How Secure is Your Supply Chain Data?

MercuryGate Blog - Technology Category

Getting Prepared for Rising Cyberthreats

Cyberthreats across every industry are increasing, and logistics and transportation operations are certainly not immune to this growing problem. The order data, freight rates and pricing, contractual terms, usernames, passwords, and other data contained in every supply chain data stream can be a potential target for theft or malicious attacks. Businesses in every industry of every size in every part of the world have to be proactive and prepared to prevent and, if necessary, respond when a breach or cyberattack occurs.
Ransomware Attack Costs Maersk an Estimated $300 Million
In June 2017, the Danish transport and logistics giant Maersk was hit with the biggest ransomware attacks to date. Ransomware is a type of malicious software that blocks access to systems until a ransom is paid to unlock it. By the time the attack was discovered, it had brought down IT systems around the world and Maersk was forced to reinstall approximately 4,000 servers, 45,000 PCs, and 2,500 applications. When the damage was finally calculated, Maersk had lost $300 million in revenue, and its partners also paid a heavy price.

The attack on Maersk is perhaps the worst-case scenario to date, but it is certainly not alone on the growing list of victims. Ransomware attacks are on the rise and they cost companies more than $8.1 billion globally in 2017, according to the IBM X-Force Threat Intelligence Index 2018 report. In addition to ransomware attacks, the IBM report notes that more than 2.9 billion records were leaked through publicly disclosed breaches.

Within the logistics industry, the Maersk incident served as a wake-up call. If logistics leaders weren’t already paying attention and investing in cybersecurity efforts, they are now. The risk of lost revenues and the potential of losing customers is too great for companies to be passive on security.
Safeguarding Against Cyberthreats
Ransomware, denial-of-service attacks, malware, phishing, crypto-jacking, spear-phishing; the list of threats only continue to grow. Cybersecurity experts often warn that it’s not a matter of if, but when a company will have a breach or be attacked. In fact, the average time to identify a breach is 197 days, according to the Ponemon security study. A company’s information and data could be exposed for more than half a year before the breach is discovered. Even when a breach is discovered, it might take more than 60 days to fully contain it.
Despite the risk, many businesses are finding they are unprepared to prevent and respond to cyberthreats. Hacking tools are far more readily available, and criminals have learned how to exploit and monetize these attacks.
Most data breaches can be traced to one of three root causes, according to the 2018 Cost of Data Breach Study from the Ponemon Institute. The three root causes include malicious/criminal attack (48 percent), negligent employees or contractors (27 percent), and system glitches (25 percent), such as IT or business process failures.
A good starting point for developing a comprehensive security plan is identifying all potential threats and vulnerabilities throughout the IT infrastructure. This process begins with a full audit of internal systems and a review of current data management processes. Companies should look at everything from data center security to physical office security. To ensure a thorough analysis is conducted, it’s also important to evaluate the security provided by technology vendors and partners.
Logistics Security Begins With A Secure TMS
In the last ten years, transportation and logistics operations have undergone a dramatic digital transformation. The digitized supply chain has created efficiencies, provided more actionable data analysis, and created more transparency of freight movements. Today’s logistics operations rely on a growing interconnected system of tools with an increasing amount of data flowing between them, their customers, and their partners.
With so many data connections, it’s critical for companies to choose secure tools, including a transportation management system (TMS). Along with enterprise resource planning (ERP) and warehouse management systems (WMS), the TMS is one of the core systems within a shipper or third-party logistics provider (3PL) infrastructure.
When looking for a secure TMS, here are some factors to consider:
  • The vendor should use security best practices and undergo regular audits to assess vulnerabilities.
  • Vendor operations should conform to Information Security Management Systems ISO 27001:2013.
  • Automated security-testing to mimic real-world hacking techniques and attacks, to assess security vulnerabilities.
  • Virus scans are run every 15 minutes on the vendors network, and Bit9 is employed for endpoint protection in the SaaS environment.
  • 2048-bit SHA-256 SSL certificates are used to secure interaction between customer endpoints and the TMS software.
  • Data in transit is secured using the following protocols: HTTPS, FTP, FTPS, SFTP, MQ/SSL, AS2, PGP, VPN.
  • Software developers pay specific attention to the Open Web Application Security Project (OWASP) Top 10 Most Critical Web Application Security Risks.
  • Overall application security is based on organization hierarchy modeling and user roles with permissibility and data restrictions depending on roles.
  • All supply chain partners/users are only able to view information that the customer permits.
  • Within the application, hierarchies are secured from the top level down; authority to functions require specifically granted personal or role authorities.
  • The data centers for the software should be SSAE 16 SOC 2 Type II certified and provide near-100-pecent uptime.
Logistics operations have a growing digital footprint, and their systems carry more and more valuable data. Any breach, attack, or disruption can have severe and crippling consequences to a supply chain, including added expenses, delayed time to market, and ultimately lost business opportunities.

Request a MercuryGate Demo to Get Started

Share on email
Share on facebook
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *