CYBER-PIRATES:
PREVENTING AMBUSH IN THE SUPPLY CHAIN

For as long as oceans have been used for carrying goods, pirates have been a part of global history. Thefts of valuable commerce and the plunder of ships across global seas has been recorded as early as 258AD, and piracy still exists on ships today.

However, the maritime pirate is no longer our worst enemy. 

The growth of global trade combined with the rising digitalisation of the supply chain means a rise in its vulnerability to a new wave of criminal behaviour. Cannons are swapped for malware; hardened crews are exchanged for coders with their identities encrypted, attacking from behind a digital wall. The rise of cyber criminality doesn’t limit itself to the seas, or to the same goals.

You might remember Nyetya. If you don’t remember the name, you may remember it as a global attack which cost logistics giants FedEx and Maersk millions of dollars. What you may not be aware of is that this wasn’t a ransom attack, like the WannaCry attack on the NHS. Nyetya was an attack without mercy. The virus aimed to destroy data and compromise systems, not produce economic gain for the people behind it. $21.2 million was lost to cybercrime in the U.S. alone in 2017, and there are more indirect costs: ancillary payments, wasted man hours, reputational damage and liability losses are just some of the additional crippling costs incurred.

Similar ransomware attacks on the logistics network rose by 200% in the period between 2016 and 2017 according to Symantec’s annual Internet Security Threat Report. Oh, and this figure only accounts for those threats which were disclosed publicly. 

And it’s not just a virtual threat. 90% of the entire global trade flows through only 39 bottleneck regions. It’s staggering. Terrifying, when you consider the rising threat of cyber-crime, and how quickly the virtual becomes physical. It would only take one of these bottlenecks to be compromised, and the impact would be immense. Freight flows would slow, or halt entirely, and sensitive cargo would be compromised: a logistical nightmare, and a terrorist’s dream.

It may sound far-fetched, but this is a very real threat. 

There are answers. PwC in conjunction with SMI produced a report, Transportation & Logistics 2030 Volume 4: Securing the supply chain. In it, the team explore the rising threat of cyber terrorism. It makes for startling reading. Their data shows that attacks on the supply chain are on the rise, no matter the mode of transport. However, the report also outlines some steps that any company could start to take tomorrow. For example, assessing your company’s reliance on specific hubs or transport routes is a good start. Having a plan for deviations in process is essential in these cases and should be standard for any serious business. Also having access to funds for any additional transportation costs – increased time spent on the road, for example – makes business sense.

When it comes to investing in digital security, the financial investment might be more significant, but it doesn’t necessarily mean a drop in profits. The result of installing these practices can not only prevent future losses, but also help to streamline current processes and efficiencies.

This article might not be bedtime reading, and I won’t detail the myriad of security options here, (look out for future deep-dives in our tech section for that) but the subject should heed attention. If the delivery of medical supplies or sanitary items is disrupted, there is a human cost. Similarly, with food supplies. Economies will suffer, businesses could fold, and people lose their livelihoods. As Dr. Heiko von der Gracht states in the PwC report:  As long as it remains unimaginable in our minds, it remains dangerous. 

So, it might be hard to imagine a ‘destructive’ virus which attacks the rail-road signalling system (which is of course digital) and derails a freight train. But it could happen. Likewise, it may be hard to imagine a targeted attack on our borders – also becoming digital – which holds goods to ransom. 

There are (believe it or not) experts out there who see the increasing numbers in cyber attacks as a good thing: they visualise this as an incentive for businesses to begin to tighten security. Not the action I would suggest, when there are security measures which are already available, and data which backs up the threat as very real.

The next time you start to drift off during a meeting about IT compliance, or when your CIO starts talking about the value of Blockchain, remember that it is so important that we don’t take a reactive view to security. If a catastrophe happens it will be too late. Preventative security is the best solution. 

Sarah O’Connell, Senior Editor, FORWARDER magazine  


Ref: www.pwc.com/gx/en/transportation-logistics/pdf/tl2030_vol.4_web.pdf

For as long as oceans have been used for carrying goods, pirates have been a part of global history. Thefts of valuable commerce and the plunder of ships across global seas has been recorded as early as 258AD, and piracy still exists on ships today.

However, the maritime pirate is no longer our worst enemy. 

The growth of global trade combined with the rising digitalisation of the supply chain means a rise in its vulnerability to a new wave of criminal behaviour. Cannons are swapped for malware; hardened crews are exchanged for coders with their identities encrypted, attacking from behind a digital wall. The rise of cyber criminality doesn’t limit itself to the seas, or to the same goals.

You might remember Nyetya. If you don’t remember the name, you may remember it as a global attack which cost logistics giants FedEx and Maersk millions of dollars. What you may not be aware of is that this wasn’t a ransom attack, like the WannaCry attack on the NHS. Nyetya was an attack without mercy. The virus aimed to destroy data and compromise systems, not produce economic gain for the people behind it. $21.2 million was lost to cybercrime in the U.S. alone in 2017, and there are more indirect costs: ancillary payments, wasted man hours, reputational damage and liability losses are just some of the additional crippling costs incurred.

Similar ransomware attacks on the logistics network rose by 200% in the period between 2016 and 2017 according to Symantec’s annual Internet Security Threat Report. Oh, and this figure only accounts for those threats which were disclosed publicly. 

And it’s not just a virtual threat. 90% of the entire global trade flows through only 39 bottleneck regions. It’s staggering. Terrifying, when you consider the rising threat of cyber-crime, and how quickly the virtual becomes physical. It would only take one of these bottlenecks to be compromised, and the impact would be immense. Freight flows would slow, or halt entirely, and sensitive cargo would be compromised: a logistical nightmare, and a terrorist’s dream.

It may sound far-fetched, but this is a very real threat. 

There are answers. PwC in conjunction with SMI produced a report, Transportation & Logistics 2030 Volume 4: Securing the supply chain. In it, the team explore the rising threat of cyber terrorism. It makes for startling reading. Their data shows that attacks on the supply chain are on the rise, no matter the mode of transport. However, the report also outlines some steps that any company could start to take tomorrow. For example, assessing your company’s reliance on specific hubs or transport routes is a good start. Having a plan for deviations in process is essential in these cases and should be standard for any serious business. Also having access to funds for any additional transportation costs – increased time spent on the road, for example – makes business sense.

When it comes to investing in digital security, the financial investment might be more significant, but it doesn’t necessarily mean a drop in profits. The result of installing these practices can not only prevent future losses, but also help to streamline current processes and efficiencies.

This article might not be bedtime reading, and I won’t detail the myriad of security options here, (look out for future deep-dives in our tech section for that) but the subject should heed attention. If the delivery of medical supplies or sanitary items is disrupted, there is a human cost. Similarly, with food supplies. Economies will suffer, businesses could fold, and people lose their livelihoods. As Dr. Heiko von der Gracht states in the PwC report:  As long as it remains unimaginable in our minds, it remains dangerous. 

So, it might be hard to imagine a ‘destructive’ virus which attacks the rail-road signalling system (which is of course digital) and derails a freight train. But it could happen. Likewise, it may be hard to imagine a targeted attack on our borders – also becoming digital – which holds goods to ransom. 

There are (believe it or not) experts out there who see the increasing numbers in cyber attacks as a good thing: they visualise this as an incentive for businesses to begin to tighten security. Not the action I would suggest, when there are security measures which are already available, and data which backs up the threat as very real.

The next time you start to drift off during a meeting about IT compliance, or when your CIO starts talking about the value of Blockchain, remember that it is so important that we don’t take a reactive view to security. If a catastrophe happens it will be too late. Preventative security is the best solution. 

Sarah O’Connell, Senior Editor, FORWARDER magazine  


Ref: www.pwc.com/gx/en/transportation-logistics/pdf/tl2030_vol.4_web.pdf

2019-01-04T10:08:06+00:00November 23rd, 2018|Categories: Forward Tech|
Close