June 27 - TT Club's Mike Yarwood has warned that as invasive cyber-technology becomes more widely available, a greater risk to legitimate trade is emerging, exposing operators in the supply chain to economic and commercial damage.
Whilst advances in IT systems undoubtedly provide greater opportunities for carriers, transport operators and cargo handling facilities to mitigate their exposure to theft and fraud, unfortunately such increased sophistication also benefits those with criminal intent.
Yarwood has made a particular study of the fast-growing trend. "We see incidents which at first appear to be a petty break-in at office facilities. The damage appears minimal - nothing is physically removed," reported Yarwood in his TOC presentation. "More thorough post incident investigations however reveal that the 'thieves' were actually installing spyware within the operator's IT network.".
More commonly targets are individuals' personal devices where cyber security is less adequate. Hackers often make use of social networks to target operational personnel who travel extensively and truck drivers to ascertain routing and overnight parking patterns.
The type of information being sought and extracted may be release codes for containers from terminal facilities or passwords to discover delivery instructions. "In instances discovered to date," revealed Yarwood "There has been an apparent focus on specific individual containers in attempts to track the units through the supply chain to the destination port. Such systematic tracking is coupled with compromising the terminal's IT systems to gain access to, or generate release codes for specific containers. Criminals are known to have targeted containers with illegal drugs in this way however such methods also have greater scope in facilitating high value cargo thefts and human trafficking."
Yarwood and TT Club are strenuous in their advice to operators to be vigilant. Simply identifying the value of the data held by an organisation or individual is a starting point when assessing potential exposure to cyber crime. "Awareness is often the first step," commented Yarwood. "Education of employees across all disciplines of the organisation is crucial. Making them aware of robust risk management policies designed to defend the organisation from cyber-crime. Often the level of threat is dependent on an organisations' own culture," concluded Yarwood.