Protecting the Supply Chain from Ransomware Attacks

Protecting the Supply Chain from Ransomware Attacks

This month, over 300,000 computers around the world were subjected to a massive cyberattack from the aptly-named WannaCry software. This attack is the latest and largest appearance of an emerging type of hacking known as “ransomware.” In a ransomware attack, victims find themselves locked out of their own data, which is encrypted unless they agree to pay their attacker’s ransom. The WannaCry attack should serve as a warning to logistics professionals to make sure they have appropriate protections in place to guard against future hacks of this nature.

To learn how to protect your business from ransomware, one can look at the mistakes made by its latest victims. WannaCry exploited a flaw in Windows operating systems, but Microsoft had actually released a patch to protect against it in March. Users who had enabled auto-updates on their software were therefore spared, and security experts recommend auto-updates for just this reason. Chinese companies were particularly vulnerable to the WannaCry attack because of China’s widespread use of pirated Microsoft software, which did not receive the patch. Other businesses running “legacy software” (old versions of Windows and Microsoft programs) were also among the hardest hit (particularly in the healthcare sector), bringing home the importance of up-to-date technology in all areas of business. As one member of Europol put it, the attackers preyed on those with “poor digital hygiene.”

The global scale and possible NSA origins of the WannaCry software brought it to the forefront of international attention, but ransomware crimes have been on the rise for several years. According to one estimate, in 2016, ransomware attacks cost businesses $75 billion in expenses and lost productivity. The targets for these attacks are usually small to medium-sized companies, which have fewer IT resources to fight off malware and are more likely to pay the people holding their data hostage. DAT (which sells software designed to protect against such attacks) tells one story of a mid-size brokerage firm in Oregon which found all its data encrypted overnight, and was only saved from disastrous service gaps because of its habit of daily cloud backups.

For the most part, US businesses were spared the worst of the WannaCry attack, but one of its most high-profile victims was Memphis-based FedEx. Though FedEx was able to remedy the situation without incurring significant service delays, the attack highlights the vulnerability of logistics companies that are increasingly reliant on technology to do business. This vulnerability will only increase as networked technology infiltrates every link of the supply chain, including the new suites of ELD-compatible tracking technologies gaining popularity in the trucking industry.

The best philosophy to protect one’s data may be to assume that an attack is a “when, not if” scenario. The data backs this attitude up; one tech security firm stated that 92% of its clients have been hit by ransomware at some point, and fewer than 25% of these attacks are never reported to law enforcement. With this in mind, it’s crucial that companies have procedures in place, such as frequent cloud backups, to ensure that non-encrypted copies of their data are easy to access. It may also be a good idea to develop a relationship with a tech security company, and educate all employees about how to recognize suspicious emails and files that let ransomware into their systems. Preventative security measures should be factored into every company’s IT budget as a far preferable alternative to paying off criminals holding one’s data up for ransom.