Surprisingly, the transport and logistics industry is the second-most affected by cyber-crime worldwide.1 But looking at how the industry has changed in recent years, and the reasons why it is now a tempting target for cyber criminals becomes clear.
First, transport and logistics is one of the largest and most profitable industries worldwide.1 This makes it attractive to highly organised cyber-crime groups motivated by financial gain.2
Technology adoption is now widespread. This means fleet operators are sharing more data with partners and vendors than ever before. This creates an opportunity for cyber criminals. And with so many parties involved in the cargo supply chain there are even more chances to identify and exploit weak links in cyber security.3
Transport and logistics cyber risks
All this makes it even more important for transport and logistics firms to stay up to date on the cyber threat landscape. This knowledge helps them better understand and defend against a wide range of existing and emerging cyber risks.
With that in mind, here are some of the most prominent cyber risks facing the industry:
1. Ransomware
Ransomware is when hackers infiltrate a company’s IT infrastructure. They encrypt selected files or the entire system, making it inaccessible to the business unless a ransom is paid. This is a fast-growing threat and a tactic that's increasingly being used against transport and logistics firms.4
During the first half of 2020, reported ransomware incidents grew by 715% year on year. And in December 2020 trucking and freight company Forward Air was affected by a ransomware attack. This attack wiped $7.5 million off its Q4 financial results.5
2. Phishing emails
A high proportion of phishing email attacks target companies in the logistics industry.1
Phishing involves cyber criminals contacting target organisations in a number of ways, such as:
- email;
- telephone;
- text message;
- posing as a legitimate person.
The aim of this is to lure the recipient into giving up sensitive data and passwords.6
One recent example saw cyber criminals use phishing techniques to target the COVID-19 cold supply chain. They gained access to a German biomedical company’s network. They then used its own email system to distribute further phishing emails to partners involved in transporting the vaccine.7
3 Corporate hacking
The transport and logistics industry has also seen cases of corporate hacking. This is where a company uses hacking techniques to steal sensitive information from a competitor.3 No-one knows for certain, but it is conceivable that corporate hacking was behind an attack on Total Quality Logistics. This saw attackers gain access to some partner organisations’ sensitive business information.8
4. Bill of Lading ransom
In this case, scammers posing as freight forwarders negotiate with an unwitting client. Once the goods are packed at the port of loading, they deny the release of the Bill of Lading (BOL) until a ransom is paid.9
5. Freight forwarding fraud
Another freight forwarding scam involves scammers impersonating a legitimate company. They do this by essentially copying its website. The aim is to steal freight forwarding fees or make off with any cargo that falls into their possession.7
6. Sensor data intercepts
The increased use of sensors and Internet of Things devices in transport and logistics is also an opportunity to cyber criminals. For example, cyber thieves may seek to intercept communications between a logistics firm’s sensor and its IT systems. They will harvest the data they gather to sell to a competitor.10
7. Remote worker exploits
The growth in remote working in 2020 has created opportunities for hackers. This is because remote workers are often outside corporate security systems. Cyber criminals have quickly adapted to this situation themselves. They have developed new techniques to exploit weak security on remote devices. This poses a threat to businesses with distributed workforces, such as those in transport and logistics.11
Cyber security for transport and logistics
The scale of the cyber threat facing transport and logistics companies is significant. Potential losses can run into tens of millions.7 This makes it crucially important to take steps to defend IT systems against cyber-attacks.
Clearly, everything starts with security, this means:
- understanding the risks;
- assessing potential vulnerabilities in IT systems;
- and taking steps to address them.
Firms can address risks and vulnerabilities with best practice security and access controls. For instance, following guidance from the Cyber Essentials scheme.
The rapidly evolving nature of cyber-attacks makes it difficult for firms to stay ahead of hackers. So they are investing in cyber liability insurance on top of existing haulage and logistics insurance This can help minimise financial and reputational damage if the worst should happen.
For more information on cyber risk and insurance, read our data and cyber risks articles or explore our cyber liability insurance solutions to talk to a cyber insurance expert.
Sources
1. hornetsecurity.com/data/downloads/reports/document-cybersecurity-special-logistics-en.pdf
2. nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime
3. foodlogistics.com/transportation/article/21126721/trimble-transportation-cybersecurity-best-practices-for-the-connected-world-of-trucking
4. ttnews.com/articles/how-trucking-can-fend-cyberattacks
5. zdnet.com/article/trucking-company-forward-air-said-its-ransomware-incident-cost-it-7-5-million/
6. phishing.org/what-is-phishing
7. securityintelligence.com/articles/cybersecurity-in-logistics-gaps-and-opportunities/
8. foodlogistics.com/transportation/article/21126721/trimble-transportation-cybersecurity-best-practices-for-the-connected-world-of-trucking
9. freightwaves.com/news/update-tql-says-data-breach-was-not-malware-or-ransomware-attack
10. supplychaingamechanger.com/3-most-common-freight-forwarding-scams-and-how-to-avoid-them/
11. travelers.com/business-insights/industries/transportation/understanding-the-risks-of-transportation-iot
12. securityboulevard.com/2020/12/top-10-cybersecurity-threats-in-2021-and-how-to-protect-your-business/
Real-world insight that we don't share anywhere else
Get access to exclusive help, advice and support, delivered straight to your inbox.
