It’s safe to say that the majority of businesses in the logistics sector are fully entrenched in advanced technology, which is fantastic for productivity and profit. It has opened opportunities to explore efficient business practices and connect with customers across the globe.
That said, our increasing reliance on technology isn’t without its problems. While it would be nice to think that we all wish to utilize tech for positive reasons, there are those who spend their time hunting for weaknesses to exploit. Cybercriminals are a reality of our digital landscape, and they pose a threat.
In this article we’ll look at a few key cybersecurity challenges that are evident in various aspects of the logistics industries. How much of a threat do hackers present, and what steps can be taken to prevent the worst?
1. The IoT
The internet of things (IoT) presents exciting opportunities for various aspects of our lives — from digital assistants to regulation of utilities. An ecosystem of objects that collect and share data to make our existence simpler and more efficient. The IoT is beginning to emerge as a potential tool for all areas of the supply chain too. As sensor technology continues to drop in price, it’s becoming practical to collect real-time data on the progress of product life cycle from manufacture to the customer’s hands. There’s even potential to collect and send smart data to robotic manufacturing tools which allow them to make efficient changes to production as required.
However, this also presents potential issues regarding data security. With multiple sensors at various points of the supply chain, each sharing vast amounts of data with one another, cybercriminals looking to harvest valuable information have a vast metaphorical surface area in which to operate. If companies don’t take steps to encrypt the data being sent between devices, hackers can also intervene and alter data to send new instructions to the next step in the supply chain, and cause damaging disruption.
Part of this problem comes from the fact that, manufacturers of IoT devices don’t often take sufficient steps to include security measures during their product development process. However, logistics companies utilizing devices must also take responsibility for ensuring that their cybersecurity closes weak points such as this “buffer” zone between sending and receiving data. Even simple steps such as altering the default security credentials of new devices, and only using secure networks to transmit data can help. However, regular penetration testing of weak points by cybersecurity experts can be a vital tool.
2. Lack of staff expertise
The logistics industry is filled with regulation, and there are certain areas that — quite rightly — require certification of its employees. Yet, though cybersecurity presents a clear threat to the logistics industry, there’s no regulatory requirement for staff to receive training in cybersecurity. Drivers who wish to obtain a CDL license in Massachusetts, for example must undertake theoretical and practical tests. There are even additional handling procedures to learn in order to gain endorsements. Yet, drivers aren’t required to learn how to protect themselves and their vehicles from the very real dangers that can be presented by cybercriminals.
Indeed, one of the main cybersecurity challenges that the logistics industry faces across the board is a lack of staff expertise. In their 2019 report, State of Logistics Report, Eye for Transport (EFT) found that only 43% of shipping companies have a Chief Information Security Officer (CISO), and — perhaps worse — just 21% of logistics companies are convinced they even need one. This suggests that there’s not only the potential for companies being open to cybersecurity risks, but also a cultural issue that they don’t understand the value of expertise.
It’s important to note, however, that it isn’t simply a case of bringing on an expert to monitor systems. Staff across all areas must undergo regular training to understand how their behavior and working practices can present cybersecurity risks, and what steps they can take to minimize risk.
3. BYOD policies
While it’s largely positive that smart devices have become affordable, this can also present problems. Apps to improve logistic efficiency have led some companies to encourage staff — particularly those who operate away from the office, such as drivers — to utilize their own devices for work duties. This goes much further than the problems associated with distracted driving while using smartphones on the road. Though, it’s important that companies seek assistance to educate staff thoroughly, from a cybersecurity perspective, operating a “bring your own device” policy can present significant problems.
Think about it; logistics companies share some incredibly valuable data — customer information, operational practices, financial records — during the course of daily activities. It’s important to handle this information in a secure, responsible manner. Employees use their personal devices for a variety of tasks, visiting websites and downloading files over which the company has no control. By allowing employees to use their own devices to company data, you’re essentially inviting the equivalent of allowing a surgeon to use a carving knife from home to operate on a patient. You’re just inviting infection.
Yes, it’s a significant investment to provide all employees with company-owned devices. However, this helps make certain that relevant security protocols are always in place, that data is effectively encrypted, and that you’re operating a digitally sanitary operation.
We’re living in a time where the entire supply chain benefits from advanced technology, but that also means we’re constantly at risk of cybersecurity threats. More focus must be placed on better preparing the logistics industry against the wide variety of areas in which unscrupulous actors could gain access to data, and cause disruption that would result in significant damage. There will never be a time at which businesses can remove all risk, but by investing in employee training, to undertaking intelligent device use strategies, every logistics company can provide the foundation for a safer, more successful operation.