Cyberattacks are continuing to rise in the UK. According to the Office for National Statistics’ latest figures, over 43% of UK businesses experienced a cyber breach in the last 12 months. While the recent attacks on retailers such as M&S and the Co-op have grabbed the headlines, other sectors, which are far more important to Peterborough’s economy, such as logistics, have also been hit hard. The logistics sector employs around 11,000 people in Peterborough, representing 9.4% of the workforce. With the new 21-acre logistics park at Peterborough South, a regional distribution superhub by Lineage Logistics, and a new facility for City Auction Group, its importance to the city is set to grow rapidly.
While this growth is to be welcomed, it does bring risks. The recent BBC documentary on the fall of logistics firm, Knights of Old, following a cyber-attack, Fighting Cyber Criminals, is a cautionary tale for the logistics and haulage industries. Virtually overnight, this 158-year-old firm was crippled, leading to its closure and the loss of over 700 jobs. A simple mistake by an employee allowed the Akira ransomware into Knights of Old’s system, locking the business out of its own system. It is thought the hackers demanded £3.7m ($5m) to hand control back, but when the firm failed to raise the cash in time, they had no choice but to call in the administrators.
Knights of Old is by no means the only logistics firm to be targeted by hackers. Logistics and haulage firms are seen as easy targets by cyber criminals. Their tendency to be linked to several third-party systems, weaknesses in their own, often outdated IT, their reliance on technology, and a lack of staff training/awareness of the threats, means the fate of Knights of Old isn’t an uncommon one.
Worryingly, it’s a situation that is going to get significantly worse. AI is now being harassed by cyber criminals, a move that is causing great concern in the logistics industry. Major UK ports, including Felixstowe, have been subjected to attacks by state-backed hackers. NATO’s cyber defence hub, the Cooperative Cyber Defence Centre of Excellence (CCDCOE) latest report has described the ports as ‘magnets’ for cybercrime. With 80% of the world’s trade passing through these ports, the levels of disruption could easily match the pandemic.
Fortunately, there are ways that logistics firms can protect themselves from this menace. From training staff, updating systems, and investing in cyber insurance as part of their package logistics insurance, businesses can avoid Knights of Old’s fate.
In this latest blog from Coversure, one of the UK’s leading logistics insurance brokers, we’ll offer some simple tips on how to stay safe and how cyber insurance can help. We hope that you’ll find this of use, but if you’d like some independent insurance advice, then please get in touch. You can call us on 01482 434343, request a callback, or get an insurance quote today.
The Coversure Peterborough Team
7 Tips For Preventing A Cyber Attack On A Logistics Business
Tip 1: Train your employees
Cybersecurity isn’t just the IT department’s job; it’s everybody’s job. Knights of Old were brought down by an undertrained employee clicking on the wrong link or accidentally giving the hackers access. It’s imperative that staff, especially in departments like HR, finance, and dispatch, are aware of things like phishing and social engineering attacks, and that if in any doubt, get help.
Drivers pose a significant risk, too. They need to be trained on things like the safe use of mobiles and avoiding unsecured networks or fake Wi-Fi networks at rest areas. Mobiles have become an easy entrance point for hackers looking to infiltrate logistics firms, so make sure your drivers are aware of the dangers.
Tip 2: Strengthen Access Controls
Once upon a time, system access was limited and easy to control. Most firms either had closed internal networks or had access to a secure partner network. Thanks to the proliferation of tools such as route planning, transport and warehousing systems, and telematics, there are multiple points of connection.
To secure these, use unique passwords for each user, enforce regular (once a month) password changes, and multi-factor authentication (receiving a confirmatory text or mobile push notification) for drivers, dispatchers, and admin staff. Also, limit user permissions. Only give access to those who need it and limit them to the data that they need.
Tip 3: Secure Operational Technologies
Almost all logistics and haulage businesses rely on operational technologies these days, so they need to protect them. Steps such as securing GPS and fleet tracking systems with secure logins by installing regular software updates, and isolating transport control systems from the internet can significantly boost security levels. When it comes to warehouse management systems, restrict access and only use encrypted connections. Professional encryption will mean that even if the data is exposed, the hackers won’t be able to use it.
Tip 4: Maintain Strong System Hygiene
This is basic, but it’s shocking how often out-of-date software, or software that hasn’t had updates applied, is the cause of problems. The primary reason the NHS was vulnerable to the WannaCry ransomware attack in 2017 was due to a failure to apply critical security updates for Windows. Logistics firms need to update routing, scheduling, and delivery apps, as well as patch telematics hardware and onboard vehicle devices to close vulnerabilities. Running antivirus and endpoint protection on all office and mobile devices also makes a lot of sense.
Tip 5: Secure Remote and Mobile Workforces
As we have said, mobile devices are a particular problem when it comes to cybersecurity. Ideally, drivers should have secure mobile devices. Remote dispatchers, contractors and warehouse staff should all have access to a virtual private network (VPN), and if any devices are lost or stolen, there should be a facility to wipe them remotely and block them from all systems.
Tip 6: Protect Sensitive Logistics Data
Encrypting customer, shipment, and partner data in storage and transit should be viewed as essential. Equally, run audits on third-party logistics (3PL) partners for cybersecurity compliance and ask about their cybersecurity protocols. Third-party system infections are rife, and if yours infects someone else’s, you can face legal action for compensation. Secure your EDI (Electronic Data Interchange) and invoice systems against spoofing or fraud.
Tip 6: Back Up and Prepare for Recovery
While backing up won’t necessarily save your business, as Knights of Old found to their cost, secure, external backups can be invaluable. Things like backup delivery schedules, route data, and ERP systems should be updated daily. And have a cyber incident response plan in place. The chances are you will need it one day, so include contacts for IT, insurance, and key clients so you can act quickly and effectively.
Tip 7: Invest In Cyber Insurance
Cyber insurance covers losses relating to damage or loss of information from an organisation’s IT systems and networks. While it cannot prevent a cyber-attack, it can help you pick up the pieces if you are the victim of a successful attempt. A typical policy gives you financial protection should your business be subjected to:
- Data loss
- Extortion claims
- Network damage
- Business interruption
- Legal fees
ONS figures suggest that the average cost of a successful cybercrime on a UK business was around £1,120. These figures don’t account for reputational damage or data loss penalties, which can send costs spiralling.
Get Some Cyber Insurance Help
If you’d like some independent cyber insurance advice or a cyber insurance quote, then please get in touch. Our team of independent specialists are expert in this field, and as Coversure is one of the UK’s leading providers of logistics insurance, we can give you all the help you need to keep your business safe. To find our more, please call us on 01482 434343, request a callback, or get an insurance quote today.
