Reducing Third-Party Logistics (3PL) Cyber Risks
WHY THIS MATTERS
The race to stay ahead of fraudsters and hackers has become a race without a finish line.
Investments in cyber risk management are vital to Third-Party Logistics (3PL) companies trying to keep pace with the recent increase in cyberattacks.
Even if your business is “cyber vigilant,” you may fall behind in the race toward cybersecurity.
Time is money when it comes to cyber risk. Please reach out to a specialized cyber insurance broker and cyber insurance carrier to ensure that you transfer the risk that you cannot control through your cybersecurity measures - your residual cyber risk - to obtain protection adequate to meet your cyber risk tolerance needs.
TRUCKING AND FREIGHT FORWARDING COMPANIES FACE EXPOSURES
According to the newly released 2020 Verizon Data Breach Investigations Report, money still makes the cybercrime world go round. “As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO of Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
Trucking and freight forwarding companies face cyber exposures that can overshadow the other losses, such as cargo theft, met in their day-to-day operations.
Internet of Things Risks Create a Gap in Cyber Defenses
The Internet of Things (IoT) takes the Internet to a new level, connecting devices that communicate directly with each other and removing the need for human interaction.
Business Insider projects that there will be more than 41 billion IoT devices by 2027, up from 8 billion in 2019.
The sheer volume of IoT devices requires company executives to be informed about IoT risks. Keeping an up-to-date inventory of vulnerable assets should help in this process.
IoT in Third-Party Logistics
IoT growth in Third-Party Logistics (3PL) has expanded the cyberattack surface for hackers and fraudsters.
Businesses relying on IoT technology must take precautions to safeguard their systems and data.
Since 3PL companies coordinate the distribution of a complex network of operators, often by using IoT devices, any disruption to their operations impacts the entire network that relies upon them. Supply-chain disruption can have devasting health and safety consequences, not to mention the enormous financial losses incurred.
Cyber vulnerabilities are plentiful, including:
- Supervisory Control & Data Acquisition (SCADA) equipment and Industrial Control Systems (ICS) for loading/unloading of cargo
- Navigational systems
- Business software applications
- Security systems
- Communications systems
- Operating systems
- Safety systems
- Crew, employees, and contractors
All vulnerabilities must be acknowledged, inventoried, monitored, and risk-managed.
Cyber Extortion and Business Disruption from Ransomware Attacks
Whether or not a ransomware victim decides to pay a ransom, the costs incurred from Business Interruption (BI) can be devastating without cyber insurance coverage.
According to Korn Ferry, 74% of logistics companies surveyed last year reported networking disruption increased by 63% from 2013.
The BI “Double Dip”
As “bad actors” begin to “double-dip,” returning to the scene of the crime in a secondary attack, your support network will play a critical role in reducing the loss you suffer from cybercrime.
Recently, Toll Group had “returned to normal” after a MailTo ransomware attack in late January 2020. The 3PL re-enabled track and trace on deliveries and brought its core services back online -- more than six weeks after being infected by the ransomware.
Toll reported that its global freight forwarding operating platform, CargoWise One, was up and running with most customers reconnected to their integration platforms.
Then in May 2020, Toll Group experienced a second ransomware attack, apparently unrelated to the previous MailTo security incident. This threat involves the Nefilim ransomware.
The hackers accessed a corporate server containing information on Toll staff and some commercial agreements with enterprise customers. However, Toll said the server was not “designed as a repository for customer operational data.”
Toll reported the hackers had downloaded data and threatened to publish it on the dark web if they refused to pay the ransom.
After the attack, the 3PL put their contingency plan in place and began using manual processes. Although their web portal is offline, freight and deliveries are carrying on. Toll has not confirmed the impact on customers while they work with the Australian Cyber Security Centre (ASCS) to investigate the incident.
The ransom amounts and the estimated cost of the two business interruptions have not been disclosed.
Unauthorized Access To Your Data Via A Data Breach
In February 2020, Total Quality Logistics (TQL) confirmed a data breach of its IT systems, which comprised the security of their online portals for carriers. Hackers accessed carrier accounts, including, in many instances, tax ID numbers and bank account numbers,” according to the company’s website.
TQL has characterized the attack as an information/data phishing attempt, and that further access to hackers has been blocked.
To date, TQL has notified approximately 20 carriers by email. They have reported that they are working with the FBI, a third-party investigator, and a third-party cybersecurity firm.
TQL is the 25th largest logistics company and second-largest freight broker by revenue, according to Transport Topics. TQL headquartered in Union Township, Ohio, provides domestic and international freight transportation and logistics services.
Business Email Compromise and Invoice Manipulation
Business Email Compromise (BEC) and Invoice Manipulation present an additional cyber risk to a 3PL.
According to the FBI, more than $26 billion in losses linked to BEC were reported between July 2016 and September 2019. This report does not take into account the increased risk of BEC and invoice manipulation taking place during the COVID-19 pandemic.
Third-Party Vendor or Supplier Risk
Our recent article on Third-Party Risk discussed how your business needs to ensure that third parties, such as business partners, suppliers, and vendors, are maintaining adequate cybersecurity levels. Logistics companies need to conduct vendor risk management assessments to confirm the cyber hygiene of vendors and suppliers.
Loss Prevention Action Steps
- Train staff regularly on spotting potential threats and malicious emails. The vast majority of data breaches and ransomware attacks are caused by human error in the form of fraudulent, spoof, or phishing emails. Identifying threat actors is key to breach prevention.
- Regularly backup sensitive and critical data and utilize unique password protection for granting authorized access to data and systems. In many ransomware events, computer systems can be wiped and restored with no ransom paid and minimal impact to operations.
- Enable remote system wiping on mobile devices and computers for when items are lost or stolen.
- Enforce secure, unique passwords and regular changes, including on firewalls and routers.
- Do not allow the use of default passwords on IoT devices.
- Implement network-level security to authenticate individual IoT devices.
- Use multi-factor authentication (MFA) for remote access to Microsoft365 products. Fraudulent emails often trick employees into entering their login credentials. Using MFA can prevent outside threat actors from obtaining this data, even if they have your password.
- Use 2-factor authentication (2FA) for wire transfers over a certain monetary threshold and for international funds transfers (whether or not you conduct offshore trade). Threat actors often exploit when key personnel are out of the office (e.g., on a long holiday weekend), making it more difficult to authenticate. Setting up clear authentication protocols for large or foreign transfers with your bank can help prevent or recover fraudulent wire transfers.
- Third-party vendor risk assessments will help you ensure their cyber hygiene to prevent them from inadvertently allowing access to your systems.
- Regular cybersecurity updates on all IoT devices should be part of your cyber due diligence.
- Establish an Incident Response Plan (IRP) that includes Business Continuity and Disaster Recovery in the event of a breach. Your cyber insurance support network will help you with your IRP, with the goal being a prompt restoration of your business operations and systems with less financial impact.
Even if your business is “cyber vigilant,” you may fall behind in the race toward cybersecurity.
That is when you need the support network provided by a robust Stand-Alone Cyber Insurance policy. An Incident Response Team, and highly-qualified cyber claims professionals, will be laser-focused on how to stop a cyber invasion, prevent further loss, detect the root cause of the cyberattack, and then mitigate the loss to reduce its impact.
- Cybersecurity measures are an essential part of your cyber risk management, but they are only as effective as the weakest link in your supply chain.
- Prevention, detection, and mitigation require due diligence in planning and preparing for a cyber incident involving a data breach, ransomware attack, denial of service attack, fraudulent wire transfer, or fraudulent invoice manipulation.
- If your cybersecurity measures fail to prevent a cyber incident, you will benefit from having transferred any residual (i.e., unpreventable) cyber risk to a Stand-Alone Cyber Insurance Policy, most notably:
- An Incident Response Plan (developed in collaboration with your cyber insurance carrier) will provide you with a team of specialists necessary to guide you through a cyberattack response.
- An Incident Response Team, and highly-qualified cyber claims professionals, will be laser-focused on how to stop a cyber invasion, prevent further loss, detect the root cause of the cyberattack, and then mitigate the loss to reduce its impact.
- Protect your financial viability and bottom line after a cyber loss.
Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request innovative and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.
Contact Cyber Armada today to examine how your company faces potential financial losses from business interruption caused by a ransomware attack. Contact us at 888.727.6232.
Please watch for our next article on Cyber Risks in the Food and Beverage industry.