Supply-Chain Cyber Risks to Third-Party Logistics (3PL)
WHY THIS MATTERS
Money makes the cyberattack world go round and round.
Bad actors are attracted to the third-party logistics (3PL) sector because it handles large amounts of cash, credit, and financial transfers. If the bad actors can access your systems via your supply chain, they will not miss the opportunity.
3PL companies cannot afford to lose time, money, data, or brand value because of a cyberattack.
How quickly can you recover from a cyber event without Stand-Alone Cyber Insurance?
If you have funds set aside to respond to a cyber incident, then perhaps you are less concerned about recovering on your own. Without testing your incident response in advance of an actual attack, your perspective may be that your team will be ready to excel during a cyber event.
On the other hand, if you are not prepared to handle the financial loss from a cyber event, then you will be on surer financial footing if you reach out to a specialist cyber insurance broker and carrier for advice on the most current and relevant cyber insurance for your specific cyber risks.
Digital Transformation in Logistics
The World Economic Forum (WEF) reports that digital transformation threatens to disrupt logistics fundamentally, but could also unlock $4 trillion of value for the industry and broader society.
More significantly, the WEF notes that digital platforms will become increasingly important in the logistics industry, allowing small companies to compete with larger companies and extend their global reach. Over the next few years, the race to build a dominant global platform will transform the customer experience of logistics, becoming the central issue in determining which enterprises will be the winners and losers in a genuinely digital logistics industry.
PWC reports that in a recent survey, 38% of logistics companies have significant unresolved questions surrounding data privacy and security.
What Hackers Want
Bad actors are in search of money and valuable data. The belief that cybercriminals only attack large enterprises is a misconception. The size of the business is less relevant than the sums of money transacted and the value of data collected and stored.
If your 3PL business conducts large financial transactions and holds rich, critical, sensitive data (client lists, intellectual property, personally identifiable information (PII), personal credit information (PCI)), then hackers are targeting you. If fraudsters are inside of your network, without your knowledge, they are conducting social engineering for future manipulation of employees.
The same cyber risks apply to members of your supply chain.
Global Supply-Chain Cyber Risks
Cybercrime syndicates, nation-states, and lone-wolf hackers position themselves to disrupt the global supply chain.
The growing cyberattack surface includes telecom carriers, workflow management software, and cloud assets.
Recently, Richard George, former National Security Agency (NSA) Technical Director of Information Assurance and current Senior Advisor for Cybersecurity at Johns Hopkins University, Applied Physics Laboratory, commented on cyber targets. George said in a speech to cybersecurity professionals: "It's not just the government that's a target, everybody's a target."
George observed that corporations must be on guard -- about untrustworthy entities within the supply chain, ensure transparency and cybersecurity posture, and limit entanglement with companies or countries that do not respect intellectual property rights.
George notes that every aspect of the global supply chain must be put under the microscope of cybersecurity, including distribution, processes, people, reputation, manufacturing, research and development, transportation, logistics, and facilities.
Kevin O'Marah, former manufacturing and supply chain contributor to Forbes wrote, "Where once we worried about localized mistakes or oversights upstream, now we worry about cataclysm, potentially at the hands of actors bent on destruction. The new world of supply chain risk means preparation for widespread, systemic disruption in our immediate future." O'Marah added: "As with war and natural disasters, cyber threats have the potential to kick off systemic failure, meaning a sort of domino effect whereby ordinary preparedness fails to overcome infrastructure, communication and human breakdowns."
In that same vein, Zac Rogers, Assistant Professor of Supply-Chain Management at Colorado State University, said, "Purchasing people tend to think of cybersecurity as an information systems problem." But his research indicates that two-thirds of breaches are a result of a supplier or third-party vulnerabilities.
During COVID-19, you may be working with new or substitute suppliers. Have you vetted their cyber hygiene? If they are not cyber secure, then you are not cyber secure.
Whether or not a ransomware victim decides to pay a ransom, the costs incurred from cyber-related business interruption (BI) can be devastating without cyber insurance coverage.
According to Korn Ferry, 74% of logistics companies surveyed last year reported networking disruption increased by 63% from 2013.
Coalition, Inc., a specialized cyber insurance MGA, tracks cyber claims frequency and severity. In H12020, Coalition found that hackers' ransom demands increased 47%.
The BI "Double Dip"
As "bad actors" begin to "double-dip," returning to the scene of the crime in a secondary attack, your support network will play a critical role in reducing the loss you suffer from cybercrime.
Recently, Toll Group had "returned to normal" after a MailTo ransomware attack in late January 2020. The 3PL re-enabled track and trace on deliveries and brought its core services back online -- more than six weeks after being infected by the ransomware.
Toll reported that its global freight forwarding operating platform, CargoWise One, was up and running with most customers reconnected to their integration platforms.
In May 2020, Toll Group experienced a second ransomware attack, apparently unrelated to the previous MailTo security incident. This threat involves the Nefilim ransomware.
The hackers accessed a corporate server containing information on Toll staff and some commercial agreements with enterprise customers. However, Toll said the server was not "designed as a repository for customer operational data."
Toll reported the hackers had downloaded data and threatened to publish it on the dark web if they refused to pay the ransom.
After the attack, the 3PL put their contingency plan in place and began using manual processes. Although their web portal is offline, freight and deliveries are carrying on. Toll has not confirmed the impact on customers while working with the Australian Cyber Security Centre (ASCS) to investigate the incident.
The ransom amounts and the estimated cost of the two business interruptions have not been disclosed.
In February 2020, Total Quality Logistics (TQL) confirmed a data breach of its IT systems, which comprised the security of their online portals for carriers. Hackers accessed carrier accounts, including, in many instances, tax ID numbers and bank account numbers," according to the company's website.
TQL has characterized the attack as a phishing attempt, and that further access to hackers has been blocked.
To date, TQL has notified approximately 20 carriers by email, reporting that they are working with the FBI, a third-party investigator, and a third-party cybersecurity firm.
TQL is the 25th largest logistics company and second-largest freight broker by revenue, according to Transport Topics. TQL is headquartered in Union Township, Ohio, provides domestic and international freight transportation and logistics services.
Wire Fraud via Business Email Compromise
Beyond ransomware attacks and data breaches, 3PL organizations need to be aware of funds transfer fraud, involving their team or a supplier's team.
According to the FBI, wire fraud referred to as Business Email Compromise (BEC) accounted for more than $26 billion in reported losses between July 2016 and September 2019 -- making it one of the costliest cybercrimes. The FBI's report did not take into account the increase in cyberattacks during the COVID-19 pandemic.
Funds transfer fraud involves manipulating an employee through social engineering techniques that prey on our inherent sense of trust. Fraudsters trick an employee into wiring funds to a fake bank account based on fake wiring instruction via a spoof email, fake text message, or fake phone call. By the time the company discovers the imposter's deeds, the money may be irrecoverable (in part or in full).
Invoice manipulation is another form of funds transfer fraud conducted via social engineering. Hackers send a fake email from the company email account requesting payment to vendors or customers to a fake bank account. By the time the company discovers that their payments to vendors and customers have gone to cybercriminals, the money is long gone.
Coalition's recent report indicates BEC attacks have increased 67% from 2019 to 2020, and their success rate has increased dramatically. Hackers have capitalized on changes in employee behavior during COVID-19. For example, fraudsters successfully seek payments to alternative locations due to closed offices or the inability to receive mailed checks.
A security breach at one of your supply-chain team members is just as impactful as a direct cyberattack on your company's network.
Since 3PL companies coordinate the distribution of a complex network of operators, any supply-chain disruption may impact their entire network, including health, safety, and company finances.
What can 3PL companies do to reduce supply-chain cyber vulnerabilities?
3PL companies need to ensure that third-party vendors conduct cyber risk assessments to confirm their cyber risk management plan and best practices.
According to National Defense Magazine, experts find that good cyber hygiene requires:
- Design incident protocols
- Implement protected software update systems
- Narrow third-party access to systems
- Inspect and secure current infrastructure
- Insist on transparency with strategic partners, and
- Lock in due diligence throughout the lifecycle of the organization's IT components.
In their recent report, Coalition suggests five essential cyber risk mitigation steps that apply to businesses of all types and sizes:
- Multi-factor authentication – Turn on multi-factor authentication (MFA) for all business-critical services, including corporate email accounts, VPNs, financial accounts, and any other application where sensitive information is stored. While it is nearly impossible to prevent phishing entirely, using MFA can stop criminals in their tracks.
- Routine backups – Regularly back up your systems and information, and store backups in an offsite location not connected to your main business network, which makes it far more difficult for a criminal hacker to delete or encrypt your backups.
- Password management – Encourage employees to use a password manager (e.g., Lastpass, 1Password, or the password managers built into web browsers like Chrome or Safari). Using strong, unique passwords for each of the services you use can help prevent common brute force or credential stuffing techniques.
- Email security – Implement necessary, free email security measures including SPF, DKIM, DMARC, and an anti-phishing solution. Email is the single most targeted point of entry into an organization for a criminal hacker, and the implementation of these email security measures can be done quickly.
- Wire transfer verification – Implement a dual-control process when making funds transfers, such as confirming the instructions with the person seeking the changes. Today, it is no longer safe to assume that email is a secure means of communication.
Stand-Alone Cyber Insurance
If hackers breach your security, directly or via a supplier, you can rely on your comprehensive cyber insurance coverage, referred to as Stand-Alone Cyber Insurance. For example:
- Business interruption (BI) coverage – if a carrier offers this coverage, it typically includes lost profits and extra expenses associated with continuing to run your business, including payroll expenses. You will want to review your limits with your broker and carrier.
- Contingent business interruption (CBI) coverage – if a carrier offers this coverage, it typically includes lost profits and extra expenses resulting from an interruption of business at the premises of a customer or supplier (i.e., outside of your control). You will want to review any sub-limits with your broker and carrier.
- Third-party costs coverage – includes costs you incur when someone files a claim or lawsuit against your business seeking damages, or when a regulator serves you with notice of a regulatory action seeking fines or penalties.
- Social Engineering coverage – robust cyber insurance policies offer coverage for social engineering, funds transfer fraud, or invoice manipulation, some with assistance in recovering some or all funds, and others reimbursing you for the lost funds. You will want to review your limits with your broker and carrier.
Cyber insurance works. Not only can it make the policyholder whole, it can help them recover operationally. Your best cyber solution is a team of professionals who are laser-focused to find the most robust Stand-Alone Cyber Insurance policy for your risk tolerance level.
- Cybersecurity measures are an essential part of your cyber risk management, but they are only as effective as the weakest team member of your supply chain.
- Prevention, detection, and mitigation require due diligence in planning and preparing for a cyber incident involving a data breach, ransomware attack, denial of service attack, fraudulent wire transfer, or fraudulent invoice manipulation.
- If your cybersecurity measures fail to prevent a cyber incident, you will benefit from having transferred residual cyber risk to a Stand-Alone Cyber Insurance Policy, most notably:
- An Incident Response Plan (developed in collaboration with your cyber insurance carrier) will provide you with a team of specialists to guide you through a cyberattack response.
- An Incident Response Team, and highly-qualified cyber claims professionals, will be laser-focused on how to stop a cyber invasion, prevent further loss, detect the root cause of the cyberattack, and then mitigate the loss to reduce its impact.
- Protect your financial viability and bottom line after a cyber loss.
- A dedicated Stand-Alone Cyber Insurance policy clearly and affirmatively provides essential services and cyber coverage in real-time.
Reach out to a specialist cyber broker, such as Cyber Armada Insurance. We offer you cyber solutions that help you assess, plan, and respond to cyber events.
Contact Cyber Armada today at 888.727.6232 or https://www.cyber-armada.com/
Please watch for our next article on Defense Supply-Chain Cyber Risks.