8.6.2022 | Industry matters

How to win the war against the hackers

Karen Rogers, managing director at cyber security specialists, Corbel, shares the company’s top five recommendations on how the logistics sector can strengthen its internet defences.

The internet is incredible. It enables us to communicate in real-time with family and friends on the other side of the world, look up the answer to any question troubling us and even work more efficiently than ever before. But all that convenience and opportunity comes at a cost.

The speed and anonymity provided by the online world have made it easy for a new wave of criminals to steal our money and data with surprisingly little skill or effort.

It may be surprising to hear that the transport and logistics sector ranks in second place in a list of the industries most affected by cybercrime worldwide. However, if you then consider how much the industry has changed in recent years, you can begin to visualise why that is.

Firstly, transport and logistics are among the biggest sectors worldwide, and they are hugely profitable, which means it is extremely attractive to cyber criminals who want to make money. Secondly, the dramatic increase in technology usage across the industry in recent years means it is even easier for fleet operators, partners, and vendors to share data. This means cybercriminals have an even greater opportunity to identify and exploit weak links in the supply chain sector. Alongside that, the transport and logistics industry is incredibly sensitive to disruption due to our global reliance on supply chain firms. Bringing operations to a frightening standstill would be a key incentive for any cyber-criminal.

Cybercrime is now the number one threat to businesses everywhere, let alone our particular sector. But that doesn’t mean a devastating attack is inevitable. All this makes it even more critical that transport and logistics firms stay updated on the cyber threat landscape. There are plenty of ways to stay one step ahead of the cyber criminals and stop your business from becoming yet another statistic.

When it comes to staying safe online, complacency is the real killer. So never underestimate the importance of internet security or assume that hacking is something that only happens to other businesses. It can – and does – happen to anyone who takes their eye off the ball.

Businesses today are finding themselves in a virtual war zone, battling a new wave of criminals who will stop at nothing to steal valuable data and cause long-lasting damage. Like any war, strong leadership and a great strategy will significantly reduce casualties and improve your chance of winning. Although it was written way back in the 5th Century BC, Sun Tzu’s The Art of War is still influencing business leaders around the world – and it applies perfectly to the war against cyber criminals.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles”

Staying one step ahead of the enemy means understanding your organisational flaws and weaknesses and an acute awareness of your opponent’s dirty tricks. When you know what you’re up against, you’ll be much better equipped to fight back. Sure, they can still attack you, but they can only cause real damage if you’re not properly prepared.

MALWARE

Malevolent, malignant and malicious, Malware is a generic term to describe all kinds of nasty software specifically designed to cause pain and disruption. Often still referred to as computer viruses, they do their damage by infecting the host with something that makes them sick – just like a real-life biological virus. And in the same way bugs are spread among living creatures, malicious code is used to generate multiple copies of the virus that spread across entire organisations. Once it’s found its way into the system (usually when a user clicks on a dodgy link), Malware can cause chaos and huge financial losses in an alarmingly short space. Within hours systems can become completely inoperable, devices can be spied on, and vast amounts of data can be stolen and sold to the first available bidder.

For a more detailed look into malware, including the nine threats you need to be worried about take a look here.

RANSOMWARE

The modern-day equivalent of ‘your money or your life’, ransomware attacks take users entirely by surprise by threatening them with major data loss unless they pay up fast. This nasty form of malware can completely block an organisation’s access to their information until they pay a ransom. Ransomware attacks have been at an all-time high. Still, fewer victims are paying up today thanks to an increased number of organisations investing in robust security and backup solutions. There were plenty of attacks last year, though, and hackers are still constantly looking for organisations with a more lackadaisical approach to data protection.

BOTNETS

The Internet of Things (IoT) has revolutionised the way we work, live and play, with everything from our mobile phones to doorbells connected via the internet. And, of course, hackers have been more than happy to exploit this newfound connectivity. Constantly creating new ways to infiltrate personal and business data, cyber-criminals have been using a variety of internet-connected devices called botnets to perform a variety of attacks. From denial of service (DDoS) and ransomware to spying and cryptocurrency mining, botnets are on the rise, and they’re wreaking havoc on devices worldwide. One of the biggest reasons cyber-criminals target IoT devices is that attacks can go undetected for weeks or even months. It’s often when something goes seriously wrong that the victim notices their device has been compromised.

PHISHING SCAMS

Phishing has been around for ages now, and it’s not looking likely to disappear any time soon. Criminals rely on a combination of good nature and ignorance among their victims. Phishing scams work by sending target emails that have been carefully crafted to look like they come from a trusted source, and they’re often sent later on in the day when staff are less likely to be alert to threats.

MAN-IN-THE MIDDLE (MITM) ATTACKS

A bit like a nasty nosy neighbour, MitM attacks eavesdrop on transactions and conversations between two or more parties. Once the attacker has made their way into your personal or professional business, they’re perfectly positioned to steal your data and destroy your reputation. The most common way cybercriminals use MitM attacks is through unsecured public Wi-Fi, which is why working remotely from your local coffee shop is not a good idea. It only takes a few minutes for an attacker to intercept a device and install malicious software that processes and duplicates the victim’s data.

DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACKS

Ever suffer from information overload? When there’s so much stuff you have to take in and remember that your brain simply gives up and you find yourself incapable of intelligent thought? That’s basically what a DDoS attack does to computer systems, networks and servers by flooding them with so much traffic that they’re no longer able to perform simple tasks. Once the network has been completely overwhelmed with emails and requests it becomes completely inaccessible, resulting in significant losses and often irreparable reputational damage.

ZERO-DAY ATTACKS

This kind of cyber-attack happens on the first day a weakness is found in a piece of software. Usually, when a user becomes aware of a potential security risk they have time to report it to their software provider, who will, in turn, develop a patch (a bit like a sticking plaster) until a more permanent solution is available. But in the case of zero-day attacks, it’s too late for a quick fix. That’s why cyber-criminals are always listening out for news about potential flaws so they can act before the user has a chance to do anything about it.

STRUCTURED QUERY LANGUAGE (SQL) INJECTION

Cyber attackers perform SQL injections by inserting code into database queries, giving them complete control over databases and websites. It requires very little skill or knowledge to initiate an attack, but the effects of the stolen and misused data are often devastating.

“The greatest victory is that which requires no battle”

Businesses targeted by cyber-crime fall into two camps: those who have prepared and those who haven’t.

It goes without saying that the ones who have always put IT security low down on their list of priorities find themselves in the hottest, deepest water. The effects of even a relatively small data breach can last for months, even years, with many organisations finding themselves completely unable to recover from the loss of revenue, reputation and customers.

Any cyber-attack will be inconvenient and worrying, but if you’ve got all your ducks in a row it doesn’t have to be devastating. When you have the proper plans, procedures, software and support in place you’ll always have the upper hand.

So, let them exhaust their troops while you sit back and smile, safe in the knowledge that you’ve done everything in your power to protect yours.

HERE ARE OUR TOP 5 RECOMMENDATIONS

  1. Create a culture of awareness

Around 88% of data breaches are caused by unsuspecting staff members, so make IT education a priority in your organisation. Run internet safety awareness courses and ensure that you and your staff are always up to date with the latest threats and how to avoid them. Schedule regular reviews and refreshers into your diary, and lead by example. If you’re seen with Post-it notes displaying multiple passwords, or you regularly share login details, you can’t expect your workforce to take security seriously.

Check out our guide on how to make Cyber Security a solid part of your business’s culture here.

  1. Use strong passwords

Sure, it’s a pain having to have separate passwords for all your different applications, but it really is better to be safe than sorry. Hackers have been stealing passwords for years because people make it so easy for them by using them on multiple accounts or choosing codes that even a toddler could guess. Strong passwords include a combination of uppercase, lowercase, numbers and special characters, and they should be changed once a month.

There’s some great software out there these days that enables you to create (and remember) new passwords without having to keep coded messages in your diary or phone, so there’s really no excuse for the likes of “Password1” or “123456” anymore.

Multi-factor authentication is even better. Before being granted access to data, users have to do something to prove it’s really them logging in. This can be as simple as receiving a text on your phone, or for ultra-security, using a specialist device.

  1. Be careful what you (and your staff) post

We live in a society where it’s become the norm to overshare. From A-list celebrities to friends you haven’t seen since primary school, it seems that everyone is happy to divulge each moment of their waking day in detail. This constant stream of personal information has given cyber criminals the perfect opportunity to target victims through social media, quickly finding out where they live, what they do for fun and where they work. To minimise your chances of becoming a victim think about how much information you really want to share with strangers and make it policy for employees never to divulge business details online.

  1. Avoid public Wi-Fi

While it can be great to take a break from the office and work from the local café or train, using free Wi-Fi leaves you wide open to attack. It’s the perfect opportunity for cyber-criminals to steal passwords, customer data and banking details, quickly spreading viruses between multiple devices. If you or your workforce are going to work remotely, use a VPN (Virtual Private Network) to secure your connection, and be sure to turn off sharing on your device settings.

  1. Develop a multi-layered approach to IT security

The most important tools in your arsenal are robust, up to date anti-virus software and firewalls which should be constantly monitored and regularly updated. It’s also essential to ensure that all software is regularly updated to avoid any vulnerabilities hackers could exploit. Old, outdated computers also pose a significant threat, so undertake regular inventories of your entire system and schedule licensing renewals. Even with the best plans and precautions, disasters can still happen. The world of cybercrime is so rapidly evolving that even hardened security experts can’t guarantee that a hacker won’t come up with a new way to break in. So, you’ll need a backup in place. When your data is properly backed up in a secure place and regularly tested for vulnerabilities, any disasters that do occur can be rapidly dealt with and you’ll have peace of mind that any lost data can be quickly replaced.

For further information on how to make your Cyber Security even more secure- have a read here.

Corbel is your local, award-winning IT Support and Services company working proactively with businesses in Felixstowe, Ipswich and across Suffolk. Our dedicated and experienced Cyber Security experts have specialized expertise in the transport and logistics industry. We work with lots of companies in the sector providing advice, support and guidance to optimise how their technology works for them, in the safest and most protected way possible. If you would like to contact us to find out a little more about how our services could help you, please do give us a call on 01473 241515, take a look at our website or drop us an email at info@corbel.co.uk for an initial discussion.