In the coming weeks, we’ll be posting a series of articles focusing on issues of cybersecurity and privacy and their impact on our industry. This is Part 1 in the series.
The transportation industry is growing up, and that growth has introduced some major growing pains—specifically when it comes to cybersecurity.
In June 2017, the transportation and logistics industry experienced what many consider the first major cyberattack on the industry. The now infamous ransomware attack affected nearly 80 ports and terminals around the globe causing significant delays, complete shutdowns in some cases, and it cost the target company, A.P. Moller-Maersk, an estimated $300 million. But taking a minute to look outside the industry, this event is all but unique. In fact, healthcare companies, financial institutions, and educational entities have been the target of similar attacks for years.
So why did this attack have such a tremendous impact on the transportation and logistics industry? Some point to the fact that the industry is traditionally viewed as laggards when it comes to technology adoption—with things like the digitization of logistics information and internet-based operational processes introducing previously unaccounted for attack vectors. Add in regulatory pressure, a mix of companies using different technological systems (many of which are outdated), and a heavily dispersed, mobile workforce, and you’ve created an environment in which cybercriminals can thrive.
In case you think these attacks are limited to large, global brands, don’t be fooled. Cybercriminals frequently target lower-profile companies like Clarksons (a London-based ship broker) that don’t have the information technology (IT) budget and resources that their larger counterparts do. In fact, when you look at the larger transportation and logistics cycle, smaller companies are often ideal targets for a cybercriminal looking for a quick payday. Data from the 2018 Verizon Data Breach Investigations Report shows that smaller businesses are 58% more likely to be the target of cybercrime.
There’s a common adage in the cybersecurity industry: It’s not a question of if you’ll be attacked, but when. It’s no secret that one of the biggest challenges with adopting new technology has always been trying to protect your new digital assets against the unknown.
Thirty years ago, IT managers had a relatively small amount of data and far fewer devices to protect. Today, however, the sharp increase in digital technologies and the massive adoption of mobile devices has exponentially increased the potential ways for cybercriminals to access private data.
And if you think healthcare companies, financial institutions, and other traditionally high-profile targets have a hard time addressing cybersecurity, consider this. A 2018 Ponemon study found that 59% of companies have experienced a data breach caused by one of their vendors or third parties. Those numbers are intimidating when you consider that transportation and logistics industry stakeholders can include shippers, consignees, shipping lines, origin and destination ports, trucking companies, 3Pls, banks, and even customs and border authorities, each using a variety of potentially unprotected software and mobile devices.
Putting it together
The point of all this isn’t to scare you or dissuade you from adopting new technology. In fact, quite the opposite. New technologies present a tremendous opportunity to reduce costs, improve efficiencies, and simplify complex processes, all of which can help you make more money. But you should always approach technology adoption with both eyes wide open—understanding the potential risks and thinking about how to address them BEFORE they become an issue.
This blog post from Truckstop.com partner Evans logistics, includes some excellent points to consider: Evanstrans.com/cybersecurity-in-logistics/.