Logistics and transportation companies form a major lifeline of our economy, drawing attention from bad cyber actors, who see these sectors as a critical chokepoint to attack. As shown by the Maersk NotPetya ransomware attack – which cost the company $250 million to $300 million, requiring replacement of 4,000 servers, 45,000 computers and 2,500 applications over 10 days – such attacks can halt a firm’s operations, damaging reputations, interrupting businesses and leading to major financial losses.
As automation creates near-total reliance on digital systems, threats of this type will continue.
Logistics – Three Common Cybersecurity Pitfalls
If you work in the logistics sector, you can minimize risks by addressing three common pitfalls: outsourced IT staff, devices and large attack surfaces, and privacy laws.
Outsourced IT staff: Often forgotten
Due to limited IT budgets, transportation companies often outsource their IT function. This ‘outsource and forget’ model exposes such companies to severe cyber risks. In a recent example, an IT managed service provider (MSP) and its clients were attacked in at least 12 countries by the Chinese hackers known as the Advanced Persistent Threat 10 or APT 10 Group. This is now the subject of an FBI investigation.
Your company should evaluate what inherited cyber risk you assume by using managed service providers for IT functions. To meet this need, we created Threat Beta™, a comparative metric derived using proprietary methods, which provides a score to let you know how up-to-date your MSP is with protecting their own networks – and therefore yours.
Devices and large attack surfaces: A route of entry for bad actors
Many logistic companies use mobile devices to track locations, coordinate shipping, and to pay bills. These multiple devices increase the attack surface that cyber actors can utilize to gain entry into your firm’s networks.
Threat Beta can track global trends and the specific risks to each of these devices within your network to ensure that your attack surface is hardened to outside breach attempts.
Privacy laws: Increasing breach notification requirements
The chances are that your organization has customers in many states, or even many countries, so is subject to a patchwork of state, federal and global privacy legislation. Examples include the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR). Almost all 50 states have individual breach notification requirements.
These regulations add to the imperative for your company to avoid breaches. Threat Beta can help in the management of both your infrastructure and those of your MSPs – including the attack surface – to minimize both business and compliance issues.
Preventing, detecting, and responding to a data breach is not easy. Cybeta™ offers a suite of cyber intelligence solutions that leverages advanced analytics to produce threat quantifications. Cybeta™ enables leaders to uncover strengths and weaknesses in their cybersecurity capabilities, detect emerging cyber threats, evaluate threat level against the competition, and make real-time business decisions. Cybeta experts can help you identify the best solution to predict, preempt, and prevent future threats and cyber attacks.