Cyberattacks are on the rise in the logistics industry, with varying degrees of severity. In the worst cases, organizations have experienced severe outages and faced long-standing repercussions. While attacks were a concern before the coronavirus swept the globe in 2020, the pandemic — and the subsequent industry investment boom — has shed new light on logistics companies, garnering increased attention from both the general public and more malicious forces like hackers.
With an increase in security breaches, companies across the industry are realizing that their current strategies are not doing enough to safeguard their systems, files and data. This realization has piqued many organizations’ interest in zero trust security.
“Most security models are designed to protect the perimeter. If you get inside, you can access most systems and capabilities,” says Werner Enterprises CTO Danny Lilley. “With zero trust, even if someone gets into a section of your system, they need to reconnect and reverify to get into another section.”
This means that, when attacks do occur, they are significantly less widespread and less devastating for the company at hand, its customers and its partners because hackers are essentially caught in one section of the organization’s system.
Zero trust security also means restricting internal information access to people who need it and are trained to interact with the information in question. By eliminating unnecessary access, companies reduce the risk of accidental data leaks and wipeouts coming from inside the company. While these incidents are typically not malicious, they can still prove harmful.
For logistics companies that are just now beginning to move away from older security models, Lilley recommends starting small and finding a trusted security partner to strengthen their position.
“One of the first things to consider is authentication processes. Look at multifactor authentication, and look at where users are accessing systems from,” Lilley suggests. “There are a lot of controls you can put into place on the outside to prevent the wrong people from getting inside.”
A strong partner is the backbone of a solid security strategy.
“It is not something anyone should ever build in-house. There are people who do this all day, every day and have great systems,” Lilley explains. “I highly recommend partnering with a third party. We, ourselves, have recently moved away from an in-house system to third-party partnership.”
No security system — zero trust or otherwise — can eliminate all risk. Training is an integral part of implementing any new system and having a properly trained team will lower risks more than simply adopting a new strategy.
Phishing is a prime example of why employee and partner training is an essential part of a security strategy. These attacks are both internal and external in nature, as they typically require someone on the inside to interact with the threat to do any real damage. These threats play on people’s natural tendency to trust others, and they are becoming more convincing and more common.
“I can put the best security around the organization, and all that can go out the window if one person clicks on a bad email. It is important that users are trained to recognize a phishing attack and know what to do. That is probably the most common attack vector, and training is essential.”
The logistics space is particularly predisposed to security risks because it is so collaborative in nature. That means that security assessments and training efforts often need to extend beyond an organization, reaching its partners and vendors. If one of a company’s partners experiences a catastrophic data breach, that company will be at risk regardless of their own security strategies.
“Vetting every vendor and third party you work with — understanding their risks and their security protocols — is an essential part of your security strategy,” says Lilley. “At Werner, we do an extensive security check before we introduce any new partner or vendor to our systems.”
Ultimately, when one company in the logistics industry takes steps to strengthen their security position, their partners and vendors benefit too. As more companies move to zero trust strategies, the supply chain as a whole will become safer.
“Although the rate of innovation in the transportation industry is higher than ever, there is still work to be done to improve security measures across the board.”