Cyberattacks can bring any company to a standstill. When attacks are targeted at logistics and transportation companies, it can have devastating impacts on entire supply chains. Ransomware, phishing, and brute force attacks on logistics companies can disrupt the movement of freight and undermine consumer confidence. Or worse, prevent the distribution of much-needed vaccines or medical supplies to hospitals and communities.
Manufacturers, logistics, and transport companies have embraced Industry 4.0. They have invested in digital technologies that connect IT, OT, and IoT systems. These connected systems improve efficiencies. However, connected systems create new entry points for malicious actors. This increases cybersecurity risk.
With ransomware attacks increasing 700% in 2020 and the transportation industry a top 3 target for malicious actors, now is the time to rethink cybersecurity strategies and secure your most privileged IT assets and data.
Where to Start?
There are things trucking, freight, cargo, rail, and other transportation and logistics companies can do today to start improving cybersecurity. This includes:
Educate Employees about Cybersecurity – Make sure employees are educated on cybersecurity best practices. Employees need reminders not to click on unverified links or not to open attachments from untrusted sources.
Update and Patch Software – If you haven’t already, make sure you have installed all software updates and patches. Keeping up to date with software releases will ensure you are using the most secure versions.
Back-Up Data – Ransomware attacks are designed to block access to data unless a company pays a ransom. Having a secure backup solution and backing up all data will not prevent attacks but it helps to mitigate their impact. You will be able to restore systems and minimize downtime.
Passwords and Multifactor Authentication (MFA)– Did you know that 123456 is still the top used password? Update password policies to require strong passwords and regular password rotation. MFA adds another layer of security to passwords by authenticating the person accessing your systems. It requires a user to present multiple pieces of evidence or identifiers (usually a one-time passcode) before granting access to company systems. With MFA, even if passwords are stolen, it’s unlikely that the hacker also has the phone and OTP generator.
Secure Remote Access – The pandemic has made remote working the norm. The increase in remote workers creates more entry points for bad actors to execute malware, ransomware, and phishing attacks. VPNs are a good option for some office workers but not for IT admins or privileged users that require access to critical business data. VPNs can be insecure and unreliable. If your privileged users work remotely or you have third-party consultants accessing systems remotely, consider implementing a secure remote gateway that brokers access using HTTPs to specific resources. Remote gateways work by securely locking a company’s systems behind their firewall forcing privileged users to use the gateway to access critical assets.
Secure privilege accounts and IoT devices – Privileged accounts have a higher level of access to systems and data. They are often used by privileged users and by machines, IT systems, or cloud software for intercommunication. The IoT devices, OT, and cloud-based applications used in digital transformation connect to your network and require management and orchestration using privileged credentials. This requires ongoing privileged access management and monitoring to identify the privileged accounts and ensure all IoT / machine credentials are secure, authenticated, and rotated. This will help lower the risk of being impacted by advanced threats through unsecured IoT.
Implement Least Privileges – Whether it’s general workers or IT admins, you want to implement the principle of least privilege. This ensures people only have access to the systems they need and no more.
The logistics and transportation industries are critical to keeping our supply chains moving smoothly. As companies rely on complex systems to operate efficiently, don’t let cybersecurity threats disrupt daily business and delay shipments. Start securing critical systems today.
At Xton Technologies, we work with companies all over the globe to strengthen their cybersecurity efforts by ensuring secure access to critical systems and data. Xton Access Manager (XTAM) delivers enterprise privileged access management (PAM) functionality in one affordable, cloud-ready platform. It combines a secure identity vault with approval workflow; a robust job engine with password rotation and discovery; and session management with recording. With XTAM you can limit access to sensitive information and systems curtailing an attacker’s ability to move unnoticed through your network.