As one of the most profitable industries worldwide and as an important part of the economy, companies in the logistics industry have been increasingly targeted by cyberattacks organized by sophisticated cyber-crime groups. The logistics and transport sector, although a very hands-on sector, relies on a significant volume of data processing and information sharing.
Technology advancements mean that the previously manual completion of forms has become digital and consequently fleet operators are now sharing more data with partners and vendors than ever before. This alone presents an opportunity for cybercriminals, while the disparate network of parties involved in the cargo supply chain provides an even greater opportunity to identify and exploit weak links in cybersecurity.
Given the rapidly evolving nature and the deep sophistication of cyberattacks today, it is vital that transport and logistics firms stay up to date on the cyber threat landscape, to better understand and help defend against a wide range of existing and emerging cyber risks. Doing so, however, will require a change in the cadence of action by the sector in a battle between physical and digital operating models. Some of the major cyber risks the transport and logistics has faced and is facing today includes ransomware, phishing emails, and industrial technology intercepts.
Addressing Third-Party Supplier Risks
Outsourcing to third-party suppliers to support supply chain IT systems and business processes means that the risks naturally expand to include that of the suppliers. It is essential that due diligence takes place in any third-party selection process and that there is an extensive third-party and supply chain cybersecurity program in place.
Accountability and responsibility for the outsourcing of data management cannot reside solely with the supplier it must be covered and managed by both parties.
The risks for acquiring services vary from onsite physical and remote access to information and information systems to offsite information processing, equipment and applications. It can include lack of information security controls, inadequate governance, risk tolerance and compliance practice issues, or overreliance on supplier services and capabilities.