Cyber attacks on the rise

18 May 2020 - by Liesl Venter

Cyber criminals are ramping up attacks on the supply chain – and no-one is immune.

According to a recent report by international software solution provider Symantec, cyber attacks on the supply chain rose by a whopping 78% in 2019.

“Supply chain attacks, which exploit third-party services and software to compromise a final target, take many forms, including hijacking software updates and injecting malicious code into legitimate software. Developers continued to be exploited as a source of supply chain attacks, either through attackers stealing credentials for version control tools, or by compromising third-party libraries that are integrated into larger software projects,” reads the report.

James Britz, group IT manager at CFR Freight, said companies needed to be more vigilant than ever before as technology became more complex and convenient.

“There is undoubtedly a need for increased security measures,” he told Freight News.

“It is commonplace to see hundreds of thousands of threats on a daily basis and they are constantly evolving. It’s even more alarming that artificial intelligence can also be used for dubious means.”

The need for more protection and control was especially necessary in the freight industry, said Mark Gatenby, CIO at Tigers.

“Freight companies have had a very poor record in this area when compared to other sectors. Companies like Maersk, Toll, FedEx and MSC have all had cyber attack-related issues in recent years.”

Both the Maersk and Toll attacks were severe enough to affect their business for months.

According to Gatenby the biggest issue forwarders face is that good security is increasingly expensive and time consuming to implement.

“The hacking community is always one step ahead of most forwarders’ attempts to stop them. Worse still, it is known that hackers prefer to target medium-sized companies who are even more vulnerable and less well reported on than a Maersk or a Toll,” he said.

Michael Henning, Easyclear sales manager, agreed, saying often smaller companies did not have the knowledge or the resources to effectively combat cybercrime.

“Most antivirus software provides a level of security, but does not combat the more intensive security attacks. More often than not a more expensive solution is required.”

Another challenge, said Henning, was that many service providers offering their solutions in a cloud-based environment relied solely on the security measures of the cloud-hosting environment, which was often compromised by the regular windows updates.

“They simply do not have the necessary firewalls in place to shut out a malicious attack, all the while enabling their clients to connect via a Remote Desktop Protocol (RDP) connection which in many cases is not secure.”

Britz advises companies to introduce a multi-faceted defence strategy.

“You need to treat these threats with a ‘when, not if mindset’. Over-preparation (as far as is possible) is the key," he said.

“Have as many disaster recovery elements as you can to fall back on, educate your users to look for warning signs within emails, and have good monitoring and antivirus in place. Also, keep your patch management and antivirus definitions up to date and use multiform authentication.”

Having the correct partnerships are also important.

“Partner with people who have demonstrated the ability to walk the talk. These are all must haves and not nice to haves.”