Three Common Cybersecurity Pitfalls for Logistics Companies

Logistics and transportation companies form a major lifeline of our economy, drawing attention from bad cyber actors, who see these sectors as a critical chokepoint to attack. As shown by the Maersk NotPetya ransomware attack – which cost the company $250 million to $300 million, requiring replacement of 4,000 servers, 45,000 computers and 2,500 applications over 10 days – such attacks can halt a firm’s operations, damaging reputations, interrupting businesses and leading to major financial losses.

As automation creates near-total reliance on digital systems, threats of this type will continue.

Logistics – Three Common Cybersecurity Pitfalls

If you work in the logistics sector, you can minimize risks by addressing three common pitfalls: outsourced IT staff, devices and large attack surfaces, and privacy laws.

Outsourced IT staff: Often forgotten

Due to limited IT budgets, transportation companies often outsource their IT function. This ‘outsource and forget’ model exposes such companies to severe cyber risks. In a recent example, an IT managed service provider (MSP) and its clients were attacked in at least 12 countries by the Chinese hackers known as the Advanced Persistent Threat 10 or APT 10 Group. This is now the subject of an FBI investigation.

Your company should evaluate what inherited cyber risk you assume by using managed service providers for IT functions. To meet this need, we created Threat Beta™, a comparative metric derived using proprietary methods, which provides a score to let you know how up-to-date your MSP is with protecting their own networks – and therefore yours.

Devices and large attack surfaces: A route of entry for bad actors

Many logistic companies use mobile devices to track locations, coordinate shipping, and to pay bills. These multiple devices increase the attack surface that cyber actors can utilize to gain entry into your firm’s networks.

Threat Beta can track global trends and the specific risks to each of these devices within your network to ensure that your attack surface is hardened to outside breach attempts.

Privacy laws: Increasing breach notification requirements

The chances are that your organization has customers in many states, or even many countries, so is subject to a patchwork of state, federal and global privacy legislation. Examples include the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR). Almost all 50 states have individual breach notification requirements.

These regulations add to the imperative for your company to avoid breaches. Threat Beta can help in the management of both your infrastructure and those of your MSPs – including the attack surface – to minimize both business and compliance issues.