Monday, July 15, 2019

Cyber Continuity and Incident Response Plan is Essential Read for Logistics and Shipping Companies

Insurance Group Offer Free Online Guide to Spare Both Blushes and Cash
Shipping News Feature

 UK – Cyber Crime – A phrase that sends a shudder down the spine of any executive charged with running a company, and for those in the shipping and logistics spheres and, as history has proved, something which even the biggest and best in the business can fall victim to. Now an excellent free online guide offers a step by step walk through of how to prepare for an attack by criminal elements.

The ‘NotPetya’ virus which hit Maersk last year, and which we documented as the story unfolded, cost the Danish shipping giant around $300 million, a price which could have been considerably higher if management had not found the one server in its global system which had been switched off at the time of the attack. That server had been knocked cold by a power outage and had not yet been turned back on. Coupled with a calling in of favours from several major computer manufacturers to supply a complete set of some 40,000+ terminals and 4,000 servers to suit, it was possible to reboot the system using that one surviving hard drive, flown immediately from Ghana to the UK.

In a form of twisted logic, this near disaster has stimulated some worthwhile changes, not least the search for more secure ways of exchanging data, hence the increased interest in blockchain technology and something which presumably spurred the Maersk Group’s own interest in developing the TradeLens offering, in cooperation with IBM.

Whilst the likes of Maersk have the resources to recover from such a debilitating attack, what about the smaller guy? How does a regular freight forwarder, customs agency or even road haulage outfit prevent or deal with a targeted cyber attack? With around 40% of UK companies suffering some form of breach last year, and those are just the ones reported, what can an SME do to protect itself?

Over the past year or so we have been speaking to those who spend their whole lives fighting such attacks and they all come up with one, horrific conclusion. There is no silver bullet to keep the hackers out. If someone is determined and skilful enough they will breach any security installed and, as with all organisations, there will always be weak spots. An unwary employee opens up the professionally prepared, specifically targeted email, perhaps even in a well know customer’s name, and the virus has arrived.

So, assuming you have done everything possible to defend your company, installed software, target trained all your staff, what more can you do?

The answer is simply protect yourself after the event. Put a detailed plan in place to ensure that, should the dreaded worst happen, you can survive and perhaps, as was the case with Maersk, extract a positive from the direst of situations. Damages from a data attack can be significant, often resulting in legal actions, fines and serious financial losses, but there are things you can do to mitigate these threats.

Specialist insurance brokers Peter Lole has produced a Cyber Continuity Security Toolkit, an online synopsis of how to not only try and prevent, but prepare for an incident post an attack. It details exactly why having a Cyber-continuity and Incident Response Plan matters, with a step by step look at how one should be prepared and tailored to each specific organisation. It shows simple question and answer charts to make sure every eventuality is covered.

Cyber security can often be the elephant in the room when one talks to a client. Having a proper plan in place, with every detail explained means a company can not only give the right responses when and if the subject does arise, but be an actual positive selling point; customers would always prefer to know what happens when and if things go wrong.

Peter Lole has produced the most comprehensive document which takes one through from ensuring the Plan covers all possible risks, how to execute it, how to contain the incident and deal with it as it evolves, right up to the point where one is analysing the consequences.

This Guide is not a brief read, it requires full attention from whoever has the responsibility for administering security, but for any company worth its salt, a properly prepared plan such as the type outlined should be the first matter attended to in order to protect both the organisation and its customers. You can download from the link HERE.