Cyberattacks seem to be growing in prevalence and severity, particularly those around the major supply chains in the US, including both the fuel supply chain and the food supply chain. On June 2, 2021, The Wall Street Journal reported that a ransomware attack against JBS had resulted in the cancellation of shifts across all US plants. Such an event has constrained the meat supply chain more than ever, sparking fears of massive food shortages, and it comes mere weeks after the other major cyberattack to strike the US—halting the operation of the Colonial Pipeline.
The recent cyberattack that resulted in the shutdown of the Colonial Pipeline has returned the issue of cybersecurity to the forefront of logistics conversations, reports CNBC. Much like the Colonial Pipeline, a break in the flow of goods and services within transportation results in a disruption to the customer experience. Your supply chain can be protected by partnering with technology-enabled partners to effectively reduce the risk through layered protection strategies such as layered communication methods, segmented systems that can be isolated and addressed when a possible attack occurs, and expanded breadth of mode and carrier offerings to bypass potential disruptions.
The continuing expansion of supply chain software to enable parcel management, warehousing, white-glove services, final mile visibility, the electronic interconnections inherent in digital transportation management, and more devices connected following the rollout of 5G wireless connectivity increase the areas of opportunity for an attacker.
Each system could contain vulnerabilities, and it’s only with an eye on the need to rigorously monitor and enhance supply chain cybersecurity that business leaders can keep their chains disruption-free. Let’s take a closer look at the issue of supply chain cybersecurity, why the Colonial Pipeline attack is translating into a renewed focus for cybersecurity, and a few things to know for when assessing the cybersecurity of your network partners and software vendors.
Supply Chain Cybersecurity Risks Continue to Exist Around the Globe
The ransomware attack on the Colonial Pipeline has once again highlighted a common fact; cyberattacks appear to be increasing in frequency and scope of impact at an alarming rate. On top of that, the recent need for expanded remote work has exponentially increased many companies’ exposure to attack. There are a few things that supply chain leaders need to know about the facts of cybersecurity attacks, as noted by Varonis.
- Most successful cyberattacks are not some repeated attempt to gain entry to a system with advanced coding knowledge; they are the result of human error.
- Up to 95% of cybersecurity breaches are caused by social engineering, using things like phishing emails or shared login credentials to gain access to a system.
- Money is often the driving force behind cyberattacks, accounting for 86% of attacks.
- The typical cyberattack and subsequent data breach cost was $3.86 million in 2020.
- The remaining cyberattack incidents can come from espionage, unpatched systems or other means.
- The average breach goes undetected for more than 50 days.
For the supply chain, it’s a clear indicator that cybersecurity is critical to keeping information safe, secure and keeping product flowing.
According to Ryan Pettit, Vice President of Engineering Operations at GlobalTranz:
“As a third party logistics company, our ‘worst case scenario’ for cybersecurity attacks isn’t discovering that Personal Data or Payment Card Data has been exposed. Our most important goal as a company is defending the flow of goods and keeping the economy moving. Our greatest fear for cybersecurity would be our applications or operational machines being impacted in a way that would stop the flow of goods, or food, or impact the flow of the economy or essential goods.”
How the Colonial Pipeline Attack Will Affect the Supply Chain
The Colonial Pipeline is a painfully common cyberattack that contributed to a massive fuel shortage along the East Coast. Fuel average costs rose above $3 per gallon for the first time in seven years, when retail fuel was available at all.
Due to the shortage, truckload rates rose in tandem with increased fuel surcharges as the pressure at the pump spiked. Some drivers were challenged to find refuel stations with available diesel. Those effects have translated into delaying orders and risking customer upset. Any one of these events can create a domino effect to capacity challenges and delays.
What Can Shippers Do to Mitigate Cyber Attacks
In a perfect world, human error would never contribute to cyberattacks, but this isn’t a perfect world. And supply chain cybersecurity is only as valuable as the ability to mitigate that risk. That’s why more shippers are taking extra steps to protect their assets from cyberattacks, including:
- Working together on security planning and testing with trusted 3rd parties like GlobalTranz who provide the TMS or other applications. This is effectively achieved through the simple outsourcing of the maintenance and patching of the systems to trusted digital transportation management partners.
- Conducting penetration testing to identify and address vulnerabilities. Penetration testing is a biannual process at GlobalTranz and helps to root out risks before they become
- Leveraging a dedicated cybersecurity team, such as the team at GlobalTranz, to ensure accountability and protect customers from the risks of using any connected application, whether used as a standalone system or integrated within their tech stack.
- Continuous scanning to find issues, quarantine affected systems and prevent subsequent disruptions. The reality is that an attack will happen, and the key to success rests in being able to mitigate the impact and protect customer information.
- Ensuring that supply chains are not single-stream, but leverage multiple carrier, manufacturing, and delivery partners to create resiliency in the flow of goods and services.
There’s another factor to consider. GlobalTranz within the last year experienced over 100 cyberattacks with only five becoming successful entries to the network. The GlobalTranz cybersecurity team was able to immediately isolate those issues and prevent subsequent data loss, protecting all customer data. Those attacks and responses occurred in tandem with a 47% increase in GlobalTranz revenue growth over the same time period. Clearly, the GlobalTranz strategy is working. However, it’s also helpful to recognize that there are individual layers of security that can help build more robust supply chain security, including”
- Infosec policies to hold employees accountable for website and email use.
- Physical security measures to prevent unauthorized individuals from accessing servers or applications.
- Using firewalls and secure networks/systems to prevent attacks from gaining entry to a system.
- Running automatic antivirus and vulnerability software to detect unusual lateral movement within an account or application to recognize a cyberattack.
- Maintaining strict access control and permissions to share files and applications.
- Backing data up routinely to account for possible losses when and if an attack occurs.
- Leveraging monitoring and notifications to alert dedicated staff of potential issues as soon as evidence of an attack appears.
- Employee training and testing to ensure their readiness to help prevent a successful attack
Again, it’s all about keeping everyone in the loop and ensuring the best strategy to prevent and address supply chain cybersecurity weaknesses. Ryan Pettit further noted:
The right systems must use a segmentation strategy. That segments software and platforms into small, isolated pieces, so even if a hacker (for example) finds a way inside the system used to calculate fuel surcharges, that’s all they can affect. They can’t look at another segment like credit ratings, and this is enabled by:
- Each segment is self-sufficient and has limited access to data.
- Each segment is fully recoverable.
- Each segment enforces security in the connections between them.
There’s also cloud-hosted options such as serverless deployment using platform-as-a-service that can reduce risk. If there is no server out there when trying to figure out what the next step is to obtain data, our surface area for what can be hacked goes down. There is not a system to login to where a bad actor could download malware or sit for months looking for ways to further penetrate the network dramatically decreasing the ability to hack.
Enhance Your Supply Chain Cybersecurity With the Right Software Vendors and High-Quality Information Security-Based Applications
GlobalTranz is committed to leveraging people and technology to reduce risk and improve the supply chain. Darwin Porter, Manager of Cybersecurity at GlobalTranz, further elaborated on this point:
“Today, cybersecurity is among the top pressing concerns for companies of all sizes, and that includes the shippers and partners of GlobalTranz. We have endured our share of attacks and have successfully managed to contain them and recover. It’s not a matter of the best systems or elaborate processes. It’s a matter of ensuring your team understands the Incident Response Plan when a breach is detected. Most attacks derive from a mistake—a human error—whether that’s clicking on a link or incorrectly sharing personal data. Regardless, the key to success is to find those issues as soon as possible, quarantine the environment to stop the spread, and perform rapid recovery to get systems back online faster”
While the next attack is inevitable, allowing it to disrupt your supply chain is not. Now is the time to start rethinking your plans and strategies. Now is the time to reiterate the training of employees to reduce their risk for accidentally playing into a hacker’s hands. And now is the time to recognize that a cyberattack does lead to direct impacts on the supply chain. Inflation is growing along the East Coast, the after-affects of 2020 stocking and supply disruptions continue, and order delays are a reality.
Don’t leave your supply chain security to chance, choose a software vendor and digital transportation partner that can make a difference. Request a GlobalTranz consultation to learn more about how we are protecting our greatest asset—you—our customers with the latest in proactive supply chain cybersecurity.