Thirty-nine seconds. It is about the amount of time the average person spends brushing their teeth or warming up a cup of coffee. It is also how frequently cyberattacks happen—one every 39 seconds. The cost of the damage adds up to $16.4 billion globally each day.
By 2031, Cybersecurity Ventures predicts attacks will happen every two seconds; about the time needed to snap your fingers and blink.
Is your company ready? Are your supply chain partners?
The Supply Chain Cyberattack Surge
Cyberattacks come in all shapes and sizes, but one of the fastest-growing forms is on supply chains. The attacks stem from weaknesses in third-party supplier security practices.
Most companies admit they have significant vulnerabilities despite record-setting investments in safeguards. Gartner predicts that 45% of organizations worldwide will have experienced a supply chain attack by 2025.
That means there’s nearly a 50-50 chance that your company could be targeted within the next 12 months.
Logistics providers are particularly susceptible to cyberattacks. Research reported by Gitnux shows:
- 64% of 3PLs reported cybersecurity issues within the last year. About 66% experience threats monthly.
- Only around 40% of logistics companies conduct regular security audits with only 5% having dedicated in-house cybersecurity teams.
- Cybersecurity events go an average of 197 days undetected in logistics.
These attacks come with a hefty price tag that is continuing to grow over time. Beyond financial losses, cyber issues can lead to significant operational disruptions and reputational damage. In fact, analysts estimate that simultaneous successful supply chain attacks on multiple manufacturers could create shortages worse than those experienced during the 2020 pandemic. Just ask Forward Air, JBS Meats, and DP World.
Attacks in Action: Everyone Pays the Price
A ransomware attack on Forward Air cost the company $7.5 million in quarterly earnings. The issue took down the company’s IT systems delaying thousands of expedited and LTL shipments while creating cross-border cargo clearance issues that lasted for days.
An organized cyberattack on JBS Foods shut down five meat processing plants for 72 hours. The company paid $11 million in ransom to bring production back online. The incident created global food supply shortages and contributed to inflated meat prices for more than a year.
DP World, which controls about 40% of goods into and out of Australia, experienced a cyberattack from an unauthorized access breach. The event left more than 30,000 cargo containers stuck in major ports, nearly crippling shipping operations across the continent.
One breach within the supply chain creates a ripple effect for everyone, from the manufacturer to the end consumer and every partner in between. The impacts last far longer than the attack itself and are felt worldwide.
Vetting Companies for Strong Cybersecurity Practices
When it comes to partnering with the right logistics provider, cybersecurity should be just as important as cost and capabilities. Doing a good job at the right price means keeping cargo and data safe. Before entering into an agreement, have a conversation on these cybersecurity practices:
- Security Audits and Assessments: 3PLs prioritizing cybersecurity do not wait for things to go wrong and then assess what happened. They regularly conduct proactive audits to identify potential vulnerabilities and test compliance with industry standards and customer regulations. A logistics provider should be able to provide audit results and discuss countermeasures.
- Review Security Policies and Procedures: Determine how safe the 3PL keeps its data. Policies should be well-documented and practiced consistently. Security measures should include data protection, encryption methods during transit and storage, access controls, and response plans. Staff training should emphasize good security practices to avoid common supply chain attack catalysts like phishing emails and shared or weak credentials.
- Vendor Risk Management: Most supply chain attacks originate through third-party technology, which may start internally or from partners external to the logistics provider. The 3PL should have a cybersecurity assessment and monitoring process for external parties and technology providers. Included should be a documented agreement about how other parties manage security breaches, containment measures, and notification to impacted parties.
- Incident Response Capabilities: Assess the 3PL’s ability to detect, address, and recover from cyberattacks. Discuss network security tactics, business continuity plans, and facility protections during and after an attack. Address previous issues and how well the 3PL responded, including measures to prevent the next incident.
- Cyber Insurance Coverage: Unfortunately, even the best preventative measures may not stop a sophisticated cyberattack. Inquire whether the 3PL carries a standalone cyber insurance policy and the coverage limit. Forbes reports that only about 40% of businesses carry some type of cyber insurance, which creates a large financial liability for unprotected logistics providers.
Combatting Cyberattacks: Langham Fights Back
When it comes to fending off cybersecurity issues, Langham Logistics remains vigilant. In fact, we plan attacks—on ourselves! We have a third-party penetration test planned during which a security partner will attempt various methods to hack into our systems. The stress test will identify weaknesses and recommend improvements.
What areas do we invest in to ensure the safety of our customers’ cargo not only for this test but in everyday operations?
- Network Security: Our everyday security practices have us ready for potential attacks. We use an interconnected AI system that delivers proactive cybersecurity assistance. All computers and servers use antivirus software, firewalls, nightly backups, and two-factor authentication.
- Facility Security: Every facility includes advanced protections as well. Each uses a card access control system with defined permission levels. Warehouses and offices include close-circuit television cameras and intrusion detection systems. Perimeter fencing offers an additional deterrent.
- Business Continuity: Should a breach occur, Langham is prepared for that as well. We have developed a robust business continuity plan with significant investments to protect our operations. Facilities include backup generators, redundant fiber optic internet and phone service, and remote system access. Off-site servers with real-time file replication protect cargo from data disruptions or delays.
If you would like to talk in more detail, please contact:
John Huybers
Director of Information Technology
johnhuybers@elangham.com
Cathy Langham
President and CEO
cathylangham@elangham.com