Cyber Risk: A Growing Concern

As cyberattacks continue to increase in frequency, no industry is immune, including transportation. In fact, according to the 2023 Travelers Risk Index, 55% of transportation leaders worry a great deal or some about cyber risks.

As strategic cargo theft continues in prevalence and severity, a potential cyberattack is a growing concern for transportation companies. About half (51%) of transportation companies worry about the potential for compromise, theft, and/or loss of customer/client records due to theft.

The transportation industry can do a lot more to become better equipped to combat threats, the report finds. Among the takeaways:

• Fewer than one-third (32%) of transportation company respondents have simulated a cyberattack to identify areas of system vulnerability.
• Fewer than half (48%) of transportation businesses purchase cyber insurance to protect against a data breach/cyber event.
• 50% of transportation companies have written a business continuity plan in the event a cyberattack occurs.
• 54% of transportation companies have a cybersecurity incident response plan in the event a cyberattack occurs.

Supply Chains Fall Behind on Data-Driven Decisions

Supply chain leaders cite the need to reduce costs, improve the customer experience and expedite delivery times as their top challenges, yet fewer than half leverage supply chain data to inform their strategy and 14% don’t use supply chain data at all to make decisions.

That’s according to a new report by supply chain visibility provider FourKites, which polled 500 supply chain leaders on their use of technology to connect disparate supply chains. The report finds:

• 48% of respondents rate themselves as “not great” or “struggling” at digitizing their supply chain.
• 43% struggle to integrate internal systems and have a single source of truth.
• 42% are investing in technology in the next six to 12 months to de-risk their supply chains. Investments are even more pronounced among enterprise companies, where 70% plan to increase tech investment.
• Nearly 52% of companies are diversifying their supplier/provider base in efforts to de-risk their supply chains.

Transportation industry Springs a Leak

Out of all industries, the transportation field ranks among the top 10 in terms of how many companies have suffered data breaches where consumer data was leaked, reveals the latest NordPass study. In total, nearly 280 transportation organizations worldwide lost clients’ data.

Key takeaways from the study:

• Private companies make up 60% of all transportation organizations whose clients’ data was stolen.
• Smaller companies were found most likely to lose clients’ data. In the transportation field, companies with up to 50 employees had their clients’ data compromised the most.
• Entertainment companies are the worst in ensuring clients’ data. While one might assume otherwise, technology companies are also not much better.

The Promise of eBLs

By Niels Nuyens, Head of Digital Trade, Digital Container Shipping Association

The Fit Alliance eBL declaration (see sidebar below) gives global trade stakeholders the opportunity to express support for digitalization, specifically regarding the bill of lading. The largest ocean carriers have committed to 100% eBL in 2030. Their commitment should also nudge trade partners to embrace digitalization.

A 2023 FIT Alliance survey found that many participants in global trade are reluctant to get started. Why? Because their trade partners are not ready. The declaration gives those in the industry who are keen to change the platform a way to publicly articulate that support.

Many of the largest trading banks have also expressed their support for digitalization through the declaration. Similarly, many freight forwarders are leveraging the declaration to express support. With both stakeholders groups as well as carriers on board, retailers, manufacturers, and exporters should now be encouraged to join the eBL movement.

It makes sense for many reasons: process efficiency, improved security, environmental benefits, and better law enforcement.

What is especially exciting are the opportunities that global consulting firm McKinsey refers to as “trade enablement.” It is expected that large corporations as well as small and mid-sized enterprises will have better and easier access to global trade, and the ability to unlock new business models.

There is an additional reason why digitalization in global trade is crucial. By 2050, it is expected that global trade will triple. This provides a wealth of opportunities. However, it also means that the involved parties must get ready to support and handle that growth or miss the boat. Digitalization is one of the enablers; so is the eBL as part of the end-to-end documentation process.

The business case for the eBL is huge, for all global trade participants.

Committing to eBLs

The FIT Alliance has introduced the Declaration of the Electronic Bill of Lading (eBL) to secure industry-wide commitment to digitalization and to help make international trade more efficient, reliable, sustainable, and secure.

The declaration’s aim is to secure commitment from all stakeholders in international trade to collaborate on driving digitalization, starting with eBLs. Nine of the largest ocean carriers have already committed, and shippers will come on board by default through the transactional platforms they use via the FIT Alliance members.

The potential impact of this change is immense, promising billions in cost savings, improved customer experiences, and greener transport methods. In fact, a McKinsey study estimates that if eBL achieved 100% adoption in the container sector alone, it could unlock $30-40 billion in global trade growth by reducing trade friction.

Reshoring Speeds Up

Reshoring is accelerating as U.S. and European companies want to de-risk their supply chain from geopolitical developments and supply chain disruptions. Companies are also moving production from China and Asia to Europe and the United States to reach their CO2 emission reduction goals.

Those are the findings of a recent BCI Global survey of supply chain leaders from large European and U.S. companies.

Half of the interviewed companies implemented reshoring initiatives in the past three years, totaling up to 20% of their Asia-based production capacity. Barriers include selecting cost-effective production locations and finding the right suppliers.

One out of four companies that reshored is disappointed about the cost savings, finds the research.

Nine out of 10 surveyed companies want to decarbonize their supply chains, mainly driven by their own strategic objectives. But for 50% of respondents, compliance with regulations and customer requirements are important drivers as well.

Unlocking the Future for SCM Professionals

Supply chain management is often regarded as a dynamic and evolving industry, but what’s the perspective of young professionals entering this field?

A recent collaborative effort among the Council of Supply Chain Management Professionals, Penske Logistics, and Korn Ferry sought to uncover just that by gathering responses from nearly 200 young professionals under the age of 30.

Here are some key findings from the study:

• High job satisfaction. A remarkable 96% of young professionals express excitement about their supply chain careers, with an equally high percentage keen on recommending these careers to others.
• Diverse career motivations. More than half (58%) of young professionals in the supply chain field are attracted by the diverse range of opportunities available, highlighting the attractiveness of the sector.
• Tangible impact. 57% recognize the tangible impact supply chain roles have on business outcomes, emphasizing the significance of their contributions.
• Exposure and awareness. More than half (53%) have gained firsthand supply chain exposure through internships or education, contributing to an increased awareness of the field.
• Changing perceptions. Interestingly, the percentage of those “strongly agreeing” that supply chain is an excellent career choice has declined by over 10% since 2016. This shift likely reflects the heightened competition in the field and underscores the importance of compensation, advancement opportunities, and work flexibility in retaining talent.

3PLs Perform a Balancing Act

Time to fulfill is getting shorter year over year. Nearly 54% of 3PL respondents pick, pack, and prepare packages for shipment within one hour of order receipt. 76% of all orders get fulfilled in less than three hours. Only 7% of companies take more than one day to fulfill, on average.

Source: Extensiv 3PL Warehouse Benchmark Report

Record fulfillment times (54% fulfill in less than one hour), more available warehouse capacity (65% operate at less than 90% capacity), and a more tempered outlook for 2024 are among the results of Extensiv’s fourth annual Third-Party Logistics (3PL) Warehouse Benchmark Report.

Key takeaways from the 2023 report include:

• Slowing growth. While a majority of 3PLs still show positive order and profitability growth, a larger group of 3PLs now see flat or declining profits as the economy fluctuates. Although approximately one-third of 3PL respondents show more than a 25% increase in order volume growth year over year and 42% indicate an increase of up to 24%, 22% of respondents either remained the same or saw a decline. The number of 3PLs with no change or declining order volumes more than doubled in 2023 compared to 2022.
• Available capacity. More warehouses report being under capacity or under-utilized than in the prior three years, opening up the opportunity to bring on more clients, diversify services, or partner with other 3PLs to create geographically dispersed 4PL fulfillment networks. This available capacity also will lead to more aggressive customer acquisition efforts in 2024.
• Expensive labor. Although companies report slightly more labor availability, the workforce comes at a higher cost this year, leaving 3PLs to focus on ways to optimize worker productivity and time to contribution. Seventy percent of respondents cite increased labor costs over the last year, and 53% indicate that labor makes up more than 40% of overall business costs.
• Cash flow. With lengthy invoice creation cycles, high interest rates, and customer time to payment slowing, 3PLs see more pressure on managing cash flow and less ability to invest for the future. Those who experienced high profitability growth capitalized on process efficiencies and, on average, were 187% more likely to spend fewer than 8 hours monthly on billing and invoicing.
• Faster fulfillment. This year shows the fastest time to fulfill versus any previous year (see chart), highlighting the need for brands to expand shipping cut-off times for end consumers. Participants who reduced fulfillment time to 90 minutes or less were, on average, 1.5 times more likely to experience high and medium profitability growth.

The post Transportation Leaders Continue to Worry About Cyber Risk; Other Logistics News appeared first on Inbound Logistics.

Take the Port of Kennewick, Washington, for example, which was hit with ransomware that completely locked access to its servers. The attackers demanded $200,000 in ransom to restore access to the port’s servers and files, and it took nearly one week for port authorities to access their data. That meant loss of port revenue and blockages in the smooth flow of the supply chain.

Prioritizing last-mile logistics security—whether in warehousing, inventory management, or shipping and receiving—begins with creating a comprehensive culture of security from top to bottom.

How to Build a Security-Focused Team

Knowledgeable and experienced leaders must communicate the importance of security and bring on the right personnel to dispel that value throughout their processes and their teams. As risk and cybersecurity processes become more intertwined, these professionals are joining forces to ensure seamless communication and workflow.

For example, positions such as Head of Technology Risk now require candidates with a comprehensive cybersecurity background. Even professionals with an NSA background are moving into Head of Risk positions, which is a new trend that has emerged in the past few years.

Candidates who understand how the technology is made are highly attractive. Technical professionals with this experience can help companies understand how to shore up protections and what solutions to prioritize without unnecessary spending, especially when considering how to secure the data that has left their organizations and is now in the hands of employees and external partners.

Professionals who are seasoned in modifying infrastructure and creating processes that allow for further system development—while having security in mind from the beginning—will be crucial in building this security-focused culture.

The next step to ensure every inch of the supply chain is assessed for cyber-vulnerabilities and that security is addressed is an all-encompassing strategy.

Take a beat and assess every potential touchpoint that is vulnerable to a cybersecurity threat, such as real-time delivery tracking, port vulnerabilities, 3PLs, bring your own device (BYOD) policies and cloud-based apps. This creates a clear map of where a company is most at risk and helps leaders assess and develop a strategy to strengthen the supply chain’s defenses.

The Human Touch

Since 85% of all attacks involve a “human-element,” train and educate employees on cybersecurity, and communicate clear policies and procedures that promote awareness to mitigate risk. When new software or hardware is the solution, leaders must also ensure that their teams are properly trained on any new technologies and have the knowledge and skills to spot potential threats before they strike.

Strengthening last-mile logistics security comes down to creating a holistic security-forward culture through a team that can prioritize and address external and internal risks simultaneously. These factors will boost last-mile logistics security and protect  against cyberattacks that could be detrimental to the bottom line.

The post A Team-Centric Security Approach Protects Last-Mile Logistics from Cyber Risks appeared first on Inbound Logistics.

1. Deploy proactive cybersecurity defense measures. The only way to prevent an attack —or curtail its impact on business continuity — is to enact a ransomware protection strategy, preferably ASAP. According to IBM, in 2021, organizations operating on a mature zero-trust framework lost about $3.28 million during the average data breach. Organizations without comparable security measures lost over $5 million on average. Similarly, breached enterprises with mature AI/automation-based technologies saved nearly $4 million compared to their competitors.
2. Include zero-trust security in your cyber defense practices. Measures like zero-trust security are vital because they compensate for the expansion of the Internet of Things (IoT) and our modern risk landscape. Within a zero-trust framework, the network treats all users and endpoints as a possibly corrupted risk vector or bad actor. Zero-trust systems require robust and frequent user authentication through multi-factor authentication (MFA) and single sign-on (SSO) protocols, regardless of where the user is geographically located. Zero-trust security is critical in the modern workforce as employees increasingly access their organization’s networks remotely.
3. Work with a cybersecurity partner. Zero-trust security protocols and a fortified cybersecurity plan require careful implementation and monitoring. For many organizations, this necessitates the presence of a cybersecurity expert — either through an internal position like a head of cybersecurity or a third-party vendor (or both). Moreover, manufacturing leaders should only consult with professionals who have expertise in production cybersecurity, as the industry faces several specific challenges. For example, although the manufacturing sector excels in thwarting data encryption, it lags behind in backup creation. The right partner will guide leaders through the process of correcting industry-specific omissions.
4. Procure a ransomware response strategy. Even organizations with cutting-edge ransomware protection services may eventually get breached. The good news is that leading providers will walk leaders through an efficient response process.  Evaluate and test the response strategy with both desktop exercises and disaster recovery testing that utilizes a secure gapped recovery site with immutable data repositories. 
5. Consider a cyber insurance plan. If your primary concern is financial liability for unlawfully distributed customer information, it’s wise to consider cyber insurance coverage. Cyber insurance covers some losses associated with a ransomware breach, including direct damages stemming from encryption or data loss. However, it’s important to remember what cyber insurance won’t cover. Successful ransomware attacks often incur customer distrust, which can be much more expensive in the long term. According to industry research, 60% of consumers won’t do business with an organization that has experienced a data breach in the past year.
6. Evaluate your suppliers’ cybersecurity practices. Organizations are only as fortified as their weakest vulnerability. Accordingly, it’s vital for leaders to consult with suppliers to ensure full visibility into their ransomware response plan and general cybersecurity measures. Otherwise, sourcing leaders may be subject to downstream data breaches.
7. If breached, take note of the damage and file a report. Once IT technicians know of a breach, they must quickly identify the ransomware’s nature and the damage’s extent. This step includes pinpointing all affected devices and categorizing impacted data. Leaders should then work with their legal counsel to determine the scope of legal and regulatory concerns based on the data impacted. This will inform the next appropriate steps to take.
8. When necessary, address ransomware appropriately. Remember, it is never wise to pay a ransom. Instead, leaders should focus on restoring device functionality expeditiously. To start this process, isolate all impacted devices — and be aware that simple tasks like shutting down the device may actually further spread the ransomware. Once all devices are isolated, considerations for any needed investigations or forensics should take precedence before planning for data restorations.
   
9. Inform stakeholders in the event of a breach. Before announcing a breach publicly, leaders should work with legal counsel and develop an appropriate communication strategy. This will likely involve gathering top stakeholders — including important customers, board members and investors — to inform them of the damage and its possible ramifications. Otherwise, these individuals may feel mistreated or misled. Involving the legal team in this step is also crucial because certain disclosures may be legally mandatory. Regardless, leaders should be clear and upfront about the damage.
10. Review internal processes and make improvements after a breach. Reflecting on a breach is critical. Identify where the ransomware entered and fortify that gap. As part of this step, inviting outside parties to review security protocols and ensure future ransomware attacks fail is wise.

The post 10 Tips for Preparing for Supply Chain Ransomware Attacks appeared first on Inbound Logistics.

Let’s take the issue of insurance as one example. You need documentation to move products through a supply chain, and many key players are involved: shippers, carriers, vendors, and others. Insurance is required before any loads are moved, and for many companies, insurance documentation has yet to be modernized, sitting in paper form that can be easily manipulated or forged.

There are approximately 1.8 million trucking companies in America, 97% of which are small independent operators. Many of these businesses operate in chaos. Profit margins are thin and cash flow often is patchy. There is no premium to pay for insurance, so insurance paperwork sometimes gets manipulated to get loads moved.

Technology such as NFTs provides shippers and carriers the capability to build software solutions that address these issues and increase security for all supply chain stakeholders.

Securing Shipments

NFTs can authenticate the legitimacy of a carrier’s product. This is important to the consumer, who likely paid a large sum of money. Suppose insurance companies could provide a certificate of authenticity, knowing that product is protected as it travels through the supply chain. This would guarantee that a carrier could continually deliver high-quality goods to satisfied customers without the concern that the product may have been switched out for a fake during its journey from production to client.

NFTs act as verified, immutable ledgers. They eliminate piles of paperwork and manual labor, and can move the process to a decentralized, fixed network that cannot be manipulated. This removes issues of human error, fraud, theft, and other security risks to shipment loads.

If every trailer had a barcode to scan with an NFT attached to it, carriers would be able to track all the equipment, and shippers would be able to track every piece of the load to bring total transparency to the chain of custody. This allows businesses to go direct and cut out the middleman to scale and increase profit margins.

In the very near future, more companies will utilize NFTs to secure their shipments and scale their businesses.

Given these advantages, it’s not surprising that some of the world’s largest shipping companies are already experimenting with NFTs. For example, Maersk, the world’s largest containership operator, is piloting an NFT-based system for tracking and verifying shipments.

If successful, this could be a major breakthrough for the shipping industry. By leveraging the power of NFTs, shippers can create a more secure and efficient shipping process that benefits everyone involved.

The post Leveraging NFTs to Elevate Shipment Security appeared first on Inbound Logistics.

Who is responsible? The NCCGROUP survey shows a great disparity among responding organizations as to who is responsible overall for supply chain cybersecurity—36% of respondents say the company is more responsible than the suppliers, while 53% say that companies and supply chain vendors are equally responsible.

It is not the point of this article to resolve this dispute; however, it is critical that each side believes the same thing. This discussion and an agreement on how that responsibility is shared must happen sooner than later.

Decide how to protect different parts of the supply chain. First, I strongly recommend consulting cybersecurity experts on how to prevent cyberattacks in the first place.

Then, when you identify how much protection various parts of the supply chain require, decide how quickly that process must be returned to operation (the recovery time objective, or RTO), and how many hours of data you are willing to lose when doing so (the recovery point objective, or RPO).

You must present these two metrics to a data protection vendor when designing your data recovery and resiliency system.

Such a system starts with regular automated backups that are also automatically sent off-site. For cloud-first organizations, off-site means another region and another account than the one you are protecting. These backups are your last line of defense; you must not allow them to also be affected by the cyberattack.

To prevent that from happening, all backups must also be air-gapped, or stored in a different place that uses a completely different authentication and authorization system than what controls the rest of your computing environment.

In the old days, this meant storing backup tapes in a physically separated human-protected vault. Modern data protection systems do this electronically, and this is why the air-gapped copy must not share the same authentication system that the primary system uses.

Work with your data protection vendor to design a system that can meet a much shorter time than the one you agreed upon, based on the RTO and RPO. This extra time gives you a chance to respond to the cyberattack itself; once it is stopped you can begin the recovery.

A Successful Recovery

The keys to successfully recovering are automation and frequent testing. The use of the public cloud as a recovery mechanism is so popular because it enables both easily and affordably.

If your data protection system was designed to meet your agreed-upon RTO and RPO, you have automated it as much as you can and frequently tested it, you should be in a better position to respond to a ransomware attack.

It will still be a challenge, but you stand a much better chance of not having to pay the ransom just to get your supply chain back up and running.

The post How to Avoid Paying Ransom appeared first on Inbound Logistics.

Ocean shipping has fallen victim to several high-profile attacks, from the Mediterranean Shipping Company suffering a malware-based breach to a ransomware attack on Maersk. These incidents affected customers as systems went offline, and Maersk saw a material impact on its revenue and reputation.

In addition, the consequences of a breach in the shipping industry extends from the digital into the physical world. Carriers own a variety of heavy assets with unique vulnerabilities and risks. A network breach can create liability and safety concerns, such as disabling a ship’s navigation systems. Even worse is the potential for a bad actor to take over a vessel’s autopilot system and cause deliberate damage or run the ship aground. Based on this potential for wide-scale disruption, the shipping industry must increase its cyber defenses as it accelerates the pace of digital transformation. Below are four recommendations to consider.

1. Audit the entire supply chain. The SolarWinds breach in 2020 was a software supply chain attack. Supply chain companies need to remember to evaluate their software supply chain. Organizations must review the security of every vendor. The NIST’s Cyber Supply Chain Risk Management framework offers a helpful guide to tackle this step.

2. Embrace a zero trust mindset. As supply chains become increasingly connected, defined security perimeters no longer exist. Although businesses face this issue with a mix of work modes, when remote workers are ocean freight vessels and trucks, they must secure every system appropriately with mandatory authentication steps.

3. Remain vigilant on security basics. Internal firewalls, endpoint detection, and password screening are security fundamentals that significantly reduce the risk of a cyber attack. Steps such as strengthening user passwords and introducing more robust authentication systems, including multifactor authentication, are basics that organizations must prioritize.

Organizations also need to prioritize routine tasks that include patches and updates; otherwise, cybercriminals may exploit these weaknesses.

4. Undertake training and disaster planning. As hackers increasingly deploy creative tactics, it is essential to educate employees so they don’t fall for these tricks. In addition, disaster scenario planning spanning digital and physical is crucial. Given the potential operational implications, workers need training both on land and at sea to ensure organizations prepare for every eventuality.

As the shipping industry accelerates digital transformation to increase visibility and build more resilient supply chains, it must prioritize cybersecurity. Otherwise, the infusion of technology could result in a deluge of new problems.

The post Four Tips to Strengthen Cybersecurity appeared first on Inbound Logistics.

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

The cloud is the backbone of a “smart” supply chain—referred to as Supply Chain 4.0—because it contains the necessary data and interchanges.

To take advantage of all the Supply Chain 4.0 technologies now and in the foreseeable future, the cloud will be integral. Blockchain, the Internet of Things (IoT), artificial intelligence, and the digital supply chain will all require cloud computing.

The cloud centralizes data and then offers access to your extended supply chain network, which decreases costs, speeds velocity, scale, and visibility, and enhances data security. The cloud also helps companies predict market changes and risks across their supply network.

An added benefit: The cloud enables innovation with affordable access to leading-edge technologies and capabilities.

A recent Accenture survey supports these benefits, finding that executives attribute their cloud use to a 26% increase in demand forecast accuracy, 16% reduction in supply chain operating costs, and 5% increase in revenue growth and profitability.

Call for Security

There is one major disadvantage to consider and attempt to minimize: Cloud security issues can put your software supply chain at risk.

To reduce security risks, understand your cloud environment by learning what runs where. Consider a hybrid cloud architecture approach where sensitive data is kept on-premise. Also consider spreading your workloads across different cloud accounts to reduce the impact of any potential breaches.

Finally, stay on top of cloud security issues by following the news and your cloud provider’s security blog.

While traditional on-premise enterprise software or legacy solutions—either custom-built or packaged software—provide a powerful solution with robust features, they are difficult and expensive to acquire, install, and maintain and don’t always keep pace with business demand. They also often require custom programming.
It’s estimated that the global cloud supply chain management market will grow an average of 11% through 2028. The market has been segmented based on solutions, services, deployment models, organization sizes, verticals, and regions.

Many companies already leverage the cloud for supply chain applications including:

• Forecasting and planning. They use the cloud to collect and unify information from customers, retailers, wholesalers, and manufacturers.
• Logistics. The cloud helps companies provide and share tracking operations, automatic inventory management, and route optimization.
• Service and spare parts management. The cloud makes servicing schedules more efficient, which reduces downtime, while RFID and IoT can help track inventory location quickly.
• Procurement. The cloud can serve as a master supplier database and automatically order when inventory reaches a set minimum level. It can also be a platform for contract development and maintenance.

To survive today’s volatile global environment with a lean and agile smart supply chain, start moving to the cloud.

The post The Future of the Supply Chain is Cloudy appeared first on Inbound Logistics.

Organizations that are most protected from cyberattacks are ones that understand what threats exist in the first place. This means having a good understanding of their entire supply chain as well as the data they are responsible for and where it is stored.

1. Understand the biggest threats to the digital supply chain, what data you host and where it is. While having a goal of protecting against all types of cyberattacks is a nice sentiment, homing in on your crown jewels and the biggest threats—such as phishing attempts and ransomware—will guide more targeted and effective security strategies.

2. Know the rules. Understanding what regulations and security frameworks you need to comply with provides insight to what you need to manage and secure your digital supply chain.

3. Formalize your security program. Defining and formalizing your security program will not only help you demonstrate your compliance to customers and other stakeholders, but it also allows you to apply the same expectations to your vendors and business partners. As an organization, you are responsible for the security of your and your customer’s data even if it is hosted by a third party. You are responsible for evaluating and assessing the security of your data across your digital supply chain.

4. Be mindful of the data you store. Holding on to gigabytes of data is no longer an option and it increases your risks significantly. In fact, the more unnecessary data stored, the more susceptible the supply chain is—and the more costly the cyberattack. Work with your business partners to understand the type of data they need and make sure that it is disposed of securely when it is no longer needed.

5. Instill a security-first culture. Cybersecurity should be a concern to every member of the organization. Offering regular training for employees and facilitating conversations around digital supply chain security are great ways to start fostering a security-first culture.

6. USE multi-factor authentication. Compliance shows why and how an organization can protect itself, and the security tools and technology implemented are your first line of defense against cybercriminals. Make sure that multi-factor authentication (MFA) is turned on everywhere. As the supply chain and data increases, so too should the security measures.

7. Patch and back up your systems. Patch management is the process of distributing and applying updates to your software. Ask about patching requirements for your vendors as well as your systems and don’t forget to backup your data and ask the same question to your vendors.

8. Implement zero-trust security. In a zero-trust approach, an organization doesn’t trust any users or networks from inside or outside the organization. Security initiatives can sometimes be painful to implement, but zero-trust alleviates many of these issues by creating awareness and more ownership for end users. From a practical standpoint, implementing biometric authentication or multi-factor authentication for all users is a key step to begin creating a zero-trust environment.

9. Block unsafe websites & services. Helping users stay safe on the web is another way to avoid malicious actors. Although whitelisting applications and services is ideal, for a quicker win, blacklist certain applications and block unsafe websites and services on any computer or device with access to sensitive data.

10. Have a data breach response plan in place. Hackers are increasingly sophisticated and relentless in their efforts – no network is entirely cyber-secure. Developing a response plan is essential so everyone is aware of the steps to take if a breach occurs, including notifying appropriate parties, talking to the media, fixing vulnerabilities and preventing additional data loss.

SOURCE: Jose Costa, CISO, Tugboat Logic by OneTrust

The post Keeping Your Digital Supply Chain Secure appeared first on Inbound Logistics.

Organizations large and small are hard at work trying to root out crime across their systems. Unfortunately, with data growing at exponential rates, it has become an even more difficult task.

The Data Challenge

One of the greatest challenges? A lack of accuracy and context in data. With data disorganized, standing alone in siloes without context surrounding the individuals involved in carrying out crimes, criminals have become more sophisticated, flying under the radar and working around current monitoring systems.

The results range from still damaging but smaller crimes such as individual insurance claim fraud, to the devastating effects of underground trading and trafficking across the world.

In a world where nefarious actors excel at carrying out crimes under the cover of poor financial crime detection systems, companies must find new ways to prevent these activities. Fortunately, AI has given organizations the tools to not just catch criminals, but to prevent crimes before they take place.

Few companies suffer from a lack of data. Instead, problems arise when that data lives in siloes, disconnected from crucial information that can help prevent fraud. AI takes a frustrating issue—massive amounts of disorganized data—and turns it into insight that is more accessible, valuable, and easy to use.

AI provides much-needed context and sheds light on patterns that may indicate fraud and instances of trafficking. For example, it was recently reported that Americans consume more than $2 billion worth of seafood caught in illegal or unregulated waters each year. If technology had been implemented in a way to monitor data across the different shipping carriers, fishing boats, ports and more, it may have been possible to see this nefarious activity as it was happening.

This implementation is not easy to achieve, but critical to disrupting criminal activity. Individual actions may not spell out anything harmful or insidious—but together in context, companies can quickly detect troubling patterns to track down and thwart bad actors.

Connecting the Dots

Contextual intelligence in data is ultimately about connecting the dots between people and companies who need financing. AI has the power to bring in what once felt like insurmountable amounts of information and leverage that data, instead of leaving it in a disorganized, disconnected state, ideal for criminals to exploit.

If the world wants to make a difference and prevent these crimes from happening, organizations have to approach the supply chain and finance industry holistically, bringing together financial institutions, shipping companies, and law enforcement with a shared goal of catching criminals and ending illegal trade and trafficking.

With the right AI in place, companies can take a huge step forward to achieving just that.

The post Fighting Crime with AI appeared first on Inbound Logistics.

1. Modifying product details, such as expiration date

2. Cloning genuine product details on a counterfeit product’s tag

3. Reapplying a tag from a genuine product and attaching it to a counterfeit

These challenges represent the convergence of physical and digital security vulnerabilities in a centralized system that can often be ignored and lead to substantial consequences. What can be done to alleviate these threats? The answer is closer than many think: unified near-field communication (NFC) and blockchain technology.

Researchers suggest that a block-supply chain, which relies on NFC to detect counterfeiting, would bring security and efficiency to supply chain management. The decentralized, distributed qualities of blockchain processing lends security, transparency, reliability, and authenticity to all kinds of systems. Systems using both NFC and blockchain promise high performance for a range of highly secured networks.

How Would This Work?

Through blockchain-based solutions, engineers and designers can build an immutable digital ledger and transparent exchange of electronic information. However, blockchain alone operates in a purely digital space; there needs to be an intermediate step to connect physical objects to a blockchain and the benefits it could provide.

NFC tags serve as that intermediary. They translate physical objects, locations, and markers into the digital world. The relatively short range of NFC sensors discourages interference from afar, as close physical proximity is needed to interact with the NFC system.

Combining both NFC and blockchain into a single system balances the weaknesses of either technology on its own: NFC provides a medium for blockchain to interact with the physical world, and blockchain verifies NFC tags to detect and prevent tampering.

In a decentralized block-supply chain, each node maintains a blockchain for each genuine product. Each block in the chain is an authentication event. To change any information in the blockchain, the node that currently has the product proposes a new block (or new authentication event), which is validated by a number of other nodes.

If the other nodes successfully validate the new block, a copy of this new block is added to all nodes in the network.

Highly sensitive, data-heavy supply chains are most at risk for compromise, and see the farthest reaching impact from a breach. By decentralizing existing protocols with blockchain, researchers detected over 95% of modification, cloning, and reapplication incidents in large-scale supply chain systems. In certain industries—like pharmaceuticals—this can dramatically improve product quality of essential goods.

NFC and blockchain offer a unique solution to a growing crisis. Decentralizing processing, encrypting access, and adding a physical element of security can make supply chains dramatically more secure.

The post Integrating NFC and Blockchain appeared first on Inbound Logistics.