Getting Prepared for Rising Cyberthreats
Ransomware Attack Costs Maersk an Estimated $300 Million
The attack on Maersk is perhaps the worst-case scenario to date, but it is certainly not alone on the growing list of victims. Ransomware attacks are on the rise and they cost companies more than $8.1 billion globally in 2017, according to the IBM X-Force Threat Intelligence Index 2018 report. In addition to ransomware attacks, the IBM report notes that more than 2.9 billion records were leaked through publicly disclosed breaches.
Safeguarding Against Cyberthreats
Logistics Security Begins With A Secure TMS
- The vendor should use security best practices and undergo regular audits to assess vulnerabilities.
- Vendor operations should conform to Information Security Management Systems ISO 27001:2013.
- Automated security-testing to mimic real-world hacking techniques and attacks, to assess security vulnerabilities.
- Virus scans are run every 15 minutes on the vendors network, and Bit9 is employed for endpoint protection in the SaaS environment.
- 2048-bit SHA-256 SSL certificates are used to secure interaction between customer endpoints and the TMS software.
- Data in transit is secured using the following protocols: HTTPS, FTP, FTPS, SFTP, MQ/SSL, AS2, PGP, VPN.
- Software developers pay specific attention to the Open Web Application Security Project (OWASP) Top 10 Most Critical Web Application Security Risks.
- Overall application security is based on organization hierarchy modeling and user roles with permissibility and data restrictions depending on roles.
- All supply chain partners/users are only able to view information that the customer permits.
- Within the application, hierarchies are secured from the top level down; authority to functions require specifically granted personal or role authorities.
- The data centers for the software should be SSAE 16 SOC 2 Type II certified and provide near-100-pecent uptime.