TM Law’s Alexis Cahalan recently addressed the Trans-Pacific Asia Conference, held in Shenzhen, on cyber risks.
Alexis was invited to speak by TT Club, the leading international freight transport insurer, to highlight concerns over the frailty of the global supply chain when faced with cyber-attack.
The presentation emphasized the logistics and freight forwarding community’s particular vulnerability to disruptive cyber activity.
“Operations which are characterized by widespread office networks; reliance on multiple third party suppliers; IT systems predominantly of an in-house, legacy nature, which are poorly protected by security software; and a lack of open communication and reporting of damaging past cyber experiences, are common within the global logistics community. These characteristics lead to greater risk,” she emphasized.
Her conference paper, entitled ‘Cyber Risk: Protecting Your Assets from Invisible Attack’ referenced the recent “not Petya” incident as evidence that the risk of cyber attack is now a reality which needs to be seriously addressed by all participants in the transport supply chain. “There is a case for employing a corporate culture of risk management to assess these vulnerabilities within individual companies and to develop a response framework with this in mind.”
Risks are increasing rapidly not just in terms of greater hacking and malware activity. The desire for supply chain visibility and efficiencies is driving technologies, such as the IoT (Internet of Things) and access through smart phones and the like. There is a danger that rapid adoption of such technology means many companies have yet to consider thoroughly the cyber security implications of BYOD (‘bring your own device’) procedures.
TT Club itself has committed to preparing appropriate loss prevention and risk management advice and support for freight transport operators on an ongoing basis. Defensive action in such a challenging environment can’t be whittled down to just one area of operation. However, human behaviour, both a successful supply chain’s greatest strength and weakness, can be usefully targeted.
“Employee awareness of the potential dangers of day-to-day activities will help with cyber defences. Trust in email communication, auto-connect Wi-Fi settings and password protocols, peripheral equipment and flash drives, computers in general, should all be monitored and reviewed,” said Alexis. “Staff and contractors should be brought to understand that the critical balance between ease of operation and security may bring inconvenience. A corporate culture that articulates, enforces and educates cyber defence will achieve much in terms of mitigating risk.”