It may come as a surprise to learn that the transport and logistics sector ranks in second place in a list of industries most affected by cyber-crime worldwide1. But then look at how the industry has changed in recent years, and the reasons why it is now a tempting target for cyber criminals becomes clear.
First, transport and logistics is one of the largest and most profitable industries worldwide1, which is attractive to highly organised cyber-crime groups motivated by financial gain2.
Second, widespread technology adoption means fleet operators are now sharing more data with partners and vendors than ever before. This alone presents an opportunity for cyber criminals, while the sheer number of parties involved in the cargo supply chain provides an even greater opportunity to identify and exploit weak links in cyber security3.
Transport and logistics cyber risks
All this makes it even more important that transport and logistics firms stay up-to-date on the cyber threat landscape – to better understand and help defend against a wide range of existing and emerging cyber risks.
With that in mind, here are some of the most prominent cyber risks facing the transport and logistics industry:
- Ransomware: Hackers infiltrate a company’s IT infrastructure and encrypt selected files or the entire system, making it inaccessible to the business unless it pays a ransom. This is a fast-growing threat – during the first half of 2020 reported ransomware incidents grew by 715% year on year – and one that is increasingly being employed against transport and logistics firms4.
For instance, in December 2020, trucking and freight company Forward Air was affected by a ransomware attack that wiped $7.5 million off its Q4 financial results5.
- Phishing emails: A high proportion of phishing email attacks target companies in the logistics industry1. Phishing involves cyber criminals contacting target organisations by email, telephone or text message, posing as a legitimate person – the aim being to lure the recipient into giving up sensitive data and passwords6.
One recent example saw cyber criminals use phishing techniques to target the COVID-19 cold supply chain – gaining access to a German biomedical company’s network before using its own email system to distribute further phishing emails to partners involved in transporting the vaccine7.
- Corporate hacking: The transport and logistics industry has also seen cases of corporate hacking – where a company uses hacking techniques to steal sensitive information from a competitor8. No-one knows for certain, but it is conceivable that corporate hacking was behind an attack on Total Quality Logistics that saw attackers gain access to some partner organisations’ sensitive business information9.
- Bill of Lading ransom: In this case, scammers posing as freight forwarders negotiate with an unwitting client and, once goods are packed from the port of loading, deny the release of the Bill of Lading (BOL) until a ransom is paid10.
- Freight forwarding fraud: Another freight forwarding scam involves scammers impersonating a legitimate company by essentially copying its website. The aim is to steal freight forwarding fees or make off with any cargo that falls into their possession7.
- Sensor data intercepts: The increased use of sensors and Internet of Things devices in transport and logistics is also an opportunity to cyber criminals. For example, cyber thieves may seek to intercept communications between a logistics firm’s sensor and its IT systems, harvesting data to sell to a competitor11.
- Remote worker exploits: The huge growth in remote working in 2020 opens up opportunities for hackers because remote workers sit outside of corporate security systems. The fact that cyber criminals have been quick to adapt – developing new techniques to exploit patchy security on remote devices – is bad news for businesses with distributed workforces, like transport and logistics12.
Cyber security for transport and logistics
The scale of the cyber threat facing transport and logistics companies, as well as potential losses running to tens of millions7, means that taking steps to defend IT systems against cyber-attacks is crucially important.
Clearly, everything starts with security. That means understanding the risks, assessing potential vulnerabilities in IT systems and taking steps to address them through best practice security and access controls – for instance following guidance from the Cyber Essentials scheme.
Meanwhile, given that the rapidly evolving nature of cyber-attacks makes it hard to stay ahead of the hackers, transport and logistics firms are adding cyber liability insurance to their wider haulage and logistics insurance programmes – to help minimise the financial and reputational damage if the worst should happen.