As logistics-sector companies go increasingly digital, they face a rising threat from hackers and ransomware attacks. But experts say there are steps they can take to minimize the risk.
Ben Ames has spent 20 years as a journalist since starting out as a daily newspaper reporter in Pennsylvania in 1995. From 1999 forward, he has focused on business and technology reporting for a number of trade journals, beginning when he joined Design News and Modern Materials Handling magazines. Ames is author of the trail guide "Hiking Massachusetts" and is a graduate of the Columbia School of Journalism.
Supply chains are becoming more digital by the day, as companies add electronic sensors to everything from pallets and containers to conveyors, forklifts, and dock doors. While all that hyperconnectivity is great for supply chain visibility, connecting every truck and warehouse to the internet of things (IoT) also has a downside: It makes businesses more vulnerable to hackers, who can use those links to steal data or install ransomware—software that freezes a company’s entire network until the victim pays a steep fee.
Fortunately, companies don’t have to go it alone when it comes to security planning. There’s a wealth of information on cybersecurity available online, including protocols developed by government agencies and industry organizations to help businesses lessen their risk (see sidebar).
A COMPLEX PROBLEM
That’s not to say it will be easy. In the logistics sector, keeping track of every online asset can be a complex job, says Sharon Reynolds, chief information security officer (CISO) at the Dallas-based telematics technology vendor Omnitracs. In the transportation sector alone, trucks are rapidly becoming digitalized with internet connections like in-cab devices, IoT sensors, and links for routing and dispatch tracking.
Furthermore, modern supply chains involve complex webs of suppliers, who often share real-time data with each other. “Before, you could screen partners by just checking the financials of the company to make sure they’re reliable, and maybe get references. But with supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks. Now, you have to understand your entire cyberthreat exposure, because all the partners are interconnected,” Reynolds says.
That web of connections makes companies more vulnerable to attacks because a network is only as secure as its weakest link, agrees Pal Narayanan, executive vice president and chief information officer–Americas at contract logistics and supply chain services provider Geodis.
“You have partners with partners, and some of those partners operate right within your four walls,” Narayanan says. “That’s because the rising demands of e-commerce require increased automation and mechanization, like robotics, conveyors, or warehouse control systems. They’re all bringing their computer systems inside your [warehouse].”
In Geodis’s case, those connections add up quickly, as the company operates 160 warehouses and partners with 15 automation providers. Narayanan’s challenge is to get all those automated devices to work together and still be secure. “To protect your systems, you need to have security along with nimbleness and flexibility,” he says. “If you’ve got Fort Knox-level security, then you can’t grow your business because nobody’s coming in and nobody’s going out. So you have to find a balance.”
THE PRICE OF FAME
With supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks.
Striking a balance between business agility and cybersecurity has become increasingly difficult in an era when hackers are ramping up their attacks on the sector. “In the past, logistics was flying under the radar. Before Amazon, it wasn’t sexy, it wasn’t in the mainstream, so hackers focused on financial, banking, and medical companies,” Narayanan says. “But now, with how important online shopping has become and the impact of Covid, logistics has been thrust onto center stage, and with fame comes a challenge.”
A recent industry report underscores that point. In a study titled Supply Chain Disruptions and Cybersecurity in Logistics, cybersecurity services company BlueVoyant reported that hackers launched three times as many ransomware attacks on shipping and logistics companies in 2020 as in 2019.
Most of the recent attacks resulted from phishing—where hackers posing as legitimate companies persuade employees to disclose their passwords—or access to unprotected network connections called “remote desktop ports,” BlueVoyant said in the report.
But that’s hardly the only threat. Another rapidly growing vulnerability is the spiraling number of IoT connections, which are forecast to grow to 23.6 billion worldwide by 2026 from 8.6 billion in 2021, according to technology advisory firm ABI Research. While that exponential growth will usher in a new era of connectivity and productivity, it will also result in new threat vectors, ABI says.
CLOSING THE SECURITY GAP
The good news for logistics professionals looking to bolster their digital defenses is that, as relative latecomers to the game, they can learn from other industries’ experiences, says Omnitracs’ Reynolds.
For example, many companies suffered painful hacks in past years because manufacturers of IoT-enabled devices like webcams and digital video recorders (DVRs) had originally released their products without basic security requirements like password protection. It wasn’t long before hackers began taking them over as “botnets,” which are collections of private computers that have been hijacked to send out spam and malicious software.
Those botnet attacks can also be launched from home appliances like printers and refrigerators, which connect to residential internet networks that are typically far easier to hack than their office counterparts, says Chris Sandberg, vice president of information security at freight fleet technology specialist Trimble Transportation.
And that botnet threat matters not merely because a hacker might take over your fridge, but because the ubiquitous kitchen appliance is a node on the internet and can be used as a resource to launch attacks on any target worldwide.
That security gap means that many companies have become far more vulnerable over the past year as their employees started working from home offices during the pandemic. “The more people work from home, the larger your attack surface is,” Sandberg says. “If you push a fence out and can’t see it all, you can’t see what cuts through that fence.”
And the same principle applies to trucks that are increasingly wired with connected devices like infotainment systems, manufacturers’ diagnostic sensors, telematics, and electronic logging devices (ELDs), he adds.
ADDING LAYERS OF CYBERARMOR
As for what companies can do to protect themselves, Sandberg recommends starting with policies where you can rack up some easy wins. His advice: Identify critical resources and vendors, create disaster response plans, train employees not to share accounts, urge them to use multifactor authentication, encourage them to create complex passwords and change them frequently, and add cybersecurity awareness to truckers’ pre-trip checklists.
Other security specialists remind companies to conduct frequent data backups across their entire systems, decreasing the chance they’ll have to pay hackers a ransom to get their data back.
Building better cyberdefenses might sound daunting, but corporations can succeed if they approach it as a business problem like any other, says Omnitracs’ Reynolds.
“Complicated business problems are being solved by these companies every day. So, they just need to treat it like risk management. And there are only four things you can do with risk: Avoid it, reduce it, transfer it to someone else, or accept it,” she says.
Given the mounting threats, Reynolds urges logistics professionals to get out ahead of the problem and ensure they have a comprehensive cybersecurity plan in place. “I think you can’t afford not to; this is a part of doing business,” she says. “But we can learn from other groups that have discovered these realities,” Reynolds adds. “This is an incredibly resilient industry, so I don’t think it’s a challenge that’s insurmountable.”
For more information …
Looking to learn more about cyberthreats and ways to minimize your risk? Here are some links to get you started:
The National Institute of Standards and Technology (NIST)’s cybersecurity framework at the U.S. Department of Commerce
A move by federal regulators to reinforce requirements for broker transparency in freight transactions is stirring debate among transportation groups, after the Federal Motor Carrier Safety Administration (FMCSA) published a “notice of proposed rulemaking” this week.
According to FMCSA, its draft rule would strive to make broker transparency more common, requiring greater sharing of the material information necessary for transportation industry parties to make informed business decisions and to support the efficient resolution of disputes.
The proposed rule titled “Transparency in Property Broker Transactions” would address what FMCSA calls the lack of access to information among shippers and motor carriers that can impact the fairness and efficiency of the transportation system, and would reframe broker transparency as a regulatory duty imposed on brokers, with the goal of deterring non-compliance. Specifically, the move would require brokers to keep electronic records, and require brokers to provide transaction records to motor carriers and shippers upon request and within 48 hours of that request.
Under federal regulatory processes, public comments on the move are due by January 21, 2025. However, transportation groups are not waiting on the sidelines to voice their opinions.
According to the Transportation Intermediaries Association (TIA), an industry group representing the third-party logistics (3PL) industry, the potential rule is “misguided overreach” that fails to address the more pressing issue of freight fraud. In TIA’s view, broker transparency regulation is “obsolete and un-American,” and has no place in today’s “highly transparent” marketplace. “This proposal represents a misguided focus on outdated and unnecessary regulations rather than tackling issues that genuinely threaten the safety and efficiency of our nation’s supply chains,” TIA said.
But trucker trade group the Owner-Operator Independent Drivers Association (OOIDA) welcomed the proposed rule, which it said would ensure that brokers finally play by the rules. “We appreciate that FMCSA incorporated input from our petition, including a requirement to make records available electronically and emphasizing that brokers have a duty to comply with regulations. As FMCSA noted, broker transparency is necessary for a fair, efficient transportation system, and is especially important to help carriers defend themselves against alleged claims on a shipment,” OOIDA President Todd Spencer said in a statement.
Additional pushback came from the Small Business in Transportation Coalition (SBTC), a network of transportation professionals in small business, which said the potential rule didn’t go far enough. “This is too little too late and is disappointing. It preserves the status quo, which caters to Big Broker & TIA. There is no question now that FMCSA has been captured by Big Broker. Truckers and carriers must now come out in droves and file comments in full force against this starting tomorrow,” SBTC executive director James Lamb said in a LinkedIn post.
Bloomington, Indiana-based FTR said its Trucking Conditions Index declined in September to -2.47 from -1.39 in August as weakness in the principal freight dynamics – freight rates, utilization, and volume – offset lower fuel costs and slightly less unfavorable financing costs.
Those negative numbers are nothing new—the TCI has been positive only twice – in May and June of this year – since April 2022, but the group’s current forecast still envisions consistently positive readings through at least a two-year forecast horizon.
“Aside from a near-term boost mostly related to falling diesel prices, we have not changed our Trucking Conditions Index forecast significantly in the wake of the election,” Avery Vise, FTR’s vice president of trucking, said in a release. “The outlook continues to be more favorable for carriers than what they have experienced for well over two years. Our analysis indicates gradual but steadily rising capacity utilization leading to stronger freight rates in 2025.”
But FTR said its forecast remains unchanged. “Just like everyone else, we’ll be watching closely to see exactly what trade and other economic policies are implemented and over what time frame. Some freight disruptions are likely due to tariffs and other factors, but it is not yet clear that those actions will do more than shift the timing of activity,” Vise said.
The TCI tracks the changes representing five major conditions in the U.S. truck market: freight volumes, freight rates, fleet capacity, fuel prices, and financing costs. Combined into a single index indicating the industry’s overall health, a positive score represents good, optimistic conditions while a negative score shows the inverse.
Specifically, the new global average robot density has reached a record 162 units per 10,000 employees in 2023, which is more than double the mark of 74 units measured seven years ago.
Broken into geographical regions, the European Union has a robot density of 219 units per 10,000 employees, an increase of 5.2%, with Germany, Sweden, Denmark and Slovenia in the global top ten. Next, North America’s robot density is 197 units per 10,000 employees – up 4.2%. And Asia has a robot density of 182 units per 10,000 persons employed in manufacturing - an increase of 7.6%. The economies of Korea, Singapore, mainland China and Japan are among the top ten most automated countries.
Broken into individual countries, the U.S. ranked in 10th place in 2023, with a robot density of 295 units. Higher up on the list, the top five are:
The Republic of Korea, with 1,012 robot units, showing a 5% increase on average each year since 2018 thanks to its strong electronics and automotive industries.
Singapore had 770 robot units, in part because it is a small country with a very low number of employees in the manufacturing industry, so it can reach a high robot density with a relatively small operational stock.
China took third place in 2023, surpassing Germany and Japan with a mark of 470 robot units as the nation has managed to double its robot density within four years.
Germany ranks fourth with 429 robot units for a 5% CAGR since 2018.
Japan is in fifth place with 419 robot units, showing growth of 7% on average each year from 2018 to 2023.
Progress in generative AI (GenAI) is poised to impact business procurement processes through advancements in three areas—agentic reasoning, multimodality, and AI agents—according to Gartner Inc.
Those functions will redefine how procurement operates and significantly impact the agendas of chief procurement officers (CPOs). And 72% of procurement leaders are already prioritizing the integration of GenAI into their strategies, thus highlighting the recognition of its potential to drive significant improvements in efficiency and effectiveness, Gartner found in a survey conducted in July, 2024, with 258 global respondents.
Gartner defined the new functions as follows:
Agentic reasoning in GenAI allows for advanced decision-making processes that mimic human-like cognition. This capability will enable procurement functions to leverage GenAI to analyze complex scenarios and make informed decisions with greater accuracy and speed.
Multimodality refers to the ability of GenAI to process and integrate multiple forms of data, such as text, images, and audio. This will make GenAI more intuitively consumable to users and enhance procurement's ability to gather and analyze diverse information sources, leading to more comprehensive insights and better-informed strategies.
AI agents are autonomous systems that can perform tasks and make decisions on behalf of human operators. In procurement, these agents will automate procurement tasks and activities, freeing up human resources to focus on strategic initiatives, complex problem-solving and edge cases.
As CPOs look to maximize the value of GenAI in procurement, the study recommended three starting points: double down on data governance, develop and incorporate privacy standards into contracts, and increase procurement thresholds.
“These advancements will usher procurement into an era where the distance between ideas, insights, and actions will shorten rapidly,” Ryan Polk, senior director analyst in Gartner’s Supply Chain practice, said in a release. "Procurement leaders who build their foundation now through a focus on data quality, privacy and risk management have the potential to reap new levels of productivity and strategic value from the technology."
Businesses are cautiously optimistic as peak holiday shipping season draws near, with many anticipating year-over-year sales increases as they continue to battle challenging supply chain conditions.
That’s according to the DHL 2024 Peak Season Shipping Survey, released today by express shipping service provider DHL Express U.S. The company surveyed small and medium-sized enterprises (SMEs) to gauge their holiday business outlook compared to last year and found that a mix of optimism and “strategic caution” prevail ahead of this year’s peak.
Nearly half (48%) of the SMEs surveyed said they expect higher holiday sales compared to 2023, while 44% said they expect sales to remain on par with last year, and just 8% said they foresee a decline. Respondents said the main challenges to hitting those goals are supply chain problems (35%), inflation and fluctuating consumer demand (34%), staffing (16%), and inventory challenges (14%).
But respondents said they have strategies in place to tackle those issues. Many said they began preparing for holiday season earlier this year—with 45% saying they started planning in Q2 or earlier, up from 39% last year. Other strategies include expanding into international markets (35%) and leveraging holiday discounts (32%).
Sixty percent of respondents said they will prioritize personalized customer service as a way to enhance customer interactions and loyalty this year. Still others said they will invest in enhanced web and mobile experiences (23%) and eco-friendly practices (13%) to draw customers this holiday season.