Social engineering threats and accidental data leaks should not be overlooked
The logistics industry is enjoying a moment in the sun. Investors, including both private equity firms and venture capitalists, have reentered the arena after 2020’s great spending slowdown, and they have their sights set on the logistics space. The large amounts of capital being funneled into logistics – coupled with the public’s pandemic-stoked awareness of the supply chain – have made companies within the industry more vulnerable than ever when it comes to security risks.
When people think about security breaches, they often think about hackers in dark hoodies hiding behind computer screens. While some attacks do come from malicious outside parties, logistics companies should also be aware of threats coming from inside their own buildings.
“We need to think about how we define security. Generally, people think about preventing hacking and other outside external concerns. There are things like intrusion, malware and ransomware attacks to think about,” Shippabo Co-founder Sam Luu said. “There are, however, also things like data loss from internal factors, including accidents, to consider.”
Some particularly insidious threats – like phishing – involve a mixture of external attacks and internal failings. These threats play on people’s natural tendency to trust others, and they are becoming both more convincing and more common.
“The main risk companies face is social engineering. One example is phishing, or elaborate attacks impersonating a person in an organization in order to gain access to that organization,” Shippabo Leading Principal Engineer Gael du Plessix said. “In order to mitigate this, companies need clear cut processes and security practices in place. It is important to communicate potential threats to both the internal team and customers so people know what to look out for.”
Beyond planning and communication, companies can also prevent these social engineering attacks by tightening up access to various types of information. That means allowing access to only people who actually need it on a day-to-day basis. According to Luu, people who have access to unfamiliar data tend to be the first – and easiest – targets of these types of attacks.
By restricting access to necessary parties, companies also help safeguard themselves against accidental data leaks and wipeouts. While these mishaps are typically not malevolent, they can have the same detrimental effects as other types of attacks.
It isn’t just their own companies that logistics leaders need to think about. Industry partners can also unintentionally open others up to security failures.
Supply chains are inherently collaborative. Creating products – and moving them from one place to another – is a multi-tiered process managed by a network of different partners. While these partnerships often pave the way for growth and innovation, they can also pose a unique security risk. If one company in the chain has iron-clad security protocols, that company can still be left vulnerable by security breaches involving their partners.
“Your security is as strong as your weakest link,” Luu said. “It is important to ask questions about your partners’ security measures. A lot of security has to do with being aware of both your practices and your partners’ practices.”
Ultimately, companies that have put time and effort into making their operations as secure as possible for themselves, their partners and their customers should be seeking out partners who share a similar conviction. That means analyzing risk and addressing security concerns on a consistent basis, as new threats can pop up at any moment.
“Security isn’t something you solve once and don’t think about anymore,” du Plessix said. “You must be able to evolve rapidly because security is an evolving threat. You must be quick to respond to problems.”