cybersecurity in supply chain

03/10/2022

9 Essential Cybersecurity Tips for Logistics Managers

Discover the critical steps to safeguard your supply chain data and prevent costly breaches that disrupt your business.

Data is the lifeblood of the modern supply chain, and logistics cybersecurity is vital to protecting that data. Getting cybersecurity right helps you to strengthen your supply chain systems, build customer trust, and ensure the continuity of your business.

Key takeaways

 

  • Data protection is critical for modern supply chains—logistics cybersecurity helps companies avoid costly disruptions and lost business
  • Logistics managers must take a proactive, multi-layered approach—cybersecurity risk management and protection covers technologies, processes, and people
  • In addition to improving your own logistics information hygiene, it's equally essential to insist your supply chain partners also have strong cybersecurity in place
  • Partnering with an expert logistics provider like GEODIS ensures your data remains secure, while helping you to manage risk and improve operational performance

The consequences of supply chain data breaches

We don't have to look far to see the impact that poor logistics cybersecurity has on supply chain businesses:

 

  • Maersk NotPetya ransomware attack: Maersk, the shipping giant's global operations were shut down by a ransomware attack called "NotPetya." The attack cost Maersk an estimated $250-300 million. Their systems for booking cargo, tracking containers, and communicating with port terminals and customs authorities were down for weeks, causing major supply chain disruptions. 
  • Toll Group ransomware infection: Toll Group, an Australian logistics business that operates globally, suffered two ransomware attacks in a year, causing millions of dollars in losses.

 

When partnering with national and international logistics partners, it's important to secure your own supply chain data while understanding their logistics cybersecurity. Here are our essential tips and best practices on protecting your data—and ensuring your 3PL takes logistics security as seriously as you do.

 

Why data protection matters more than ever for your logistics operations

Digital transformation is usually a good thing—it helps logistics managers to take advantage of the latest technology, makes it easy to access supply chain information, and shares vital data with partners around the world. Real-time data access, sharing, and analysis drive better decision-making and more agile supply chains. 

 

The problem is that as these improvements give us more access to information, they also increase the "attack surface" for bad actors.

 

Digitalization, shared platforms, IoT devices, cloud-based systems, and remote access all provide ways for someone to attack and access your logistics data. These aren't just IT issues either—in today's threat landscape, everyone plays a part in protecting information and preventing supply chain disruptions. 

 

Securing the privacy, availability, and integrity of supply chain data has become central for any employee or organization. A proactive data protection strategy helps you avoid data loss, theft, or corruption and minimizes damage caused by a breach or disaster. You can harden your defenses and minimize risk exposure.

 

Here's how to do that.

GEODIS employee in Contract Logistics facililiy, Hong Kong, SAR China.jpg

1: Use strong, different passwords across supply chain systems

Strong password hygiene means using varied, robust passwords for every application, platform, email, or system you use. Logistics systems are business critical, so maintaining strong password security is even more important.

 

Here are a couple of helpful password guides for individuals from Google and ConnectSafely. Some best practices for creating and using passwords include:

 

  • Always use a strong password or passphrase, containing at least 12 characters
  • Include a mix of uppercase and lowercase letters, numbers, and symbols to make your password hard to guess
  • Don't use passwords that it would be easy form someone to predict, such as a child or pet's name, date of birth, address, company name, or similar information
  • Don't use common alphabetical or numeric sequences
  • Avoid obvious substitutions (such as replacing an "S" with a "$"
  • Use a separate password for each account, email, system, or application you access
  • Never share passwords with anyone
  • Change your passwords frequently (ideally every 90 days)
  • Store passwords in a password manager such as 1Password, Bitwarden, or Dashlane

How GEODIS protects and secures your logistics data

GEODIS uses best-in-class technologies, policies, and procedures to protect and secure your data. We base our data protection on ISO 27001 standards. Our technologies include: 

 

  • Next-generation firewalls for intrusion prevention and web content analysis functionality
  • Anti-virus with advanced threat features
  • Email security with dynamic threat analysis
  • Security Information and Event Management (SIEM) technology for centralized logging and monitoring
  • Third-party penetration testing to ensure technical controls and policies properly protect data and systems
  • Processes and technical controls for data protection and security
  • Minimum necessary permissions for user accounts
  • Monitoring for potential data exfiltration with intrusion prevention, network analysis, and best-in-class email security
  • Robust and secure communication protocols to secure data at rest and in transit
  • Annual SOC2 and SSAE18 audits

 

GEODIS maintains security awareness with all of our teammates, starting with new hire orientation, yearly security awareness, monthly newsletters, and internal phishing campaigns.

 

Get in touch and discover how our cybersecurity best practices help to protect your logistics data. 

2: Enable two-factor or multifactor authentication on any sensitive business system

Two-factor (2FA) and multi-factor authentication (MFA) rely on something other than a password to access a system or data. For example, two-factor authentication might be a one-time password (OTP) texted to your phone. Multifactor authentication might involve an authentication app on your phone that gives you a secure code only after scanning your fingerprint.

 

Go through your supply chain systems and turn on 2FA or MFA for each one. If you're not sure how to do this yourself, talk to your supply chain software vendor.

 

3: Backup your logistics data using the 3-2-1 rule

Supply chain cybersecurity isn't just about stopping bad actors from getting in—it's about ensuring you have robust and timely data backups if your systems go down. A good way to ensure you have strong disaster recovery is to follow the 3-2-1 rule for protecting your data.

 

  • Make at least 3 copies of your data—that should include your main production and systems data and at least two separate backups. That way, if your main system data is attacked and the first backup doesn't work, you have a secondary one that you can recover from.
  • Store the data copies on at least 2 different media types or storage systems, such as tape backups, disk backups, or cloud backups. This means you're not just relying on a single type of storage to protect your information.
  • Keep 1 copy of the data offsite, for example, in a separate, secure location or in the cloud. That way, if your main data center suffers a natural disaster that wipes out your local data, you'll have an offsite copy you can use.

     

Some additional tips to secure your sensitive supply chain data include:

 

  • Ensuring that you perform data backups automatically and regularly - ideally, you'll have real-time backups, and then an end-of-day and an end-of-week one
  • Verify and test your data backups regularly to ensure data integrity and recoverability
  • Encrypt your backups so that someone can't access the data without a decryption key—this is especially important for offsite or cloud-based copies

 

Strong backups give you a solid foundation for disaster recovery and data protection. This reduces your risk of supply chain disruptions due to malware, natural disasters, or hardware errors.

Alex COMPTON - GEODIS Endicott, NY, USA

4: Run cybersecurity software across your supply chain business including anti-virus, intrusion detection, and firewalls

Every business needs dedicated cybersecurity software:

 

  • A firewall restricts unauthorized access to your systems or data—it rejects unapproved login attempts and attacks on your public and private networks
  • Antivirus software continually scans your systems for malware—it identifies and removes trojans, worms, ransomware, and other dangerous software
  • Intrusion detection software scans your networks and systems—it identifies and tracks unauthorized users and alerts cybersecurity teams so they can take action

     

Keep all of this software up to date so you can block, identify, remove, and track any attempts to access your logistics data.

Cybersecurity threats are constantly evolving. You need a logistics provider that stays ahead of the curve. GEODIS invests in data protection to secure your supply chain.

5: Train logistics software users to identify and avoid phishing emails

Phishing emails are deceptive messages sent by a bad actor. These messages are designed to trick recipients into sharing sensitive information with criminals. This might include passwords, business finances, or other secret or privileged information.

 

Phishing emails can also include links that download malware or take the recipient to a website to steal information. Tips to spot identify and avoid phishing emails include:

 

  • Always double-check emails and avoid opening unsolicited attachments or clicking on links—scammers use them to transfer malware or viruses
  • Be wary of social engineering—scammers scrape personal information from the Internet and use it to impersonate friends or authority figures
  • Don’t blindly click links, instead of hover over the link with your mouse and verify that the link matches the text
  • If you do click an unsolicited link, and it takes you to a sign-in page, do not sign in—remember that if it sounds too good to be true, it probably is

     

6: Make sure that your connected IoT tracking and other logistics devices are secure

Always-connected Internet of Things (IoT) devices can be vulnerable to cyberattack. If a bad actor can get access via an IoT device, they may then be able to access other parts of your network and logistics data. IoT devices are an extremely common target for external attacks, unchanged default settings in devices can be guessed by attackers, and unpatched legacy devices may not be resilient to modern attacks.

 

Here's how to protect your logistics IoT trackers, sensors, and other devices:

 

  • Get strong operational technology (OT) cybersecurity in place
  • Monitor your GPS-connected IoT devices for possible security issues such as fake or jammed GPS signals
  • Make regular updates to your IoT firmware, in line with your vendor's recommendations
  • Patch the software and system that control your IoT devices to protect your network connections and resilience
  • Train staff on the security risks of IoT devices and how to deal with them

A data breach is costly on many levels - lost revenue, angry customers, damaged reputation. Don't leave your logistics operations exposed. GEODIS has the technology, processes, and expertise to secure your supply chain data.

7: Avoid Bill of Lading ransoming

A Bill of Lading (BoL) is a legal document that provides a detailed record of goods in transit. A BoL is subject to very strict regulations and legal compliance, and it provides an overview and paper trail of a shipment's journey. BoLs are required for a port to handover goods to a shipper. Without a BoL, a shipper cannot receive, transport, or process incoming shipments.

 

There are a couple of ways that criminals can take advantage of the BoL and hold shippers to ransom

 

  1. Bad actors and disreputable freight forwarders can refuse to issue BoLs, meaning that shippers cannot receive goods. These criminals then demand huge payments from shippers before releasing the BoL, often leaving the shipper with no choice but to pay.
  2. Cybercriminals might impersonate logistics companies and contact clients pretending their goods are blocked at the port of landing until a ransom is paid.

 

To avoid these issues, only contract with reliable freight forwarders, carriers, and other providers with a proven track record. Always double-check BoL documents to avoid issues. If someone claims that a BoL is missing, always conduct an independent investigation before paying any money.

 

8: Secure your website from impersonation 

Another way that criminals can take advantage of supply chain companies is through impersonating business websites. They can cline a website to a similar URL, and use the original company's name and reputation to fool customers and steal information. Build SSL and other good security practices into your website from the ground up. Take advantage of internet monitoring companies that look for and report on this type of issue.

 

9: Insist that supply chain partners also follow these best practices

While it's important to get your own house in order, it's equally essential to insist on robust cybersecurity practices from your logistics partners. Work with them to understand their policies, and capture your expectations in contracts and service-level agreements. 

How GEODIS can help 

GEODIS uses best-in-class technologies, processes and expertise to protect your supply chain data. Here's how we can help secure your logistics success:

 

  • Next-generation firewalls, anti-virus, email security and SIEM technology for advanced threat prevention and monitoring
  • Rigorous third-party penetration testing to validate our security controls and practices
  • Robust access controls, encryption, and secure communication protocols to safeguard data at rest and in transit
  • Comprehensive teammate security training, from new hire orientation to email phishing
  • Annual SOC2 and SSAE18 audits to ensure we continually meet the highest security standards
  • Integration with our full range of transportation, warehousing and freight forwarding services

 

Get in touch today to bulletproof your logistics data and avoid costly disruptions.

Jay Mia Network Infrastructure Manager at GEODIS

Jay Mia

Chief Security Officer, North, East & Central Europe at GEODIS

Jay Mia is an IT professional with over 20+ years in the field of Information Technology and IT Security.