22.2.2023 | Industry matters

Are you Cyber-Crime Savvy?

Three local companies talk about the threats and how to mitigate attacks. 

When the words cyber and security are mentioned, it’s easy to think that potential risks only apply to big multinational corporates. Unfortunately, this couldn’t be further from the truth, making it an issue that needs to be on the agenda of organisations of all shapes and sizes, including those in the logistics sector.

As demonstrated during the pandemic, shipping and logistics is the glue that keeps our modern and globalised way of doing business together. And as cyber-attacks take many forms – including technology focussed ransomware (an attack where malicious software blocks access to a firm’s database or computer files until a ‘ransom’ is paid) and undetected attacks due to human error and processes, no company can afford to take a laissez-faire approach to the issue.

With this in mind, Porttalk talks with three Ipswich-based organisations that are taking their own steps to limit attacks or help clients mitigate any potential threats to their business and data.

Corbel Solutions is an IT company that specialises in cyber security. Managing director Karen Rogers says: “There is a new landscape of threat from outside and inside any organisation –  some with harmful intent and others as the result of human error. Our job is to help enterprises mitigate such risks by educating them about potential threats and working with them to proactively layer their security to protect their business and its assets.

With more than 80% of cyber-attacks originating from phishing emails, the range of services Corbel offers is extensive. From firewalls, cyber security testing and phishing simulations, audits, dark web monitoring and staff training on the ubiquity of cybercrime, Corbel Solutions uses only the latest technological innovations to ensure peace of mind for its clients.

Karen continues: “Whilst 39% of UK companies identified a cyber-attack in 2022, it’s heartening to know that 54% of organisations acted in the last twelve months to identify any risks within their procedures and operations.

“It’s imperative that companies embrace a multi-layer approach, we always recommend the starting point of any decision-making should be a cyber audit combined with penetration testing. This way vulnerabilities can be identified and budget ringfenced for security enhancements can be used to maximum effect.”

But what happens if your business is compromised despite your best endeavours?

WM Brokers is an insurance broker that works with firms, including those in the logistics sector, to ensure the correct type of insurance is in place to cover their business in the event of such a calamity.

Offering a host of insurance options, including cyber security insurance and dependent business interruption insurance (which covers your business should a third-party system you rely on suffers an attack), WM Brokers’ account executive, Liz Howe, says: “With cyber-attacks in 2022 increasing by 77% from the previous year and small businesses nine times more likely to receive a cyber-attack than a theft or burglary, the industry mustn’t bury its heads in the sand but face the potential of cyber threats head-on and insure themselves accordingly.

“Having the right insurance in place means you have somewhere to turn for help, support and financial cover for your business in the event of an attack. WM Brokers works with companies to identify those risks and help them make an informed decision on what protection they should have.

Most cyber insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen, or corrupted. For the business involved, the first-party cover includes the charge of investigating a cyber-crime, recovering data lost in a security breach and the restoration of computer systems, loss of income incurred by an operational shutdown, reputation management, extortion payments demanded by hackers, and notification costs, in the case you are required to notify third parties affected.

Third-party coverages (that result from claims against you) include damages and settlement and the cost of legally defending yourself against claims of a GDPR breach.

Liz Howe adds: “As with most insurances, we always advocate undertaking a detailed review of your policy on an annual basis to determine it is still fit for purpose and meets the needs of your organisation.”

Last but not least, Fargo Systems, a leading software provider to the logistics industry, explains why systems and data must be protected with its TopsTMS® suite of products ubiquitous across the sector.

Managing director, Steve Collins, explains: “The scope of our TOPS technology means that the systems and data processing is essential for the supply chain to be efficient.

“As technology evolves for legitimate organisations, so does the technology available for cyber-attacks. Constantly reviewing security protocols is imperative. Last year, we engaged the services of Corbel Systems to undertake a thorough review of our business operations to identify evolutions in security protocols we weren’t currently utilising.

“One of the first things the review identified was the need further to protect email systems with advanced threat detection tools and review the latest two-factor authentication options; DUO’s two-factor authentication system is now installed across our entire business systems network. It ensures that users are who they say they are and keeps our cloud system and customers safe from unauthorised access.

“We’ve also embraced the additional security offered by Microsoft Azure cloud services. We have increased the frequency of our cyber security assessments and our progressive penetration tests (pentests) to quarterly to ensure we are aware and can quickly act on any newly identified vulnerabilities.

“And, as part of our commitment to protecting our systems and customers from cyber-attacks, we are introducing SSO (Single Sign-On) with Windows Active Directory into TOPS, which will be available to customers regardless of how TOPS is deployed. A validation method that enables the central administration of user accounts and permissions, integrating TOPS with Windows AD was an obvious progression. The added benefit of SSO is to provide users with the ability to securely authenticate with multiple applications and websites using a single set of credentials. This is available when TOPS is accessed via Fargo’s cloud, the customer’s own cloud or a customer’s on-premises network; we hope this will simplify for the end user what can be a complicated security topic.”

Steve Collins adds: “We have always been cognisant of the potential of cyber-attacks, but our review with Corbel provided access to industry best practice information and supported the integration of new security techniques with our existing infrastructure.”