Cybersecurity and Logistics: Two DOs and Three DON’Ts

TalkTalk Business recently commissioned independent research into how UK logistics workers view the future of their industry. (You can see the full details below.) This large-scale survey revealed some fascinating insights. 

We spoke to both frontline workers and IT leaders as part of this research. Both cohorts agreed that automation and AI are destined to play an increasingly central role in logistics over the coming years. Interestingly, however, the IT leaders we spoke to viewed cybersecurity as being of even higher priority, in terms of focus and investment.

In all, 85% of IT leaders viewed cybersecurity as the most important factor in building supply-chain resilience over the next decade. (For 75% of frontline workers, the automation of warehouses was seen as the key resilience-builder of the 2020s.) These IT leaders are clearly keenly aware of the growing and ever-evolving risk that hackers represent to the logistics industry. 

Hacking: a booming global industry

Criminal hacking – compromising businesses’ IT systems for financial gain – has been a source of anxiety for IT managers for decades. And thanks to hacking tools and exploitable data now being openly sold on the dark web, recent years have seen the problem grow to epidemic levels.

Back in 2021, while the global logistics industry was struggling to adapt to the myriad challenges arising from the pandemic, hackers went into overdrive. For the fifth consecutive year, the number of security attacks hit record new highs, with zero-day exploits almost doubling in frequency from 2020. During 2021, a staggering 66% of organisations experienced at least one attempted ransomware attack. And for the attacks that weren’t caught or quashed in time, the average ransom payout soared to £1.48million.

Logistics organisations make for particularly tempting targets for hackers. There are a number of reasons for this: There’s the vast amount of data that hurtles around the average logistics business on an hourly basis. There’s the sheer variety of that data, which contains not only sensitive information about the logistics business itself, but of all its clients, too. 

There’s the wealth of payment and banking data, which could potentially include details of hundreds, thousands or even millions of B2C customers. And, finally, there’s the potential for hackers to threaten havoc to delicately balanced supply chains. Attacking a logistics organisation will rarely affect only the business itself – the knock-on effects will be felt far and wide.

So, how can IT leaders work to protect their business, their clients and their colleagues from bad actors? Here are five cybersecurity essentials. 

DO audit your entire supply chain

By their very nature, logistics businesses are complicated machines with lots of moving parts. There will be several areas of your network that offer access to your customers, and/or rely on software provided by third parties. Each of these represents a potential risk – and an opportunity for hackers to use a so-called ‘supply-chain attack’ (also known as a value-chain or third-party attack).

One of the most notorious instances of a supply-chain attack was the SolarWinds hack of 2020. A professional hacking group known as Nobelium gained access to SolarWinds’ Orion software – used to assist with the running of businesses’ infrastructures and supply chains – and used it to exploit data from more than 30,000 public and private SolarWinds customers, including the US government.

It only takes one weak link in the chain to open your business up to risk, so a forensic auditing is well worth the time and effort it takes.

DON’T rely on castle-and-moat cybersecurity

If your logistics organisation is partly reliant on legacy systems for its day-to-day operations, there may be facets of your IT network still using castle-and-moat cybersecurity. This method is a relic from an earlier age, when the majority of a business’s data was contained in a single data centre (or ‘castle’) and protected by firewalls (the ‘moat’). 

As new ‘castles’ were added to the network – salespeople’s laptops, for example – new ‘moats’ were added to protect each of them. This approach was somewhat flawed even in its heyday, as the ever-expanding interconnections between the castles became increasingly difficult to protect. 

In the modern era of cloud computing and the internet of things (IoT), castle-and-moat cybersecurity is all but useless. If you’re still relying on firewalls to protect you from hackers, you’re not really protected at all.

DON’T assume colleagues are phishing-attack-proof  

Members of your IT team are unlikely to fall for a standard-issue phishing attack – but they are, of course, not the only people in your organisation who use your network.

The vast majority of breaches by hackers targeting the logistics industry are attempted via email. Phishing attacks – whereby hackers convincingly pose as clients or colleagues – account for 33% of these attempts. Malicious links sent within emails account for 27%, while malicious attachments account for 35%.

You would hope that, in 2023, most people would know better than to click on an unknown link or attachment, or hand over sensitive information without double-checking who’s really asking for it. But with these emails becoming increasingly sophisticated and convincing, it only takes one colleague to unthinkingly click the wrong thing and the whole network can come crashing down. 

As such, a quick all-staff email highlighting the dangers of lax email cybersecurity can go a long way in protecting your business.

DON’T forget about your robots  

If your logistics business has enthusiastically adopted automation, then that automation offers hundreds of prime points of attack for hackers.

These robots and sensors may not be directly handling valuable customer data or sensitive shipment information, but as part of a wider network of connected objects – the IoT in action – they have an array of vulnerabilities. These can relate to firmware, hardware, connections to the network, connections to each other, and web or mobile applications used to control the automation. 

Hackers may not be able to retrieve valuable banking details from a team of robots, but they can still bring that team of robots to a standstill in costly and damaging ways. At which point the inevitable monetary demand – the endgame of any ransomware attack – is made.

When it comes to the IoT, it pays to err on the side of caution. Hackers’ ingenuity unfortunately knows no bounds: they’ve even been known to use compromised smartphones to record typing sounds and decipher passwords by analysing the audio. 

DO embrace zero trust 

Zero-trust security – sometimes known as perimeterless security – is one of the most buzzed-over concepts in modern IT, and with good reason. 

Zero trust is a deep and multifaceted approach to cybersecurity. It can be briefly summarised as a framework that requires all users – inside and outside of your network – to be fully authenticated and continuously validated in order to gain or retain access to your data and applications.

It’s a necessarily paranoid approach that truly lives up to its name – zero trust. And if your logistics business is determined to stay resilient as it migrates to the cloud and embraces automation, it’s pretty much essential. 

Getting ready for resilience

Today’s cybersecurity threats demand a steadfast response from your business – a response underpinned by a strong, scalable, secure network. 

With TalkTalk Business, your network is designed around you. You’ll have the speed, flexibility and rock-solid resilience you need to fully protect and future-proof your business.

Now’s the moment to start outpacing the hackers. Get yourself ahead of the game with TalkTalk Business.

Learn more about how logistics is evolving – and how these changes are viewed by industry insiders. Read our exclusive whitepaper: AI, Automation and Where Logistics Goes Next. 

About the research

In September 2022, we commissioned a survey by Vansorn Bourne of 300 senior IT decision-makers and frontline employees in business sizes ranging from 1,000-2,999 employees to those with 5,000 or more.