Skip to content
Search AI Powered

Latest Stories

Cybersecurity

Supply chains wake up to growing cyberthreat

As logistics-sector companies go increasingly digital, they face a rising threat from hackers and ransomware attacks. But experts say there are steps they can take to minimize the risk.

Padlock made of blue light

Supply chains are becoming more digital by the day, as companies add electronic sensors to everything from pallets and containers to conveyors, forklifts, and dock doors. While all that hyperconnectivity is great for supply chain visibility, connecting every truck and warehouse to the internet of things (IoT) also has a downside: It makes businesses more vulnerable to hackers, who can use those links to steal data or install ransomware—software that freezes a company’s entire network until the victim pays a steep fee.

Fortunately, companies don’t have to go it alone when it comes to security planning. There’s a wealth of information on cybersecurity available online, including protocols developed by government agencies and industry organizations to help businesses lessen their risk (see sidebar).


A COMPLEX PROBLEM

That’s not to say it will be easy. In the logistics sector, keeping track of every online asset can be a complex job, says Sharon Reynolds, chief information security officer (CISO) at the Dallas-based telematics technology vendor Omnitracs. In the transportation sector alone, trucks are rapidly becoming digitalized with internet connections like in-cab devices, IoT sensors, and links for routing and dispatch tracking.

Furthermore, modern supply chains involve complex webs of suppliers, who often share real-time data with each other. “Before, you could screen partners by just checking the financials of the company to make sure they’re reliable, and maybe get references. But with supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks. Now, you have to understand your entire cyberthreat exposure, because all the partners are interconnected,” Reynolds says.

That web of connections makes companies more vulnerable to attacks because a network is only as secure as its weakest link, agrees Pal Narayanan, executive vice president and chief information officer–Americas at contract logistics and supply chain services provider Geodis.

“You have partners with partners, and some of those partners operate right within your four walls,” Narayanan says. “That’s because the rising demands of e-commerce require increased automation and mechanization, like robotics, conveyors, or warehouse control systems. They’re all bringing their computer systems inside your [warehouse].”

In Geodis’s case, those connections add up quickly, as the company operates 160 warehouses and partners with 15 automation providers. Narayanan’s challenge is to get all those automated devices to work together and still be secure. “To protect your systems, you need to have security along with nimbleness and flexibility,” he says. “If you’ve got Fort Knox-level security, then you can’t grow your business because nobody’s coming in and nobody’s going out. So you have to find a balance.”

THE PRICE OF FAME

Person using laptop


With supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks.

Striking a balance between business agility and cybersecurity has become increasingly difficult in an era when hackers are ramping up their attacks on the sector. “In the past, logistics was flying under the radar. Before Amazon, it wasn’t sexy, it wasn’t in the mainstream, so hackers focused on financial, banking, and medical companies,” Narayanan says. “But now, with how important online shopping has become and the impact of Covid, logistics has been thrust onto center stage, and with fame comes a challenge.”

A recent industry report underscores that point. In a study titled Supply Chain Disruptions and Cybersecurity in Logistics, cybersecurity services company BlueVoyant reported that hackers launched three times as many ransomware attacks on shipping and logistics companies in 2020 as in 2019.

Most of the recent attacks resulted from phishing—where hackers posing as legitimate companies persuade employees to disclose their passwords—or access to unprotected network connections called “remote desktop ports,” BlueVoyant said in the report. 

But that’s hardly the only threat. Another rapidly growing vulnerability is the spiraling number of IoT connections, which are forecast to grow to 23.6 billion worldwide by 2026 from 8.6 billion in 2021, according to technology advisory firm ABI Research. While that exponential growth will usher in a new era of connectivity and productivity, it will also result in new threat vectors, ABI says.

CLOSING THE SECURITY GAP

The good news for logistics professionals looking to bolster their digital defenses is that, as relative latecomers to the game, they can learn from other industries’ experiences, says Omnitracs’ Reynolds. 

For example, many companies suffered painful hacks in past years because manufacturers of IoT-enabled devices like webcams and digital video recorders (DVRs) had originally released their products without basic security requirements like password protection. It wasn’t long before hackers began taking them over as “botnets,” which are collections of private computers that have been hijacked to send out spam and malicious software.

Those botnet attacks can also be launched from home appliances like printers and refrigerators, which connect to residential internet networks that are typically far easier to hack than their office counterparts, says Chris Sandberg, vice president of information security at freight fleet technology specialist Trimble Transportation.

And that botnet threat matters not merely because a hacker might take over your fridge, but because the ubiquitous kitchen appliance is a node on the internet and can be used as a resource to launch attacks on any target worldwide.

That security gap means that many companies have become far more vulnerable over the past year as their employees started working from home offices during the pandemic. “The more people work from home, the larger your attack surface is,” Sandberg says. “If you push a fence out and can’t see it all, you can’t see what cuts through that fence.”

And the same principle applies to trucks that are increasingly wired with connected devices like infotainment systems, manufacturers’ diagnostic sensors, telematics, and electronic logging devices (ELDs), he adds.

ADDING LAYERS OF CYBERARMOR 

As for what companies can do to protect themselves, Sandberg recommends starting with policies where you can rack up some easy wins. His advice: Identify critical resources and vendors, create disaster response plans, train employees not to share accounts, urge them to use multifactor authentication, encourage them to create complex passwords and change them frequently, and add cybersecurity awareness to truckers’ pre-trip checklists.

Other security specialists remind companies to conduct frequent data backups across their entire systems, decreasing the chance they’ll have to pay hackers a ransom to get their data back.

Building better cyberdefenses might sound daunting, but corporations can succeed if they approach it as a business problem like any other, says Omnitracs’ Reynolds.

“Complicated business problems are being solved by these companies every day. So, they just need to treat it like risk management. And there are only four things you can do with risk: Avoid it, reduce it, transfer it to someone else, or accept it,” she says. 

Given the mounting threats, Reynolds urges logistics professionals to get out ahead of the problem and ensure they have a comprehensive cybersecurity plan in place. “I think you can’t afford not to; this is a part of doing business,” she says. “But we can learn from other groups that have discovered these realities,” Reynolds adds. “This is an incredibly resilient industry, so I don’t think it’s a challenge that’s insurmountable.” 

The Latest

More Stories

legal scales and gavel

FMCSA rule would require greater broker transparency

A move by federal regulators to reinforce requirements for broker transparency in freight transactions is stirring debate among transportation groups, after the Federal Motor Carrier Safety Administration (FMCSA) published a “notice of proposed rulemaking” this week.

According to FMCSA, its draft rule would strive to make broker transparency more common, requiring greater sharing of the material information necessary for transportation industry parties to make informed business decisions and to support the efficient resolution of disputes.

Keep ReadingShow less

Featured

chart of trucking conditions

FTR: Trucking sector outlook is bright for a two-year horizon

The trucking freight market is still on course to rebound from a two-year recession despite stumbling in September, according to the latest assessment by transportation industry analysis group FTR.

Bloomington, Indiana-based FTR said its Trucking Conditions Index declined in September to -2.47 from -1.39 in August as weakness in the principal freight dynamics – freight rates, utilization, and volume – offset lower fuel costs and slightly less unfavorable financing costs.

Keep ReadingShow less
chart of robot use in factories by country

Global robot density in factories has doubled in 7 years

Global robot density in factories has doubled in seven years, according to the “World Robotics 2024 report,” presented by the International Federation of Robotics (IFR).

Specifically, the new global average robot density has reached a record 162 units per 10,000 employees in 2023, which is more than double the mark of 74 units measured seven years ago.

Keep ReadingShow less
person using AI at a laptop

Gartner: GenAI set to impact procurement processes

Progress in generative AI (GenAI) is poised to impact business procurement processes through advancements in three areas—agentic reasoning, multimodality, and AI agents—according to Gartner Inc.

Those functions will redefine how procurement operates and significantly impact the agendas of chief procurement officers (CPOs). And 72% of procurement leaders are already prioritizing the integration of GenAI into their strategies, thus highlighting the recognition of its potential to drive significant improvements in efficiency and effectiveness, Gartner found in a survey conducted in July, 2024, with 258 global respondents.

Keep ReadingShow less
Report: SMEs hopeful ahead of holiday peak

Report: SMEs hopeful ahead of holiday peak

Businesses are cautiously optimistic as peak holiday shipping season draws near, with many anticipating year-over-year sales increases as they continue to battle challenging supply chain conditions.

That’s according to the DHL 2024 Peak Season Shipping Survey, released today by express shipping service provider DHL Express U.S. The company surveyed small and medium-sized enterprises (SMEs) to gauge their holiday business outlook compared to last year and found that a mix of optimism and “strategic caution” prevail ahead of this year’s peak.

Keep ReadingShow less