Denny Cherry (denny@dcac.com) is the principal consultant with Denny Cherry & Associates Consulting and the author of The Basics of Digital Privacy. He has over two decades of experience working with platforms such as AWS Cloud, Microsoft Azure, Microsoft SQL Server, Hyper-V, vSphere and Enterprise Storage Solutions.
After the slew of ransomware attacks on logistics companies in 2020, it’s time for the industry as a whole—both service providers and customers—to take the threat seriously and employ a prevention strategy that works.
A ransomware attack occurs when a company’s computers are encrypted by a hacker and the hacker holds the decryption key until a ransom is paid. During the attack, production and/or the movement of goods shuts down. No one can work on company servers, computers, or software until either the ransom is paid or the company manages to restore its production servers from backups. Even if the ransom is paid, there is no guarantee the company will get its data back, nor does it enjoy any “immunity” from a second attack. Furthermore, ransomware is insidiously contagious; once installed, the malware can unknowingly be transferred to the victim’s client companies days before it knows an attack has occurred.
Worldwide, ransomware attacks occur once every 11 seconds, according to Cybersecurity Ventures, and unfortunately logistics companies (and those “logistics adjacent”) have recently become new favorite targets for hackers. The most notable case was the September attack on the French container line CMA CGM, which ultimately cost the company $50 million. Logistics companies are a tempting target for cyber criminals because their immediate need for data on products in transit makes them more likely to pay a ransom.
As a cybersecurity specialist, I’d suggest that IT security in the logistics space is not what it should be in 2021 and that each successful attack further imperils the industry as a whole. Having worked with many companies after a ransomware attack, I can assure you that the consequences are devastating: some companies go out of business, others face lawsuits from customers for failing to adequately protect cargo from cybertheft, and still others have to deal with vital data being posted to the dark web.
The costs of ransomware
Let’s admit upfront that IT security is expensive, and it doesn't drive revenue, making it hard sometimes to get buy-in from senior executives. However, ransomware attacks have many lasting costs associated with them beyond just the ransom, including the cost of:
Specialists to restore systems,
Downtime,
Computers needing to be rebuilt,
Inability to complete freight settlement payments,
Inability to roll trucks,
Loss of signed bills of lading,
Increased driver turnover (due to the sometimes vengeful and personal nature of the attacks), and
Loss of customer confidence
Whether you pay the ransom or not, every company computer will need to be formatted and reinstalled to ensure that the ransomware software is not still floating around your environment. That usually requires top-tier IT cybersecurity teams for a series of tense, difficult, 24-hour workdays, because rebuilding needs to be done both rapidly and carefully. Depending on how many computers need to be formatted and reinstalled, your tab could easily run into the six-figure range.
Additionally, the amount of downtime that you experience will only multiply your costs. For example, staff will still need to be paid, even if they are unable to work. While sending your staff home without pay could reduce the cost, there’s frequently a lasting loss of company morale that accompanies that decision. Then there are the problems and confusion over shipments already in progress: freight settlements cannot be completed because the EDI system is broken; contact information for customers, vendors, and drivers is often lost; and bills of lading cannot be collected from customers, halting new shipments from being dispatched.
And in most cases, it's going to be weeks for systems to be restored.
Perhaps the most lasting cost of a ransomware attack is the reputation of your company. As Warren Buffet once famously said, “It takes 20 years to build a reputation and five minutes to ruin it.” Ransomware attacks can not only cost you customers but also generate customer lawsuits claiming negligence due to your lack of ransomware protocols.
Given the potentially fatal volume of risk, it’s ultimately more economical to invest in your security.
Your ransomware protection roadmap
Unfortunately, there is no lone software solution that can protect your company from a Ransomware attack. To avoid (or decrease) the costs associated with a potential ransomware attack, companies need to create a comprehensive protection plan. Protecting your company will require some technical solutions, as well as training. From a technical perspective, there are several things that can, and should, be done.
Implement multi-factor authentication (MFA). MFA combines something that you know, such as your username and password, with something that you have with you, typically your cell phone. Upon logging in to your email, VPN (virtual private network), company chat application, or even your desktop computer, the user will receive a unique one-time code either within an application installed on their phone or via text message that enables them to log on. Using MFA makes hacking the system more challenge because even with a password, the attacker generally doesn’t have access to the employee’s cell.
Prevent unnecessary access to servers. Typically, employees have much greater access to servers than they need to do their job. Adopting “least privilege” access protocol involves giving staff access only to what they need. This way, if there is a breach of the company, the attacker would only have access to a minimal number of resources throughout the company.
Block server access to the internet, if possible. Ideally, no servers should have any sort of internet access. This prevents any ransomware software that gains access via employee error from being able to talk to the command-and-control server, which sends commands to the software and encrypts all the files on your file system. By blocking this function, you can stop the attack in its tracks. If internet access is essential, such as an application which needs to import data from a vendor’s system, a specific-use server can be adopted that is entirely separate from the rest of your environment.
Use a “ringed network” design. Proper network design is a “ringed network,” where workstations and servers are placed in different sections of the network and those network segments have specific rules designed to protect them. A ringed network is not difficult to implement.The outermost ring—where users’ desktops and laptops are—has internet access as well as access to the next ring in the environment. The second ring consists of servers that users need to access directly, such as file servers and domain controllers. While users can access services on these servers, any network ports not specifically needed are closed by firewalls. And in order to prevent these servers from talking to a command-and-control server during a ransomware attack, these servers do not have internet access. The innermost ring of the network design is the servers that users do not have direct access to, such as the phone system as well as any backend processing servers.
Typically, these innermost servers do not have access to the middle ring of servers either, except for very specific needs. Likewise, the servers in the middle ring do not have access to the servers in the innermost ring of the network unless there is a specific need. This protects the servers in the innermost ring, in the event that the servers within the outer rings are infected and means you can still do such essential activities as make calls and process accounting issues.
Route email through an inbound email filtering and scanning system. One that inspects all attachments, as well as URLs included in the emails to ensure that there is no clandestine attack delivered. There are several software packages that can perform this task.
Employ an internet threat management software package. Installed at the network edge, this type of software can review all network traffic to the internet, as well as block any suspicious network traffic before it gets there. This level of security can help prevent workstations that have been compromised by ransomware from being able to control the command-and-control server.
Train, train, train. So many of these attacks begin with human error, predominantly phishing schemes where employees open suspicious email links. Have your IT department remind your staff never to give out a username or password to anyone, ever, even to the HelpDesk, and only login screens that are an official company login prompt. Also remind them to never give out the names of company resources like server names and VPN servers. And never open an email attachment unless they are expecting one and, of course, not to ever run an executable file (.exe) that is sent as an attachment. There are IT industry standard tests which can be performed to ensure that employees respond correctly to the kinds of emails that can be the root cause of ransomware attacks.
System protection is company protection
You know your ransomware strategy is working if after a year nothing bad has happened, and it feels like you wasted your money. The reality is that these protocols are vital and can be the difference between a dull, but successful year and being next year’s cautionary tale.
Specifically, the new global average robot density has reached a record 162 units per 10,000 employees in 2023, which is more than double the mark of 74 units measured seven years ago.
Broken into geographical regions, the European Union has a robot density of 219 units per 10,000 employees, an increase of 5.2%, with Germany, Sweden, Denmark and Slovenia in the global top ten. Next, North America’s robot density is 197 units per 10,000 employees – up 4.2%. And Asia has a robot density of 182 units per 10,000 persons employed in manufacturing - an increase of 7.6%. The economies of Korea, Singapore, mainland China and Japan are among the top ten most automated countries.
Broken into individual countries, the U.S. ranked in 10th place in 2023, with a robot density of 295 units. Higher up on the list, the top five are:
The Republic of Korea, with 1,012 robot units, showing a 5% increase on average each year since 2018 thanks to its strong electronics and automotive industries.
Singapore had 770 robot units, in part because it is a small country with a very low number of employees in the manufacturing industry, so it can reach a high robot density with a relatively small operational stock.
China took third place in 2023, surpassing Germany and Japan with a mark of 470 robot units as the nation has managed to double its robot density within four years.
Germany ranks fourth with 429 robot units for a 5% CAGR since 2018.
Japan is in fifth place with 419 robot units, showing growth of 7% on average each year from 2018 to 2023.
Businesses are cautiously optimistic as peak holiday shipping season draws near, with many anticipating year-over-year sales increases as they continue to battle challenging supply chain conditions.
That’s according to the DHL 2024 Peak Season Shipping Survey, released today by express shipping service provider DHL Express U.S. The company surveyed small and medium-sized enterprises (SMEs) to gauge their holiday business outlook compared to last year and found that a mix of optimism and “strategic caution” prevail ahead of this year’s peak.
Nearly half (48%) of the SMEs surveyed said they expect higher holiday sales compared to 2023, while 44% said they expect sales to remain on par with last year, and just 8% said they foresee a decline. Respondents said the main challenges to hitting those goals are supply chain problems (35%), inflation and fluctuating consumer demand (34%), staffing (16%), and inventory challenges (14%).
But respondents said they have strategies in place to tackle those issues. Many said they began preparing for holiday season earlier this year—with 45% saying they started planning in Q2 or earlier, up from 39% last year. Other strategies include expanding into international markets (35%) and leveraging holiday discounts (32%).
Sixty percent of respondents said they will prioritize personalized customer service as a way to enhance customer interactions and loyalty this year. Still others said they will invest in enhanced web and mobile experiences (23%) and eco-friendly practices (13%) to draw customers this holiday season.
That challenge is one of the reasons that fewer shoppers overall are satisfied with their shopping experiences lately, Lincolnshire, Illinois-based Zebra said in its “17th Annual Global Shopper Study.” While 85% of shoppers last year were satisfied with both the in-store and online experiences, only 81% in 2024 are satisfied with the in-store experience and just 79% with online shopping.
In response, most retailers (78%) say they are investing in technology tools that can help both frontline workers and those watching operations from behind the scenes to minimize theft and loss, Zebra said.
Just 38% of retailers currently use artificial intelligence-based prescriptive analytics for loss prevention, but a much larger 50% say they plan to use it in the next one to three years. Retailers also said they plan to invest in self-checkout cameras and sensors (45%), computer vision (46%), and RFID tags and readers (42%) within the next three years to help with loss prevention.
Those strategies could help improve the brick-and-mortar shopping experience, as 78% of shoppers say it’s annoying when products are locked up or secured within cases. Part of that frustration, according to consumers, is fueled by the extra time it takes to find an associate to them unlock those cases. Seventy percent of consumers say they have trouble finding sales associates to help them during in-store shopping. In response, some just walk out; one in five shoppers has left a store without getting what they needed because a retail associate wasn’t available to help, an increase over the past two years.
Additional areas of frustrations identified by retailers and associates include:
The difficulty of implementing "click and collect" or in-story returns, despite high shopper demand for them;
The struggle to confirm current inventory and pricing;
Lingering labor shortages; and
Increasing loss incidents.
“Many retailers are laying the groundwork to build a modern store experience,” Matt Guiste, Global Retail Technology Strategist, Zebra Technologies, said in a release. “They are investing in mobile and intelligent automation technologies to help inform operational decisions and enable associates to do the things that keep shoppers happy.”
The survey was administered online by Azure Knowledge Corporation and included 4,200 adult shoppers (age 18+), decision-makers, and associates, who replied to questions about the topics of shopper experience, device and technology usage, and delivery and fulfillment in store and online.
Census data showed that overall retail sales in October were up 0.4% seasonally adjusted month over month and up 2.8% unadjusted year over year. That compared with increases of 0.8% month over month and 2% year over year in September.
October’s core retail sales as defined by NRF — based on the Census data but excluding automobile dealers, gasoline stations and restaurants — were unchanged seasonally adjusted month over month but up 5.4% unadjusted year over year.
Core sales were up 3.5% year over year for the first 10 months of the year, in line with NRF’s forecast for 2024 retail sales to grow between 2.5% and 3.5% over 2023. NRF is forecasting that 2024 holiday sales during November and December will also increase between 2.5% and 3.5% over the same time last year.
“October’s pickup in retail sales shows a healthy pace of spending as many consumers got an early start on holiday shopping,” NRF Chief Economist Jack Kleinhenz said in a release. “October sales were a good early step forward into the holiday shopping season, which is now fully underway. Falling energy prices have likely provided extra dollars for household spending on retail merchandise.”
Despite that positive trend, market watchers cautioned that retailers still need to offer competitive value propositions and customer experience in order to succeed in the holiday season. “The American consumer has been more resilient than anyone could have expected. But that isn’t a free pass for retailers to under invest in their stores,” Nikki Baird, VP of strategy & product at Aptos, a solutions provider of unified retail technology based out of Alpharetta, Georgia, said in a statement. “They need to make investments in labor, customer experience tech, and digital transformation. It has been too easy to kick the can down the road until you suddenly realize there’s no road left.”
A similar message came from Chip West, a retail and consumer behavior expert at the marketing, packaging, print and supply chain solutions provider RRD. “October’s increase proved to be slightly better than projections and was likely boosted by lower fuel prices. As inflation slowed for a number of months, prices in several categories have stabilized, with some even showing declines, offering further relief to consumers,” West said. “The data also looks to be a positive sign as we kick off the holiday shopping season. Promotions and discounts will play a prominent role in holiday shopping behavior as they are key influencers in consumer’s purchasing decisions.”
Supply chains are poised for accelerated adoption of mobile robots and drones as those technologies mature and companies focus on implementing artificial intelligence (AI) and automation across their logistics operations.
That’s according to data from Gartner’s Hype Cycle for Mobile Robots and Drones, released this week. The report shows that several mobile robotics technologies will mature over the next two to five years, and also identifies breakthrough and rising technologies set to have an impact further out.
Gartner’s Hype Cycle is a graphical depiction of a common pattern that arises with each new technology or innovation through five phases of maturity and adoption. Chief supply chain officers can use the research to find robotic solutions that meet their needs, according to Gartner.
Gartner, Inc.
The mobile robotic technologies set to mature over the next two to five years are: collaborative in-aisle picking robots, light-cargo delivery robots, autonomous mobile robots (AMRs) for transport, mobile robotic goods-to-person systems, and robotic cube storage systems.
“As organizations look to further improve logistic operations, support automation and augment humans in various jobs, supply chain leaders have turned to mobile robots to support their strategy,” Dwight Klappich, VP analyst and Gartner fellow with the Gartner Supply Chain practice, said in a statement announcing the findings. “Mobile robots are continuing to evolve, becoming more powerful and practical, thus paving the way for continued technology innovation.”
Technologies that are on the rise include autonomous data collection and inspection technologies, which are expected to deliver benefits over the next five to 10 years. These include solutions like indoor-flying drones, which utilize AI-enabled vision or RFID to help with time-consuming inventory management, inspection, and surveillance tasks. The technology can also alleviate safety concerns that arise in warehouses, such as workers counting inventory in hard-to-reach places.
“Automating labor-intensive tasks can provide notable benefits,” Klappich said. “With AI capabilities increasingly embedded in mobile robots and drones, the potential to function unaided and adapt to environments will make it possible to support a growing number of use cases.”
Humanoid robots—which resemble the human body in shape—are among the technologies in the breakthrough stage, meaning that they are expected to have a transformational effect on supply chains, but their mainstream adoption could take 10 years or more.
“For supply chains with high-volume and predictable processes, humanoid robots have the potential to enhance or supplement the supply chain workforce,” Klappich also said. “However, while the pace of innovation is encouraging, the industry is years away from general-purpose humanoid robots being used in more complex retail and industrial environments.”