Cyber attacks have become an ever-increasing threat as today’s security landscape has changed due to digitization and inter connectivity. The increasing adoption of cloud computing and cloud storage services has instigated a massive transfer of data to this environment. Third party logistics (3PLs) services are no different – we’re all cloud users with the Internet of Things (IoT).
As logistics companies continue to look for ways to streamline supply chain processes, increasing efficiencies in measurable, impactful ways, 3PLs have employed advanced technologies to stay ahead of developing trends to meet growth -- specifically in the e-commerce sector. With digitization, everything-as-a-service (XaaS) sometimes removes traditional security borders and can open the door to new cyber attacks. And while the benefits of IoT are vast, there are security risks when networks and systems are interconnected. Risks that are regrettably often overlooked or not widely understood.
According to Shri Cockroft, IT Security and Disaster Recovery Director at Americold, logistics companies need to consider shifting some of their focus toward data security to provide their customers with the safest solutions to protect their data. “If your company hasn’t developed a plan to help ensure the appropriate cybersecurity safeguards are in place, they need to,” said Cockroft.
News of recent cyber criminal activity is well-known among mainstream retailers, insurance companies and credit companies, but logistics companies are not immune. In all, tens of millions of customers have had business and personal data exposed in highly-publicized cases. This leaves a devastating effect on businesses resulting in significant financial costs to stem losses and recover data.
The Global Food Safety Resource reported ransomware attacks increased by over 250% in 2017 compared to 2016.
According to Cockroft, “Risk mitigation is vital in this current landscape.”
So what are some of the necessary steps companies can take to mitigate cyber security risks in the supply chain?
“Companies should be dedicated to strengthening their control environments and should consider launching Information Security Oversight Committees because information security is everyone’s job. This helps heighten cyber threat awareness among leaders across organizations to propel information security as a foundation of what they do,” said Cockroft.
Not all of the cases of cyber attacks are criminal related. Some cyber incidents are caused by Associates who click links in emails from unknown origins, pick up and insert unknown USBs into their laptops or who use weak passwords.
“It’s important to develop risk management strategies based on the way your business operates, so train Associates to identify potential threats and make relevant policies available to them,” said Cockroft.
Here are three additional tips Cockcroft recommends companies consider to help protect against cyberattacks:
- Keep Your Software Up-to-Date- Organizations often invest in hardware but fail to take the necessary steps to continually update these platforms to identify vulnerabilities within their networks. Each year, Americold hires third parties to perform penetration tests to help identify and remediate any issues. This first step makes the Americold environment more secure.
- Associate Training- Security awareness is vital. Work with teams to identify potentially harmful cyber activity and recognize what that looks like. Don’t open suspicious attachments or click links in emails from unknown users. And never respond to emails that request credential or financial information.
- Risk Management- Maintain security zones to prevent threat migration. Conducting regular penetration tests by external audit teams helps pinpoint potential risks. Identifying such vulnerabilities can help you develop and further implement long-term, well-rehearsed strategies to reduce possible malware migration threats, which is crucial in a company’s cyber security plan.
It’s critically important to have layered defenses in place to protect proprietary and customer information. Check with your current providers and ask them about their data protection policies.