emissions models — meaning battery-electric, hydrogen fuel cell, and plug-in hybrid cars — known as the Advanced Clean Cars II Rule.

In a separate move, the U.S. Environmental Protection Agency (EPA) also gave its approval for the state to advance its Heavy-Duty Omnibus Rule, which is crafted to significantly reduce smog-forming nitrogen oxide (NOx) emissions from new heavy-duty, diesel-powered trucks.

Keep ReadingShow less
chart of global trade forecast

Tariff threat pours cold water on global trade forecast

Global trade will see a moderate rebound in 2025, likely growing by 3.6% in volume terms, helped by companies restocking and households renewing purchases of durable goods while reducing spending on services, according to a forecast from trade credit insurer Allianz Trade.

The end of the year for 2024 will also likely be supported by companies rushing to ship goods in anticipation of the higher tariffs likely to be imposed by the coming Trump administration, and other potential disruptions in the coming quarters, the report said.

Keep ReadingShow less