Cybercrime is moving upmarket. It is no secret that financial institutions have been wrestling for years with hackers leveraging stolen credit card information to monetize this stolen data through account takeover or unauthorized purchases. It seems that every day we hear of data breaches, but this is the same information we voluntarily enter into websites every day to buy goods and services or access our accounts. While data breaches garner all the headlines, it is the monetization of that information that is the true risk.
Individuals hack into organizations and databases for a variety of reasons, but the two most worthy of our attention are those done for monetary purposes or for political purposes, including terrorist acts.
While the transportation industry has wrestled for years with risk of theft of goods, it has traditionally been handled as a physical security issue. However, the days of securing goods using locks and other methods for deterrence is no longer enough to stop widespread theft.
In today’s world, intermodal containers are tracked via Global Positioning Systems (GPS), which rely on databases for information on location, destination, and volumes. Those same systems, while making it easier to track movements of goods, are as susceptible to hacking as any other database. Consequently, the risk of hackers using their abilities to re-route or change manifests for boxes, pallets, or whole containers of goods is a very real threat. Cybersecurity risk mitigation requires transportation companies, carriers, ports and others involved in intermodal transportation to take additional steps to ensure the supply chain is intact.
Getting information off hacked data is relatively easy to monetize through account takeover. Fraudsters can call into a company’s call center multiple times to fill in the blanks of information not yet in their possession. This is a problem financial institutions have been dealing with for decades. After all, these are customer service call centers, not the fraud police. Getting help to fill in the blanks is generally easy. It is no longer a surprise when our data or accounts are breached. Rather, it is a good day when we wake up and find our information hasn’t been stolen.
But for the fraudster, the return on time is not very lucrative in individual bank accounts. It cantake many, many calls to get all the information they need, and when they do finally take over an account the amount of the average transaction amount is fairly small. According to the Javelin Identity Fraud study, the average is approximately $1,145.
Given the amount of effort, it is no wonder that fraudsters are taking to industrial fraud as a much more lucrative endeavor. According to the Repository of Industrial Security Incidents, transportation ranks third as an industrial cybersecurity target.
Security for the transportation industry has typically fallen into the hands of physical security personnel or operations. Checking volumes of cargo from one mode of transportation to another and ensuring locks have been installed and not tampered with has been the traditional route of ensuring secure cargo.
None of these threats are new. Pirates, thieves, and politically motivated destruction of goods and transportation vehicles has been in existence as long as people have moved items from one location to another. But the threat of hackers to access IT systems for the purposes of changing counts or re-routing cargo, as well as other serious threats such as cargo or vehicle destruction for the purpose of terrorism, now falls into the hands of IT and cybersecurity experts.
The cost of loss of goods can be astronomical, far outstripping the average loss in individual financial accounts. Consequently, the increase in activity of cyber attacks on the supply chain is increasing exponentially. While the threat is generally acknowledged, cybersecurity plans have to be developed to address these concerns.
In 2012, President Obama signed the National Strategy for Global Supply Chain Security. The strategic initiative calls out a number of issues to be addressed, including the need to “mitigate systemic vulnerabilities.” The report states “The global system relies upon an interconnected web of transportation infrastructure and pathways, information technology, and cyber and energy networks. While these inter¬dependencies promote economic activity they also serve to propagate risk across a wide geographic area or industry that arises from a local or regional disruption.”
In conclusion, the transportation industry—including carriers, suppliers, insurance companies, and others— needs to work in concert to develop risk mitigation strategies to counteract security threats through the cyber hacking activities. Developing a plan to counteract potential security breaches can help mitigate the risks in inventory databases, routing information, tracking systems, and other relevant areas and help stem potential losses.
Ray Cavanagh recently served as the Director of Identity Analytics (Voice Biometrics, Fraud Detection, and Authentication). He is a Security Sales Executive with an MBA in International Business from Northeastern University and recognized security subject matter expert. Ray has published articles in CIO, Security Integrator, USA Today, and other publications and appeared in TV interviews on local affiliates throughout the country on NBC, CBS, ABC, and Fox News. A member of the American Society of Industrial Security on the Physical Security Council, he consults with companies on a wide variety of security applications, including cyber, network, and physical security.
