When RSA convened in San Francisco for its annual U.S. security conference last month, global logistics managers took a deep dive into risk mitigation and learned how to soften the impact of unexpected attacks to their firewalls.
But much of the emphasis was also placed on proactive prevention, with special emphasis placed on recognizing the “threat landscape” before investing in security architecture, systems, and personnel to avoid a crisis to begin with.
According to CompTIA – a leading technology industry association – logistics managers face “a three-fold” set of challenges, comprising an enlarged attack surface, well-armed adversaries, and the lack of in-house expertise to deal with sudden emergencies.
James Stanger, chief technology officer for CompTIA, says that a poll taken with 600 global companies confirmed that many still fail to anticipate cybersecurity trends.
“First, we’re seeing a proliferation of powerful devices and applications. Many of these have been created rather hastily,” he says. “Second, we’re seeing an increase in ever-more varied attacks that focus on social engineering, sophisticated credential harvesting and ways to manipulate foundational internet services…especially the Domain Name System (DNS).”
Stanger further maintains that when it comes to social engineering, this key problem remains: well-motivated, intelligent groups and individuals are actively targeting supply chains which are succumbing to these attacks with increasing regularity.
“It’s a huge number,” he says, something like 80 percent of these violations come for from ‘click users,’ or from employees who unknowingly give out too much information. In the early days of hacking, supply chains were wary of worms and software. Now it’s what we call ‘wetware’…people’s brains.”
It’s becoming increasingly complex, with more distant overseas suppliers being made vulnerable by failing to update their encryption or back up files.
“It’s not just ‘Nigerian Prince’ stuff anymore,” says Stanger. “Companies are being held up by ransomware rackets worldwide. The problem can even become more severe when the threats come from automated protocols that can’t even accept payment. That leaves the shipper with only one alternative…rebuild their network.”