Denny Cherry (denny@dcac.com) is the principal consultant with Denny Cherry & Associates Consulting and the author of The Basics of Digital Privacy. He has over two decades of experience working with platforms such as AWS Cloud, Microsoft Azure, Microsoft SQL Server, Hyper-V, vSphere and Enterprise Storage Solutions.
After the slew of ransomware attacks on logistics companies in 2020, it’s time for the industry as a whole—both service providers and customers—to take the threat seriously and employ a prevention strategy that works.
A ransomware attack occurs when a company’s computers are encrypted by a hacker and the hacker holds the decryption key until a ransom is paid. During the attack, production and/or the movement of goods shuts down. No one can work on company servers, computers, or software until either the ransom is paid or the company manages to restore its production servers from backups. Even if the ransom is paid, there is no guarantee the company will get its data back, nor does it enjoy any “immunity” from a second attack. Furthermore, ransomware is insidiously contagious; once installed, the malware can unknowingly be transferred to the victim’s client companies days before it knows an attack has occurred.
Worldwide, ransomware attacks occur once every 11 seconds, according to Cybersecurity Ventures, and unfortunately logistics companies (and those “logistics adjacent”) have recently become new favorite targets for hackers. The most notable case was the September attack on the French container line CMA CGM, which ultimately cost the company $50 million. Logistics companies are a tempting target for cyber criminals because their immediate need for data on products in transit makes them more likely to pay a ransom.
As a cybersecurity specialist, I’d suggest that IT security in the logistics space is not what it should be in 2021 and that each successful attack further imperils the industry as a whole. Having worked with many companies after a ransomware attack, I can assure you that the consequences are devastating: some companies go out of business, others face lawsuits from customers for failing to adequately protect cargo from cybertheft, and still others have to deal with vital data being posted to the dark web.
The costs of ransomware
Let’s admit upfront that IT security is expensive, and it doesn't drive revenue, making it hard sometimes to get buy-in from senior executives. However, ransomware attacks have many lasting costs associated with them beyond just the ransom, including the cost of:
Specialists to restore systems,
Downtime,
Computers needing to be rebuilt,
Inability to complete freight settlement payments,
Inability to roll trucks,
Loss of signed bills of lading,
Increased driver turnover (due to the sometimes vengeful and personal nature of the attacks), and
Loss of customer confidence
Whether you pay the ransom or not, every company computer will need to be formatted and reinstalled to ensure that the ransomware software is not still floating around your environment. That usually requires top-tier IT cybersecurity teams for a series of tense, difficult, 24-hour workdays, because rebuilding needs to be done both rapidly and carefully. Depending on how many computers need to be formatted and reinstalled, your tab could easily run into the six-figure range.
Additionally, the amount of downtime that you experience will only multiply your costs. For example, staff will still need to be paid, even if they are unable to work. While sending your staff home without pay could reduce the cost, there’s frequently a lasting loss of company morale that accompanies that decision. Then there are the problems and confusion over shipments already in progress: freight settlements cannot be completed because the EDI system is broken; contact information for customers, vendors, and drivers is often lost; and bills of lading cannot be collected from customers, halting new shipments from being dispatched.
And in most cases, it's going to be weeks for systems to be restored.
Perhaps the most lasting cost of a ransomware attack is the reputation of your company. As Warren Buffet once famously said, “It takes 20 years to build a reputation and five minutes to ruin it.” Ransomware attacks can not only cost you customers but also generate customer lawsuits claiming negligence due to your lack of ransomware protocols.
Given the potentially fatal volume of risk, it’s ultimately more economical to invest in your security.
Your ransomware protection roadmap
Unfortunately, there is no lone software solution that can protect your company from a Ransomware attack. To avoid (or decrease) the costs associated with a potential ransomware attack, companies need to create a comprehensive protection plan. Protecting your company will require some technical solutions, as well as training. From a technical perspective, there are several things that can, and should, be done.
Implement multi-factor authentication (MFA). MFA combines something that you know, such as your username and password, with something that you have with you, typically your cell phone. Upon logging in to your email, VPN (virtual private network), company chat application, or even your desktop computer, the user will receive a unique one-time code either within an application installed on their phone or via text message that enables them to log on. Using MFA makes hacking the system more challenge because even with a password, the attacker generally doesn’t have access to the employee’s cell.
Prevent unnecessary access to servers. Typically, employees have much greater access to servers than they need to do their job. Adopting “least privilege” access protocol involves giving staff access only to what they need. This way, if there is a breach of the company, the attacker would only have access to a minimal number of resources throughout the company.
Block server access to the internet, if possible. Ideally, no servers should have any sort of internet access. This prevents any ransomware software that gains access via employee error from being able to talk to the command-and-control server, which sends commands to the software and encrypts all the files on your file system. By blocking this function, you can stop the attack in its tracks. If internet access is essential, such as an application which needs to import data from a vendor’s system, a specific-use server can be adopted that is entirely separate from the rest of your environment.
Use a “ringed network” design. Proper network design is a “ringed network,” where workstations and servers are placed in different sections of the network and those network segments have specific rules designed to protect them. A ringed network is not difficult to implement.The outermost ring—where users’ desktops and laptops are—has internet access as well as access to the next ring in the environment. The second ring consists of servers that users need to access directly, such as file servers and domain controllers. While users can access services on these servers, any network ports not specifically needed are closed by firewalls. And in order to prevent these servers from talking to a command-and-control server during a ransomware attack, these servers do not have internet access. The innermost ring of the network design is the servers that users do not have direct access to, such as the phone system as well as any backend processing servers.
Typically, these innermost servers do not have access to the middle ring of servers either, except for very specific needs. Likewise, the servers in the middle ring do not have access to the servers in the innermost ring of the network unless there is a specific need. This protects the servers in the innermost ring, in the event that the servers within the outer rings are infected and means you can still do such essential activities as make calls and process accounting issues.
Route email through an inbound email filtering and scanning system. One that inspects all attachments, as well as URLs included in the emails to ensure that there is no clandestine attack delivered. There are several software packages that can perform this task.
Employ an internet threat management software package. Installed at the network edge, this type of software can review all network traffic to the internet, as well as block any suspicious network traffic before it gets there. This level of security can help prevent workstations that have been compromised by ransomware from being able to control the command-and-control server.
Train, train, train. So many of these attacks begin with human error, predominantly phishing schemes where employees open suspicious email links. Have your IT department remind your staff never to give out a username or password to anyone, ever, even to the HelpDesk, and only login screens that are an official company login prompt. Also remind them to never give out the names of company resources like server names and VPN servers. And never open an email attachment unless they are expecting one and, of course, not to ever run an executable file (.exe) that is sent as an attachment. There are IT industry standard tests which can be performed to ensure that employees respond correctly to the kinds of emails that can be the root cause of ransomware attacks.
System protection is company protection
You know your ransomware strategy is working if after a year nothing bad has happened, and it feels like you wasted your money. The reality is that these protocols are vital and can be the difference between a dull, but successful year and being next year’s cautionary tale.
Ron Marotta of Yusen Logistics listens to Rick DiMaio of Ace Hardware talk about the steps Ace is taking to keep its store stocked after Hurricane Helene and during the East and Gulf Coast Port Strike.
The East and Gulf Coast port strike was the top discussion point during a panel discussion of shippers and logistics providers at the Council of Supply Chain Management Professionals (CSCMP) annual EDGE Conference this morning. The session, which was supposed to be focused on providing an update to CSCMP’s “2024 State of Logistics Report,” quickly shifted to addressing the effect that the strike by nearly 50,000 dockworker at 36 ports in the Eastern half of the U.S. could have on supply chains.
“The seriousness of this action cannot to be taken lightly,” said Ron Marotta, vice president of the freight forwarder and supply chain service provider Yusen Logistics (America). “It has not happened since 1977. Our lives depend on sustaining a smooth global supply chain.”
Marotta warned that for every day that the ports were not open, it would take four to five days to recover from the impact. One added concern is how the port closures would affect recovery efforts for Hurricane Helene. “There’s a huge amount of item that would normally be replenished by importers and retailers,” Marotta said.
Rick DiMaio, executive vice president and chief supply chain officer, for Ace Hardware Corp., commented that the hardware retail cooperative was doing okay for now keeping stores in stock, although he did expect the company would be “chasing generators for awhile.” “But in this recovery phase [from the hurricane], we certainly don’t need a strike right now,” he said.
The port closure will also have a knock-on effect on other transportation modes. For example, Andy Moses, senior vice president of sales and solutions for logistics services provider Penske Logistics, expects to see some companies turn to air freight as a result of the strike. This will, in turn, cause air freight capacity to tighten up and rates to rise. Furthermore, the longer the ports are closed, the more likely inflation is to rise again, according to Moses.
Nor will the effects of the strike stop at the U.S. border, according to Marotta. Many Caribbean Island nations depend on food import from the U.S. that move through East Coast ports. Additionally, some medical supplies typically are exported through the ports to Europe.
On a positive note, however, many companies took actions earlier in the year to prepare themselves for a potential strike. Ammie McAsey, senior vice president of customer distribution experience for the pharmaceutical distributor McKesson, said the pharmaceutical industry has brought in enough extra inventory that there will not be a short-term impact on the U.S. health care system due to the strike.
Government intervention?
Marotta hopes that the U.S. government takes the step of invoking the Taft-Hartley Act to stop the strike and send the International Longshoremen’s Association (ILA) and the port management group, United States Maritime Alliance (USMX) back to the negotiation table. In 2002, for example, President George W. Bush used the Taft-Hartley Act to end an 11-day lockout of union workers at West Coast ports. President Joe Biden, however, told reporters on Sunday that he would not do this.
“I hope that cooler heads prevail and that the executive branch realizes that it’s not just a labor issue, it’s also a humanitarian issue,” Marotta said.
Confronted with the closed ports, most companies can either route their imports to standard East Coast destinations and wait for the strike to clear, or else re-route those containers to West Coast sites, incurring a three week delay for extra sailing time plus another week required to truck those goods back east, Ron said in an interview at the Council of Supply Chain Management Professionals (CSCMP)’s EDGE Conference in Nashville.
However, Uber Freight says its latest platform updates offer a series of mitigation options, including alternative routings, pre-booked allocation and volume during peak season, and providing daily visibility reports on shipments impacted by routings via U.S. east and gulf coast ports. And Ron said the company can also leverage its pool of some 2.3 million truck drivers who have downloaded its smartphone app, targeting them with freight hauling opportunities in the affected regions by pricing those loads “appropriately” through its surge-pricing model.
“If this [strike] continues a month, we will see severe disruptions,” Ron said. “So we can offer them alternatives. We say, if one door is closed, we can open another door? But even with that, there are no magic solutions.”
Turning around a failing warehouse operation demands a similar methodology to how emergency room doctors triage troubled patients at the hospital, a speaker said today in a session at the Council of Supply Chain Management Professionals (CSCMP)’s EDGE Conference in Nashville.
There are many reasons that a warehouse might start to miss its targets, such as a sudden volume increase or a new IT system implementation gone wrong, said Adri McCaskill, general manager for iPlan’s Warehouse Management business unit. But whatever the cause, the basic rescue strategy is the same: “Just like medicine, you do triage,” she said. “The most life-threatening problem we try to solve first. And only then, once we’ve stopped the bleeding, we can move on.”
In McCaskill’s comparison, just as a doctor might have to break some ribs through energetic CPR to get a patient’s heart beating again, a failing warehouse might need to recover by “breaking some ribs” in a business sense, such as making management changes or stock write-downs.
Once the business has made some stopgap solutions to “stop the bleeding,” it can proceed to a disciplined recovery, she said. And to reach their final goal, managers can use the classic tools of people, process, and technology to improve what she called the three most important key performance indicators (KPIs): on time in full (OTIF), inventory accuracy, and staff turnover.
CSCMP EDGE attendees gathered Tuesday afternoon for an update and outlook on the truckload (TL) market, which is on the upswing following the longest down cycle in recorded history. Kevin Adamik of RXO (formerly Coyote Logistics), offered an overview of truckload market cycles, highlighting major trends from the recent freight recession and providing an update on where the TL cycle is now.
EDGE 2024, sponsored by the Council of Supply Chain Management Professionals (CSCMP), is taking place this week in Nashville.
Citing data from the Coyote Curve index (which measures year-over-year changes in spot market rates) and other sources, Adamik outlined the dynamics of the TL market. He explained that the last cycle—which lasted from about 2019 to 2024—was longer than the typical three to four-year market cycle, marked by volatile conditions spurred by the Covid-19 pandemic. That cycle is behind us now, he said, adding that the market has reached equilibrium and is headed toward an inflationary environment.
Adamik also told attendees that he expects the new TL cycle to be marked by far less volatility, with a return to more typical conditions. And he offered a slate of supply and demand trends to note as the industry moves into the new cycle.
Supply trends include:
Carrier operating authorities are declining;
Employment in the trucking industry is declining;
Private fleets have expanded, but the expansion has stopped;
Truckload orders are falling.
Demand trends include:
Consumer spending is stable, but is still more service-centric and less goods-intensive;
After a steep decline, imports are on the rise;
Freight volumes have been sluggish but are showing signs of life.
CSCMP EDGE runs through Wednesday, October 2, at Nashville’s Gaylord Opryland Hotel & Resort.
The relationship between shippers and third-party logistics services providers (3PLs) is at the core of successful supply chain management—so getting that relationship right is vital. A panel of industry experts from both sides of the aisle weighed in on what it takes to create strong 3PL/shipper partnerships on day two of the CSCMP EDGE conference, being held this week in Nashville.
Trust, empathy, and transparency ranked high on the list of key elements required for success in all aspects of the partnership, but there are some specifics for each step of the journey. The panel recommended a handful of actions that should take place early on, including:
Establish relationships.
For 3PLs, understand and get to the heart of the shipper’s data.
Also for 3PLs: Understand the shipper’s reason for outsourcing to a 3PL, along with the shipper’s ultimate goals.
Understand company cultures and be sure they align.
Nurture long-term relationships with good communication.
For shippers, be transparent so that the 3PL fully understands your business.
And there are also some “non-negotiables” when it comes to managing the relationship:
3PLs must demonstrate their commitment to engaging with the shipper’s personnel.
3PLs must also demonstrate their commitment to process discipline, continuous improvement, and innovation.
Shippers should ensure that they understand the 3PL’s demonstrated implementation capabilities—ask to visit established clients.
Trust—which takes longer to establish than both sides may expect.
EDGE 2024 is sponsored by the Council of Supply Chain Management Professionals (CSCMP) and runs through Wednesday, October 2, at the Gaylord Opryland Resort & Convention Center in Nashville.