top of page

What does the cyber insider threat look like for logistics firms?

Updated: Oct 25, 2022

Getting stuff from A to B has never been more important or more in the public eye. And with the challenges of the pandemic, Brexit and spiking fuel costs, logistics companies are coming under increasing pressure around delivering on time and at low cost. Unfortunately, cyber criminals don’t care about that and if logistics companies are not prepared, they could easily fall victim to a cyber-attack. And an attack enabled by a staff member – either purposefully or accidentally is a major way that this could occur.

Criminals understand that logistics companies depend on a delay free environment so that they can get their goods picked up and delivered quickly and efficiently. Anything that interferes with this will have to be dealt with straight away as delays cost money and reputational damage – that means ransom demands against logistics companies are likely to be paid quickly and quietly to ensure goods transits remains unaffected. That makes them particularly vulnerable to attack.

Recent Logistics and Transportation Cyber Attacks

There are plenty of examples of cyber-attacks affecting logistics and transportation companies in the past few months. Hellman Worldwide Logistics suffered a suspected ransomware attack in December 2021, which led to clients being targeted with fraudulent communications. Expeditors International - the world's sixth-largest freight forwarder reportedly shut down its computer systems after an attack limited its ability to manage customs and distribution activities. While they did not explicitly say it was a ransomware attack, the business did say it was restoring systems from backups, which is an indicator of that type of cyber-attack. And in February 2022 IT infrastructure at ports in Belgium and the Netherlands were reportedly subject of a cyber-attack.

Of key concern is the fact that smaller companies are even more likely to be impacted by a cyber-attack. “Often it’s the smallest carriers that have the weakest defences, and they get breached,” said Tim James Higham, CEO of InMotion Global, a company that provides IT systems to logistics companies. That was demonstrated when a small trucking company in the US, with less than 25 trucks was ransomwared in 2021 – a demand for $300K was made in return for a promise not to disclose sensitive shipping documents that had been stolen.

“Being a small company in a small town, you would have never thought a company like us would get targeted,” the owner said.

When the company refused to pay the data was leaked onto the dark web and all of the supply chain and customers affected had to be notified of the data breach. Only time will tell whether the incident leads to a loss of business to this small company and whether job losses follow.

What are cyber insider threats?

These generally come in two forms.

1. Malicious – often in the form of a disgruntled fired employee who wants to get back at their former company, though they can also come in the form of employees still working at the company. In that case they may be part of an organised crime network or an individual looking to harm the company through fraud, IT sabotage, intellectual property theft or espionage.

2. Accidental – in the form of employees who unintentionally expose confidential data through poor cyber hygiene, weak passwords or similar.

Whichever one they are they contribute to a significant number of data beaches every year

A 2017 report from Clearswift reported that “Organizations report that 42% of IT security incidents occur as a result of their employees’

In many cases breaches from former employees stem from an organisational failure to identify a change in employee status at the point the employee leaves the company – a classic disconnect between HR and the IT companies that are responsible for data security. Some companies are more vulnerable to this than others – it often occurs where there are high turnovers of staff or where the HR function is outsourced. But IT and HR policies and procedures are key to help companies combat the threat and make it more difficult for Insiders to operate.

What can you do to protect your company?

Threats like these are amongst the most difficult to guard against however there are some key considerations for companies.

Have clear HR policies around staff leaving the organisation and ensure that they are adhered to. All staff leaving to have documented and audited exit interviews to include return of company IT equipment, password cancellations etc., to limit opportunities for former staff members to be able to access company networks. Implement a handover period to try and limit impact on the organisation.

Make staff aware of the approaches that they might get and how to report them. One of Tesla’s employees was approached with a $1M deal for insider access. They reported it, helped with the investigation and a criminal was arrested. The ECRC can provide bespoke staff awareness training tailored to what threats your company and employees might face. Contact us now to find out more.

Implement strong access controls and allow access to systems that people really need rather than everything. If you were working in a physical location, you might have some areas which were only accessible to staff who worked there, and for anything really valuable, maybe a safe. But you wouldn’t give the safe keys to everyone who worked for you. If you’re not sure about access control take a look at one of our short videos about it.

Have internal network logging. This will enable you to see unusual activity, such as emailing eight thousand sensitive files outside of the network – this is how General Electric recently suffered a massive data breach. The NCSC has a free tool to help with this, Logging Made Easy. You can read more about it here.

Have policies and procedures which cover data control and access. Consider limiting the number of attachments that could be sent out at once, and then set up a rule which alerts you if any more than that are sent. This gives you the ability to check that what is being sent is going for a legitimate reason. Tell your staff that their emails are being monitored and tell them about the policy. If you are not sure whether your policies cover all that should be considered why not have a policy review with our affordable service provided by one of our students?

Further guidance & support

We recommend that all businesses in the Eastern region consider joining our growing community as a free core member. Community members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for small and medium sized businesses and charities who are based across the seven counties in the East of England.

The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex, and Kent).

Reporting a live cyber-attack 24/7

​If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing ​

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


Policing led - business focussed.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page