Getting stuff from A to B has never been more important or more in the public eye. And with the challenges of the pandemic, Brexit and high fuel costs, logistics companies are coming under increasing pressure around delivering on time and at low cost. Unfortunately, cyber criminals don’t care about that and if logistics companies are not prepared, they could easily fall victim to a cyber-attack. And an attack enabled by a staff member – either purposefully or accidentally is a major way that this could occur.
Criminals understand that logistics companies depend on a delay free environment so that they can get their goods picked up and delivered quickly and efficiently. Anything that interferes with this will have to be dealt with straight away as delays cost money and reputational damage – that means ransom demands against logistics companies are likely to be paid quickly and quietly to ensure goods transits remains unaffected. That makes them particularly vulnerable to attack.
There are plenty of examples of cyber-attacks affecting logistics and transportation companies in the past few months. Hellman Worldwide Logistics suffered a suspected ransomware attack in December 2021, which led to clients being targeted with fraudulent communications. Expeditors International - the world's sixth-largest freight forwarder reportedly shut down its computer systems after an attack limited its ability to manage customs and distribution activities. While they did not explicitly say it was a ransomware attack, the business did say it was restoring systems from backups, which is an indicator of that type of cyber-attack. And in February 2022 IT infrastructure at ports in Belgium and the Netherlands were reportedly subject of a cyber-attack.
Of key concern is the fact that smaller companies are even more likely to be impacted by a cyber-attack. “Often it’s the smallest carriers that have the weakest defences, and they get breached,” said Tim James Higham, CEO of InMotion Global, a company that provides IT systems to logistics companies. That was demonstrated when a small trucking company in the US, with less than 25 trucks was ransomwared in 2021 – a demand for $300K was made in return for a promise not to disclose sensitive shipping documents that had been stolen.
“Being a small company in a small town, you would have never thought a company like us would get targeted,” the owner said.
When the company refused to pay the data was leaked onto the dark web and all of the supply chain and customers affected had to be notified of the data breach. Only time will tell whether the incident leads to a loss of business to this small company and whether job losses follow.
What is Cyber Essentials and how can it help you?
Cyber Essentials is a simple and effective UK Government-back scheme designed to help protect organisations from the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.
Implementing the controls suggested means that 99% of common cyber-attacks will be fully or partially mitigated! And some of these controls aren't complicated or expensive.
99% is not 100% that is true, but in today’s world of ever-changing threats and new technology there is no solution where you will be 100% protected, unless you never use a computer at all, which for a business, no matter what size you are is rather unlikely.
Cybercrime is increasing and affects all types and sizes of businesses, even smaller ones. And all certified organisations can take advantage of the free £25000 cyber insurance which is provided.
But don’t just listen to us - see what one organisation in our region said about how useful they found the included incident response service after they had suffered a cyber-attack.
‘For anyone who doubts the value of Cyber Essentials this will hopefully clear any misgivings they may haver. Firstly, the professionalism of the services provided by all those connected with the insurance claim was first class and put the client’s mind at ease. Secondly the ICO’s acknowledgement by following Cyber Essentials, the Trust had taken appropriate measures in its protection of data is good to know.’
DPO for Education – an organisation that supported the school through the attack, and a partner of the Eastern Cyber Resilience Centre went on to say.
‘(Cyber Essentials) is not the silver bullet. However, in this example, the £450 spent on Cyber Essentials scheme has proven to be great value and we will continue to urge all organisations to consider it.’
What should I do next?
Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your firm’s cyber resilience and can offer guidance to free tools that you can implement straight away. What’s more, we will enrol you on a free program called Little Steps, which will help you prepare for the Cyber Essentials certification process, should you wish to do so.
Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.
Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide technical help if required.
Further Guidance and Support
The ECRC is a police-led, not for profit organisation which companies can join for free.
When you join our community, you get:
Threat alerts both regionally and nationally
Signposting to free tools and resources from both Policing and the NCSC
Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience.
Discussion area to meet and talk to other companies in the region and our partners.
Support from the ECRC team
Free App – search for ECR Centre on both stores
We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed especially for small and medium businesses. So, when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.
Reporting Cyber Crime
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to email@example.com. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad)