Skip to content
Search AI Powered

Latest Stories

COMMENTARY

Ransomware protection for the long haul

Cyber criminals hit the logistics industry hard in 2020. How do you make sure that your company doesn’t become the next victim?

Ransomware protection for the long haul

After the slew of ransomware attacks on logistics companies in 2020, it’s time for the industry as a whole—both service providers and customers—to take the threat seriously and employ a prevention strategy that works.

A ransomware attack occurs when a company’s computers are encrypted by a hacker and the hacker holds the decryption key until a ransom is paid. During the attack, production and/or the movement of goods shuts down. No one can work on company servers, computers, or software until either the ransom is paid or the company manages to restore its production servers from backups. Even if the ransom is paid, there is no guarantee the company will get its data back, nor does it enjoy any “immunity” from a second attack. Furthermore, ransomware is insidiously contagious; once installed, the malware can unknowingly be transferred to the victim’s client companies days before it knows an attack has occurred.


Worldwide, ransomware attacks occur once every 11 seconds, according to Cybersecurity Ventures, and unfortunately logistics companies (and those “logistics adjacent”) have recently become new favorite targets for hackers. The most notable case was the September attack on the French container line CMA CGM, which ultimately cost the company $50 million. Logistics companies are a tempting target for cyber criminals because their immediate need for data on products in transit makes them more likely to pay a ransom.

As a cybersecurity specialist, I’d suggest that IT security in the logistics space is not what it should be in 2021 and that each successful attack further imperils the industry as a whole. Having worked with many companies after a ransomware attack, I can assure you that the consequences are devastating: some companies go out of business, others face lawsuits from customers for failing to adequately protect cargo from cybertheft, and still others have to deal with vital data being posted to the dark web.

The costs of ransomware

Let’s admit upfront that IT security is expensive, and it doesn't drive revenue, making it hard sometimes to get buy-in from senior executives. However, ransomware attacks have many lasting costs associated with them beyond just the ransom, including the cost of:

  • Specialists to restore systems,
  • Downtime,
  • Computers needing to be rebuilt,
  • Inability to complete freight settlement payments,
  • Inability to roll trucks,
  • Loss of signed bills of lading,
  • Increased driver turnover (due to the sometimes vengeful and personal nature of the attacks), and
  • Loss of customer confidence

Whether you pay the ransom or not, every company computer will need to be formatted and reinstalled to ensure that the ransomware software is not still floating around your environment. That usually requires top-tier IT cybersecurity teams for a series of tense, difficult, 24-hour workdays, because rebuilding needs to be done both rapidly and carefully. Depending on how many computers need to be formatted and reinstalled, your tab could easily run into the six-figure range.

Additionally, the amount of downtime that you experience will only multiply your costs. For example, staff will still need to be paid, even if they are unable to work. While sending your staff home without pay could reduce the cost, there’s frequently a lasting loss of company morale that accompanies that decision. Then there are the problems and confusion over shipments already in progress: freight settlements cannot be completed because the EDI system is broken; contact information for customers, vendors, and drivers is often lost; and bills of lading cannot be collected from customers, halting new shipments from being dispatched.

And in most cases, it's going to be weeks for systems to be restored.

Perhaps the most lasting cost of a ransomware attack is the reputation of your company. As Warren Buffet once famously said, “It takes 20 years to build a reputation and five minutes to ruin it.” Ransomware attacks can not only cost you customers but also generate customer lawsuits claiming negligence due to your lack of ransomware protocols.

Given the potentially fatal volume of risk, it’s ultimately more economical to invest in your security.

Your ransomware protection roadmap

Unfortunately, there is no lone software solution that can protect your company from a Ransomware attack. To avoid (or decrease) the costs associated with a potential ransomware attack, companies need to create a comprehensive protection plan. Protecting your company will require some technical solutions, as well as training. From a technical perspective, there are several things that can, and should, be done.

Implement multi-factor authentication (MFA). MFA combines something that you know, such as your username and password, with something that you have with you, typically your cell phone. Upon logging in to your email, VPN (virtual private network), company chat application, or even your desktop computer, the user will receive a unique one-time code either within an application installed on their phone or via text message that enables them to log on. Using MFA makes hacking the system more challenge because even with a password, the attacker generally doesn’t have access to the employee’s cell.

Prevent unnecessary access to servers. Typically, employees have much greater access to servers than they need to do their job. Adopting “least privilege” access protocol involves giving staff access only to what they need. This way, if there is a breach of the company, the attacker would only have access to a minimal number of resources throughout the company.

Block server access to the internet, if possible. Ideally, no servers should have any sort of internet access. This prevents any ransomware software that gains access via employee error from being able to talk to the command-and-control server, which sends commands to the software and encrypts all the files on your file system. By blocking this function, you can stop the attack in its tracks. If internet access is essential, such as an application which needs to import data from a vendor’s system, a specific-use server can be adopted that is entirely separate from the rest of your environment.

Use a “ringed network” design. Proper network design is a “ringed network,” where workstations and servers are placed in different sections of the network and those network segments have specific rules designed to protect them. A ringed network is not difficult to implement. The outermost ring—where users’ desktops and laptops are—has internet access as well as access to the next ring in the environment. The second ring consists of servers that users need to access directly, such as file servers and domain controllers. While users can access services on these servers, any network ports not specifically needed are closed by firewalls. And in order to prevent these servers from talking to a command-and-control server during a ransomware attack, these servers do not have internet access. The innermost ring of the network design is the servers that users do not have direct access to, such as the phone system as well as any backend processing servers.

Typically, these innermost servers do not have access to the middle ring of servers either, except for very specific needs. Likewise, the servers in the middle ring do not have access to the servers in the innermost ring of the network unless there is a specific need. This protects the servers in the innermost ring, in the event that the servers within the outer rings are infected and means you can still do such essential activities as make calls and process accounting issues.

Route email through an inbound email filtering and scanning system. One that inspects all attachments, as well as URLs included in the emails to ensure that there is no clandestine attack delivered. There are several software packages that can perform this task.

Employ an internet threat management software package. Installed at the network edge, this type of software can review all network traffic to the internet, as well as block any suspicious network traffic before it gets there. This level of security can help prevent workstations that have been compromised by ransomware from being able to control the command-and-control server.

Train, train, train. So many of these attacks begin with human error, predominantly phishing schemes where employees open suspicious email links. Have your IT department remind your staff never to give out a username or password to anyone, ever, even to the HelpDesk, and only login screens that are an official company login prompt. Also remind them to never give out the names of company resources like server names and VPN servers. And never open an email attachment unless they are expecting one and, of course, not to ever run an executable file (.exe) that is sent as an attachment. There are IT industry standard tests which can be performed to ensure that employees respond correctly to the kinds of emails that can be the root cause of ransomware attacks.

System protection is company protection

You know your ransomware strategy is working if after a year nothing bad has happened, and it feels like you wasted your money. The reality is that these protocols are vital and can be the difference between a dull, but successful year and being next year’s cautionary tale. 

Recent

More Stories

chart of robot adoption in factories

Global robot density in factories has doubled in 7 years

Global robot density in factories has doubled in seven years, according to the “World Robotics 2024 report,” presented by the International Federation of Robotics (IFR).

Specifically, the new global average robot density has reached a record 162 units per 10,000 employees in 2023, which is more than double the mark of 74 units measured seven years ago.

Keep ReadingShow less

Featured

A photo of brown paper packages tied up with shiny red ribbons.

SMEs hopeful ahead of holiday peak

Businesses are cautiously optimistic as peak holiday shipping season draws near, with many anticipating year-over-year sales increases as they continue to battle challenging supply chain conditions.

That’s according to the DHL 2024 Peak Season Shipping Survey, released today by express shipping service provider DHL Express U.S. The company surveyed small and medium-sized enterprises (SMEs) to gauge their holiday business outlook compared to last year and found that a mix of optimism and “strategic caution” prevail ahead of this year’s peak.

Keep ReadingShow less
A retail associate uses a handheld scanner to scan hang tags on button-down shirts.

Retailers plan tech investments to stop theft and loss

Eight in 10 retail associates are concerned about the lack of technology deployed to spot safety threats or criminal activity on the job, according to a report from Zebra Technologies Corp.

That challenge is one of the reasons that fewer shoppers overall are satisfied with their shopping experiences lately, Lincolnshire, Illinois-based Zebra said in its “17th Annual Global Shopper Study.” While 85% of shoppers last year were satisfied with both the in-store and online experiences, only 81% in 2024 are satisfied with the in-store experience and just 79% with online shopping.

Keep ReadingShow less
holiday shopping mall

Consumer sales kept ticking in October, NRF says

Retail sales grew solidly over the past two months, demonstrating households’ capacity to spend and the strength of the economy, according to a National Retail Federation (NRF) analysis of U.S. Census Bureau data.

Census data showed that overall retail sales in October were up 0.4% seasonally adjusted month over month and up 2.8% unadjusted year over year. That compared with increases of 0.8% month over month and 2% year over year in September.

Keep ReadingShow less
Mobile robots, drones move beyond the hype

Mobile robots, drones move beyond the hype

Supply chains are poised for accelerated adoption of mobile robots and drones as those technologies mature and companies focus on implementing artificial intelligence (AI) and automation across their logistics operations.

That’s according to data from Gartner’s Hype Cycle for Mobile Robots and Drones, released this week. The report shows that several mobile robotics technologies will mature over the next two to five years, and also identifies breakthrough and rising technologies set to have an impact further out.

Keep ReadingShow less