How to prevent cyber-attacks during cargo transportation?
The cargo container transportation and logistics (T &L) industry has gained the front seat in the past few years especially in the post-pandemic era. With the advancements in the ever-evolving digital sector, even this industry became more dependent on digital systems. Relying on digital systems where on one hand the job has become easier, on the other hand, the T&L industry is battling with one major issue: how to prevent cyber-attacks during cargo transportation! To know about it all, let’s first see the importance of digitization in the industry.
Importance of digitization in industry
The wireless connections have made it a piece of cake for ships to communicate with the port infrastructure. They can access container terminals and trucking terminals through the interlinking logistics network. This hyper-connected network of T & L companies is one of the most widespread and enormous networks within the Internet of Things (IoT). Now, this global presence of smart objects has made sure that virtual communication becomes easy enough through fiber, 4G- 5G network, and even the thin air itself. This is responsible for the dynamic improvement in the efficiency of the industry.
This prevalence of digitization around every nook and corner of our world has helped in exposing the long-hidden inefficiencies and shortcomings of the T & L sector. With the radically evolving digital world, multiple potential threats and cyber vulnerabilities have also emerged. Since the on-board Information technology (IT) and operational technology (OT) have millions of devices connected to the system. It creates millions of high-risk entry points into the system. Earlier, the shipping industry was majorly concerned about protecting passengers and cargo from physical threats. But now the industry faces a newly emerged monster in the form of an alarmingly high rate of cyberattacks. In the T & L sector, the prevalence of these attacks has grown from every few years to every few weeks in the past decade.
According to a report published by Cybertalk.org, The T & L sector has now witnessed a shocking 186% hike in weekly ransomware threats. Between June 2020 and June 2021. Regardless of this data, according to a report by the European Union's Agency for Network and Information Security, maritime cyber awareness predominantly ranges between low to nil.
Notable cyber security breaches in the industry
It is still considered the mother of all cyberattacks. Shipping giant A.P. Moller- Maersk was under the attack of ransomware malware Petya and NotPetya in 2017. This attack aimed to target a business in Ukraine. But the interconnectivity led to a widespread disruption of nearly 50k endpoints and several thousand applications. This attack adversely affected companies across 130 countries and the worst affected of all was Maersk with a cost of $200 million -$300 million. It started as a phishing email.
However, this entire episode was preventable. Reportedly, NotPetya invaded only those computers not updated by the latest official Microsoft OS security patches. Well, this is a default process that is designed in such a way that it occurs automatically. If only these updates were installed, the virus would have probably failed to invade. It was one of the first wake-up calls to address the inefficiencies in the IT infrastructure.
Metropolitan Transportation Authority (MTA)
New York's MTA is North America's largest transportation network with a capacity of carrying over 11 million passengers on weekdays and over 850k vehicles travel every day over the 7 toll bridges. MTA operates in 14 counties in New York and Connecticut combined. Since no customer data was stolen, it is suspected that this April 2021 attack could be a trailer to the larger attack on its way.
Well, Matson and its subsidiary, Matson Logistics offer cargo transportation and deliver goods all over the world. Cybercriminals targeted this shipping giant, Matson, with REvil ransomware in late 2020. It cost the company nearly a loss of a terabyte of data. They threatened to release the sensitive data on the dark web if the ransom was not paid to them.
ATC is an equipment and real estate leasing support provider to transportation and logistics companies. In March 2021, attackers encrypted critical data such as names, social security numbers, etc. of current and former employees and job applicants to hold for ransom. They even installed malware in the servers of the company to enable ransomware scams.
In July 2018, the world's third-largest shipping company experienced a cyberattack that made them shut down the US IT network. They even issued their employees alternative email addresses. These network failures severely affected several North and South American countries. In retrospection, if the company had stronger internal firewalls, this virus could have been contained. And the further spread to other international subsidiaries such as North and South America, the UK, and Turkey was avoidable.
Why do cyber-attacks take place?
Cyber attackers are encrypting valuable and sensitive data from servers of companies for various reasons. A few of them are as follows:
Control and chaos
For instance, in the case of an automobile cyber-attack, attackers can control every part of the vehicle. They can control the steering wheel, brakes, engines, and even non-important parts like windscreen wipers, air conditioners, door locks, etc. And that too, remotely over the network. Thus, think of the damage they can cause to the riding passengers, cargo in it, and the people around the vehicle.
And then can also take control of metal shipping containers like refrigerated containers or insulated containers and take control of their temperature mechanism. Thus, damaging the cargo inside the cargo container.
One of the most common reasons observed for the ransomware attack is to ask for massive ransom in return for giving encryption keys post a ransomware attack. But even after fulfilling the demands, companies seldom receive their files in their original format. While the company is under attack and it's a question of millions of dollars, the temptation to acquiesce is hard to resist. And many times companies just give in to the threats.
It is one of the most significant threats to the automotive industry, thus, making it a threat to the T & L companies. Many automotive giants such as BMW and Hyundai have reported such cyber attack events. The agenda behind such attacks is to access the manufacturer's software, learn their trade secrets and auction them over the dark web. Likewise, there are many more reasons that drive cybercriminals to invade the servers of these T & L giants.
Challenges of the industry
Proliferating number of endpoints to attacks
With the pacing hyper-connectivity of T & L industries, the number of devices and connections on IoT is proliferating at a radical speed. And with the Internet of Things continuously growing, the prospects for cybercriminals to attack are likely to expand as well. It’s an estimate that by 2020 nearly 50 billion objects will be connected to the internet. With all this interconnected infrastructure of a multitude of devices, thus, forming millions of endpoints for the attackers to break through.
The shipping and maritime container industry is connected to all the other sectors. This makes it an attractive vector for malware attacks as it could easily deliver the viruses to any company on the interconnected network and in any sector. This stake increases with the industry's lack of controls. When we say, the shipping industry connects almost everything. Here, it could imply a vehicle tracker, it could be a printer or anything with a username and password.
Manufacturers typically don't assign usernames and passwords to internet-ready software manufactured on mass production. This acts as a loophole for the hackers to enter through any device connected to the system. To sum it up, we can say that if shipping is a target, it could also be a potential weapon.
Target people, not just software/hardware
Hackers don't just target hardware and software but also people. These criminals employ techniques to target people such as phishing techniques. Just as phishing artists send emails or alerts to people in targeting bank accounts. Similarly, hackers send alerts that suspicious activity has been observed on the account and the person needs to verify his/her identity by providing their log-in credentials. Or it may be a link that the user is tempted to click which will download malware in the system without the user's knowledge. Eventually, this will contaminate everything connected to the system.
Inefficient data retrieval
Hackers generally tend to stand down on their words. Even after meeting the demands and conditions of providing the decryption key, the files may or may not be received in their original form. Ransom extortionists might tamper with the critical data.
Government take and laws
Law enforcement authorities and the governments generally are non-supporters of paying ransom fees. Since these hackers often work for terrorist groups or tyrant governments, paying them might embolden their confidence to repeat the same in near future. This promotes criminal behaviors, thus governments discourage organizations to avoid making the problem worse for everyone.
High dollar business
The transportation and logistics companies mainly comprise business giants such as automotive manufacturing and sales, trucking, shipping, etc. These are all high-revenue businesses. Thus, scammers find them attractive targets since they could lose more money in revenue and reputation damage than whatever be the ransom demand amount.
Maritime cyber security awareness
It is low to non-existent currently. Recent advancements in the shipping industry in terms of digitization have left a lot to catch up. People need to learn to pick up nuances of the digital world. If not immersed in the ocean of knowledge, there's a dire need to gain at least an iota of information.
Cybersecurity solutions for the transportations industry
It's time for 'back to basics'' for the transportation industry. With the ever-increasing terror of cyber attackers, the only way out is to prepare beforehand with all necessary precautions and pre-requisite knowledge to tackle and avoid emerging cyber threats. It's a must to create some effective technological defense systems as well as take some individual precautions. So, how do we prevent cyberattacks during cargo transportation? Companies can take up multiple key ways to reinforce their cyber defenses.
It is a smart strategy to divide the network into smaller sections. It becomes easier for the IT managers to keep a hawk's eye on the performance of that section. And thus, to enhance its network security. When one of the segments reports unusual suspicious activity, this logical segmentation comes in handy. IT managers can isolate that segment without a complete shutdown of the whole company. Also, segmentation policies offer an additional benefit to the companies. The users of one segment can't access the other system of the company.
Cybersecurity risk assessment
T & L companies should begin by launching a cybersecurity assessment drive to assess the level of cyber defenses in place in the IT & OT equipment and software. Using a risk-based approach, IT managers must test for the most vulnerable applications and networks. In the same vein, this can further aid in strengthening defenses by safeguarding the most critical and vulnerable endpoints. To aid seamless processing of this drive, it is important to get sufficient funds from the company to serve the purpose.
Endpoint anti-malware software
Designing malware has one purpose-damage, stealing data, file encryption, and unauthorized entry in secured digital systems. It could be any malicious software component, viz. trojans, worms, or even ransomware. Today's world is a world of BYOD (bring your own device) kind of workplaces. Thus, it is imperative to install anti-malware software on all the devices connected to the server to seal off the critical entry points. But it could be a daunting task to ensure that this software is properly installed on all devices that have access to the network. Anti-malware software works on the principle of signature detection, behavioral analysis, etc. even if AI is incorporated in many cases.
Routine patching and software updates
Once, the companies identify the vulnerabilities in their software and systems. It is important to regularly carry out software updates using patches and updates. Generally, hackers tend to exploit the entry points for which patches are already available but due to the negligence of companies, cyber attackers crack open a crevice to enter the system. The best way to mitigate these malicious encounters is to regularly update and patch your systems.
Ransomware works on the principle that the data is encrypted with a certain encryption key. And hackers demand ransom in return for the decryption key. So, basically, the organizations are not able to access their crucial data and all their activities either come to a halt/ are severely affected.
So, if organizations have a backup server for their data. This could prove to be the most effective mitigation technique. This will buy the law enforcement authorities some time and also thwart criminals. Also, the original and the backup data should be present on isolated servers so that criminals can’t access both.
In case a company suffers a terrible cyberattack and ends up losing a large amount of fortune, what would it do then? Therefore, it would be a Freudian mistake to not have an insurance plan in place. Insurance will be beneficial in recovering monetary losses. But it is still advisable to invest in strengthening your cyber defenses than losing them altogether. You see, prevention is better than cure.
Cybersecurity training and awareness
Possibly the best and most cost-effective mitigation strategy in curbing cyber threats would be a risk-aware workforce. Cybersecurity training should be provided to the employees to help them become ever-vigilant. This will help them in recognition of the telltale signs and assess if it's a phishing email, a fake security alert, a spam link, or a real serious concern. Modern attacks generally begin with a phishing email. Although, modern phishing emails are so similar to real emails that it's almost indistinguishable.
However, a trained pair of eyes can make out these ploys. This is practically the first level of defense against the attacks. Thus, it is imperative to train employees whether in an office or on a ship.
Recruit cybersecurity professionals
Another wise strategy would be to officially hire employees specializing in top-grade cybersecurity. This way, a couple of pairs of eyes, with the sole function to be vigilant about the emerging and lurking threats. It would be icing on the cake to conduct the employee training under their supervision. Since it's their job description to always be on their toes to thwart cyber attackers from accessing their critical data. There will be no scope for compromise of any kind.
Thus, you see the ways to prevent cyber-attacks during cargo transportation. You need to be vigilant and to stay connected. It is crucial to have strong cyber defenses in the transportation industry because it is connected to so many crucial industries tending to our day-to-day needs. If a sector such as gasoline gets attacked, think of the unparalleled and irreversible damage it can cause to the people and the companies.
Make a note- it's all connected!