We’ve often written within these pages about the importance of connectivity.
Indeed, modern transportation and trade management software platforms are built to leverage the benefits of connecting supply chain partners easily and quickly.
But they need to ensure that connectivity doesn’t hurt their operations and those of their suppliers and service providers. Shippers, carriers, and logistics services providers need to know that the data exchanged on these connectivity platforms is protected.
And the burden of that protection isn’t merely on the software provider. It’s also on the users of software solutions, and all the parties that connect to the solution. As the saying goes, a chain is only as strong as its weakest link.
Allow me emphasize this point—data protection is not just the responsibility of the software provider. Undoubtedly, solutions providers go to great lengths to make sure their systems are secure, but no system is impenetrable.
This means shippers, and their ecosystem of partners, need to proactively move to protect data being shared between their companies. That might sound like common knowledge at this point, what with the degree of connectedness that links the social and business worlds.
But consider the words of Lars Jensen, chief executive officer of the maritime security firm Cyberkeel and its sister company SeaIntel. In a conversation on the sidelines of the 15th annual TPM Conference in Long Beach, Calif., in early March, he explained how vulnerable the world’s top liner carriers were to a cyber attack.
Jensen said he had penetrated each and every one of their systems, and noted the easiest way to do so was not very high-tech at all. All it would take is getting the login and password access to a carrier’s system from someone willing to give up that crucial information. And that’s as easy as convincing a person to log in to a mirror site that collects such information.
Jensen said the threats don’t end there. Hackers have become so sophisticated at cracking encryptions and planting their own that companies ought to have multi-layered contingency plans to ensure their data is preserved and processes can continue in the event of an all-out attack.
Look, I understand that cyber security falls in that bucket of flood insurance or daily exercise. Everyone knows it’s important—the question is, does a company wait to do something about it before it happens or after they’ve been hit?
I’ll argue here that this should be a proactive exercise. Waiting until data is compromised means subjecting your company to all sorts of damage—to your customers, suppliers, transportation and logistics providers, and data partners. It’s a crisis waiting to happen.
Data protection can get pretty weedy—just check out the security policy of software-as-a-service, cloud-deployed solutions provider GT Nexus. Virtually every transportation and trade technology provider has similar language on its website.
Of course, policies don’t stop hackers, nor do they stop moles inside an organization. What does stop those is encryption as a frontline measure, and contingency plans as a backline measure. Jensen said companies that don’t have their critical data stored and secured in a remote, decoupled location are subjecting themselves to vulnerabilities.
During a presentation at TPM, he again noted that he had successfully breached each of the world’s top 15 container lines. Ports and shipping lines have been breached in the past by those with mal intent, Jensen noted in the session.
Many of these breaches aren’t sophisticated either—they’re simply a result of login information being compromised.
Most organizations don’t have a proper handle on the importance of data security. Some are spending more than they need to, based on their risk. But the majority are not even aware of the extent of their risk.
Last year, Oracle’s Chief Security Officer Market Pulse survey found that 40 percent of respondents believed their databases were safe, because they were embedded deep behind a security perimeter.
“Talk about a false sense of security,” Oracle said.
Companies need to think of their data as assets, just as they would warehouses, trucks, manufacturing plants, or people. With 66 percent of companies’ most valuable data stored in databases, according to Oracle, companies need to define what data elements are key strategic corporate assets.
And supply chain carries one of the more inherent risks to that data, simply because it is the area of an enterprise where connectivity to partners is so critical for success.
“The proliferation of data access [think partners and customers] means mission-critical data—including that in databases—can be exposed,” Oracle said.
So, where do you go from here? Start with conversations—discuss the issue with your IT department. Make it a C-level discussion, so IT is not isolated. Talk with your supply chain partners and ascertain their levels of data security. Talk with your software providers about what they currently do, and how they can help secure the data flowing through your supply chain, both internally and externally.
Remember, this is not about threat elimination, but rather threat minimization. And it’s also about having a backup plan for when there is a catastrophic data breach.
The more I see software companies talk about the number of parties they have connected to their platforms, the more I think about how all the connectivity impacts shippers and LSPs, both positively and negatively. There aren’t many negatives. But ensuring your supply chain is protected and agile enough to recover from a crisis can turn this one big negative of connectivity into merely a big deal, rather than a really, really big deal.
This column was published in the April 2015 issue of American Shipper.