In a theme that has played out countless times in science fiction, from “Terminator” to “Star Trek,” the very technology that helps realize some of humanity’s loftiest ambitions can also be a source of serious headaches. In the global supply chain, the vast streams of information that allow a shipment of artisanal coffee beans to seamlessly transit from Kenya to Kentucky on trucks and a container ship also represent golden opportunities for hackers staging ransomware attacks.
Recent attacks on two companies, ECU Worldwide and Faxinating Solutions, are sobering examples. ECU specializes in consolidating multiple shipments into single shipping containers and getting them to destinations around the world. Faxinating Solutions, as a provider of electronic data interchange (EDI) services, sits at the nexus of key data transmitted between some of the largest shippers in North America and trucking and logistics providers.
Much remains unknown about the extent of the attacks. In the case of Faxinating Solutions, the company’s CEO told FreightWaves there was no evidence that its EDI operations were compromised. A spokesperson for ECU’s owner, Allcargo Logistics (NSE:ALLCARGO) said only that the company “will take any steps necessary, legal and otherwise, to protect our customers’ data and interests.” But the reality is that hackers frequently use an unwitting victim to stage attacks on its customers and business partners.
Withstanding ‘brutal’ ransomware attacks
Successful attacks like the ones that hit trucking and logistics firm Forward Air Corp. and shipping line CMA CGM can cripple operations, and have effects that ripple across their network of customers. Meanwhile, companies that can avoid operations disruptions still often face data theft, as well as exposure of sensitive information pertaining to operations, employees and customers. The attacks themselves can play out over weeks, undetected, as hackers monitor systems and attempt to pilfer data.
“It’s brutal,” said Jonathan Wright, IBM’s (NYSE:IBM) global head, Supply Chain for Business Transformation Services. “These are professionals.”
To put it in perspective, the Sodinokibi ransomware group, also known as REvil, made over $120 million in 2020 and stole more than 21 terabytes of data, according to a report released by IBM Security in February, the X-Force Threat Intelligence Index 2021.
Ransomware gangs like Sodinokibi aim to disrupt operations by encrypting and stealing data. They demand sums that can run into the millions in exchange for restoring the data and promising not to leak it. Attacks by these groups add a layer of turbulence to a supply chain that has already contended with the whiplash of the COVID-19 pandemic, from the early manufacturing shutdowns to the seemingly insatiable demand for consumer goods, not to mention container congestion, the blockage of the Suez Canal and more common events like bad weather.
It’s not just a phishing issue
The nature of threats facing companies is also evolving. Query transportation and logistics executives about cybersecurity best practices, and they’ll often point to efforts to train employees to identify phishing emails as the most important way to prevent cyberattacks.
But the IBM report found that in 2020, so-called scan-and-exploit attacks surpassed phishing as the single most common type of cyberattack. Those attacks involve hackers finding vulnerabilities in systems and taking advantage of them. The most common one involved exploiting Citrix servers.
Wright’s efforts at IBM focus on getting companies in the supply chain to modernize their systems to both allow them to have better access to their data and facilitate closer collaboration with partners in a secure environment. Wright and IBM are proponents of using a hybrid cloud platform with containers for different applications, with a single manager layer of security.
The basic idea: Allow different parties to work with one another in a supply chain while minimizing risk to the larger network. In the event of an attack on one supplier, for example, “it’s a bit less of an issue than if it’s one key node that takes down the whole business,” Wright said.
Figure out how to keep trucks moving and then invest, says Omnitracs exec
In many corners of the supply chain, especially small trucking companies, cybersecurity is new territory. But it’s one that is increasingly important as the same ransomware gangs that hit massive transportation and logistics companies also victimize tiny carriers.
Sharon Reynolds, chief information security officer for telematics provider Omnitracs, said that fleets need to think about their operational needs first.
“What I normally tell fleets of all sizes, especially smaller ones, [is] we tend to default to the technology, and I think that’s incorrect,” she said.
Instead, she advises carriers to think about what exactly they need to keep their trucks moving and business going: things like having paper processes in place and backups on hand.
“Build resiliency, from a business continuity standpoint, around the business process; the technology comes a little bit later,” she said. “If you can build resilience in the process, then that’s the most important thing. And then if you can find and identify the processes in your business that are most important, then when you apply the dollars around the technology and the cybersecurity, you’re not trying to solve the world, in your company, you’re just solving these critical pieces.”