The top 5 cyber security challenges for logistics companies - Flipbook - Page 6
06
07
Ensuring the integrity of the rest of the supply chain
What should logistics organisations be doing to ensure the integrity of their supply chain? The NCSC provides some
It’s not enough to get your own house in order. As logistics companies become increasingly connected to other parties and
share data and assets at scale, so the entire supply chain becomes as vulnerable as the weakest participant. Instead of
attempting to hack directly into the corporate network of their target, cyber criminals now have the option of digging through
publicly available information such as websites and social channels to find out who they’re connected to and which supplier,
partner or customer might offer the easiest route in.
Consider what might happen if a cybercriminal was able to ascertain via social media which members of the account teams at
company A and company B had the closest relationships. Now imagine that the same cybercriminal was able to infiltrate the
network of company A, and send an email purporting to come from a member of the account team to his or her contact at
company B. Perhaps that message would be chasing a payment, maybe it would contain a link to company A’s new payment
portal or payment terms. Except it wouldn’t really be anything of the sort. Instead it’s a link to a spoof website that collects the
payment and forwards it straight into the virtual pocket of the cybercriminal, or it downloads a keylogging Trojan that captures
every username and password used by the employee of company B.
The financial, let alone reputational repercussions are clear, and it happens all the time. And yet, according to the DCMS Cyber
security breaches survey published in March 2021, only 12% of UK businesses have assessed the cyber security risk posed by
their suppliers.
excellent supply chain security guidance, based on twelve key principles:
1. Understand what needs to be protected and why
2. Know who your suppliers are and build an understanding of what their security looks like
3. Understand the security risk posed by your supply chain
4. Communicate your view of security needs to your suppliers
5. Set and communicate minimum security requirements for your suppliers
6. Build security considerations into your contracting processes and require that your suppliers do the same
7. Meet your own security responsibilities as a supplier and consumer
8. Raise awareness of security within your supply chain
9. Provide support for security incidents
10. Build assurance activities into your supply chain management
11. Encourage the continuous improvement of security within your supply chain
12. Build trust with suppliers