Tuesday, July 18, 2017

The Threat of Cyber Attack Looms Over Freight and Logistics Groups Worldwide

....so what can those in the supply chain do about it?
Shipping News Feature
UK – WORLDWIDE – Two points which come up time and again at logistics related trade and industry events are firstly, the continuing gender imbalance and secondly, the age of many senior executives at the larger freight transport related companies. Both of these factors have negative connotations for the sector and certainly many are working to, if not smash the glass ceiling, then certainly render it some serious damage, through events such as those held by the everywoman and Women in Logistics organisations.

Mention the second issue however and someone will immediately point out that the condition exists in any industry whereby continuous immersion in a particular facet of any career will bring a wealth of experience thus fitting the candidate for high office in later years.

The world today however is a very different place with technology racing ahead and, in many cases, leaving the previous generation floundering to keep up with ever changing innovations and adaptations and the seeming impossibility of defending constantly moving goalposts. Qualifying as ‘the previous generation’ these days can mean someone just five years older in many instances.

In an age when the world wide web rules just about every type of business, successful companies in the supply chain have adopted complex processing systems to speed and improve their performance and leading shipping lines, road haulage carriers and associated business associations have been in the vanguard of introducing e-documentation, computerised customs procedures and similar cost cutting and optimisation products.

Now however it is time to recognise the massive threat which looms over a society which relies currently on systems barely understood by their creators, let alone those who have accepted their introduction, something made inevitable by the advantages gained by those who do so over those who procrastinate, and the pressures of the authorities to gear up for modern practices.

We have recently seen several events which have effectively reduced companies and even countries to a state of panic, events deliberately engineered by malicious individuals, and yet a recent survey conducted by security systems specialists Expert Security UK has indicated around one third of employees are not aware of, let alone conversant with, the safety and security policies implemented by the company they work for.

The Petya cyber ‘ransomeware’ attack which hit Maersk Line so hard and the WannaCry virus which infiltrated FedEx as well as Britain’s NHS, were probably introduced simply by some innocent opening an attachment from an innocuous email. This sort of event can and must be prevented, either by education of all staff but preferably also by the introduction of software to filter out malicious content.

All of course easier said than done, the plethora of so called ‘absolutely secure’ malware detect and destroy products are, as we all know, only as strong as their last update. So what can the average business owner or CEO do to ensure absolute security of irreplaceable or sensitive data?

In his latest blog Danny Scholfield, Managing Director at Expert Security UK, got together with other experts in related fields to reveal various methods to ensure the most stringent security possible is in place and ensure that all ‘on the team’ understand and employ best practice.

HeX Productions is a website builder and James Hall, creative director, says employers must drum home the importance of abiding by security policy to all staff. When HeX builds a site its developers incorporate firewall and virus settings as well as making sure user policies are strict to ensure tight security. The firewalls are both tested and monitored but for those unsure of what’s involved he advises:

”Implementing procedures is simple. Ask your website developer or hosting company what kind of protection you’ve got. Disaster recovery is essential, just in case the worst does happen. We ensure that all websites we develop are backed up to three locations around the world. It’s also worth checking how many people have access to the development side.

”Businesses can improve security really easily and it’s about asking around if unsure. Don’t always go for the cheapest developer because they might not have as much security as those who charge a little bit more.”

Oak, an intranet solutions producer, turn out systems to ensure customers can collate their entire business needs with one, simple to use, product. David Pinches, marketing director says he would recommend a ‘single sign on’ for users and system managers with varying level of secure access to boost security and allay concerns. This process places access to all business applications under management through the Microsoft Active Directory system. He explains how this works in practice:

”[The] Oak intranet system used in companies of all sizes is often deployed as part of the overall Active Directory infrastructure and hence employees simply sign in to their network at the start of the day and do not need to sign in again, or other applications that have a similar capability. This reduces the risk around multiple sign-ins with many systems and with varying levels of secure user access. It provides a quick win for users and system managers alike.”

Information security management and data protection need to be part of any organisation’s foundation and a complete understanding of such is key according to Harshini Carey, regional director at Neupart, a risk management and information security company which offers products from a phishing test tool to ISO quality compliance management. She comments:

“You need to have a clear overview of all your necessary processes: who’s involved in each process, and what stage they’re at. One of the best ways to do this is to carry out a gap analysis. Figure out where you stand in relation to security standards such as the EU’s General Data Protection Regulation (GDPR), and which areas you need to improve in order to be fully compliant. It’s best that you don’t view this as an annual job to be carried out by an external consultant, but rather invest in a tool that allows you continual control and a better understanding of your organisation’s compliance.”

So, the key to cyber security and safety it would seem is simply, fit the best, make it as idiot and sabotage proof as possible, maintain it, ensure all your staff understand their future as well as that of the company depends on their comprehension and attention to following the safeguards in place. And with all that said the last word goes to Danny Scholfield at Expert Security UK who sounds a cautionary note for those whose whole focus is on those high profile digital threats:

“As we go forward, it’s imperative that we’re using every possible method to our advantage. This means being open to new solutions (provided that they’re fully tested and operative, of course) and making sure there is a balance between physical and cyber security.

“For businesses, there are plenty of new solutions that are being designed to prevent security breaches, from bi-folding speed gates to crash-tested bollards. With advancing technologies and increasingly sophisticated techniques it’s crucial that businesses stay one step ahead.”