Protected against cyber attacks - where are your gaps?

by Reese Giangola, on Oct 9, 2020 10:30:00 AM

2020 has been a difficult year for the global trading community. And, as if complete supply chain disruption were not enough, now, the industry is facing an unprecedented wave of cyber attacks (630%* increase!), targeting both large and smaller players. Those organizations that have been lucky enough to escape this round have an opportunity to amp up systems and processes to safeguard your operations  - in the face of increasing threats.

After the 2017 APM-Maersk** and 2018 COSCO ransomware attacks, this year we've seen MSC’s data centers targeted in April, while CMA-CGM and the UN’s International Maritime Organization (IMO) are both actively working to get themselves fully online again after attacks in the last 2 weeks. 

It’s not only the largest firms being targeted either. According to security researcher Naval Dome, “there has been a 400% increase in attempted hacks since February 2020, coinciding with a period when the maritime industry turned to greater use of technology and working from home due to the Coronavirus pandemic….  PC security software provider McAfee has reported that between January and April cloud-based cyber-attached on all businesses increase by 630 percent*.”

For supply chain managers, physical security has always been a top priority. Since at least 2001, maintaining close and constant control over physical access to shipments has been a requirement for everyone in the supply chain from the time the goods are produced until delivered to the end user at destination. However, we’re now seeing that protecting the integrity of your data and documents is equally important.

COVID-19 presents as good an opportunity as any to review processes and systems overall. Many companies have recognized that process gaps and systems failures that could be “worked through” in person have become nearly insurmountable obstacles to getting cargo moving.

For any organization, preparing for a cyberattack involves taking some basic, but difficult steps. Risk management consultants RSM US detail some of these steps in their recent report, including building security awareness into your organizational culture and making security assessment a continuous process.

Safeguarding and updating your trade execution systems is equally important. Here are 5 additional considerations - from our cyber experts - when auditing your data security related to trade execution:

  1. What's the back-up? How can you prevent a Maersk incident at your business? Select a system that is cloud-based with the highest level of security, allowing for redundant offsite backups of your data to be available in case of system outage.
  2. Physical paper is not the answer. Prepare for everything to work remotely. It seems counterintuitive but manual document handling can easily be disrupted if physical access to a site is restricted or if a local system is disrupted. Ensure that your system communicates with vendors and partners electronically and that your enterprise is not dependent on any one physical location.
  3. It's 2020. Are you using modern systems?. Whenever possible, use modern API communication over older standards like EDI, since it is more flexible, reliable, and secure - and significantly reduces delays in data transmission (lowering risk).
  4. Partner with vendors that understand and can manage cyber risk. Ensure your vendors have not only the basic SOC-2 compliance (etc.) but have the chops to really deliver with systems that endure regular penetration testing, etc.
  5. Outsource the gaps to experts. Going with a holistic protected true SaaS solution (and true cloud) over a more restricted Transportation Management System (TMS) outsources the risk of security over your entire trade-to-cash lifecycle to technology experts.

What is your organization doing to safeguard against the next cyber attack? We'd love to know more.

Please reach out to us at chris@tradelanes.co, reese@tradelanes.co and ange@tradelanes.co.

 

**If you're interested in a well written retelling of the Not Petya cybercrime, check out Wired article's coverage of Not Petya and Maersk. Such an interesting story!

 

About TradeLanes
TradeLanes is a technology company that is building the future of global trade. 

We apply advanced technology and artificial intelligence to make global trade smarter, faster, easier, and more profitable - dramatically freeing our customers from operational headaches so they can refocus on growing their businesses.  

Our core product, the TradeLanes Trade Delivery Platform, transforms B2B trade - bringing trade execution operations entirely online and leveraging data and machine intelligence to drive simplification, efficiency, and performance. That means we make it easier, faster, and more profitable for businesses to trade with other businesses. 

We are the new way businesses trade with other businesses.

 

Thanks to Freepik for the cool image




Topics:global traderemote worksupply chain resiliencyresilience