Logistics operators should not be lulled into a false sense of security because they might be smaller businesses than say multinational carriers and therefore of little or no interest to cyber criminals. The unfortunate truth is they will target any business and seek vulnerabilities within their Information Technology infrastructure and exploit those weaknesses.

To highlight the issues arising from a cyber-attack, we offer the following real life case study.

MAZE Cyber-attack impacts freight-forwarding business.*

The business involved in this cyber-attack is a multi-generational family run logistics business. It is largely Australian based, deriving most of its revenue from Australia, however, a small proportion of income (sub 5%) is derived from overseas.

In March 2020 the business was subject to a “MAZE” ransomware attack. MAZE not only encrypts and locks down data, it also exfiltrates data, ie copies and transfers the data to another location. A significant amount of data was exfiltrated (stolen) during this attack, around 460 gigabytes.

The perpetrators threatened to release a tranche of stolen data, and in fact published (released) 400 gigabytes.

This had a global impact for the logistics business, where numerous jurisdictions were required to be notified, including four supervisory authorities in Germany, plus relevant authorities in the UK, Sweden, Poland, Netherlands & France. In all, 10 territories were contacted.

The perpetrators were not engaged (ie no ransom was negotiated or paid) because the business kept very good backups, which enabled them to become operational soon after the attack.

The business’s insurers immediately engaged IT forensic specialists, which allowed for instantaneous containment of the ongoing attack.

Given the aspects surrounding the stolen and published data, there were legal and privacy obligations which required significant notifications throughout Australia & overseas. This is particularly relevant with respect to the European obligations under the General Data Protection Regulation (GDPR) and the onerous reporting timeframes and penalties which can flow from not adequately responding to these obligations.

To help facilitate the GDPR response, the business’s insurers engaged specialist lawyers with extensive GDPR experience.

Finally, this attack generated significant media attention on the business and public relations experts were engaged by insurers to provide proactive public relations strategies.

As can be seen, insurers responded by engaging and paying for a number of specialists to assist the business at a time when it was most vulnerable.

Key takeaways:

• Keep good backups – this minimises downtime & reduces business interruption impact;
• Data cataloguing & retention polices – understand what data the business is keeping & where it is being kept. Also develop data deletion policies for data which is no longer required;
• Overseas legal/privacy obligations – be aware if the business might be impacted. This is particularly relevant for logistics businesses where trading is undertaken overseas;
• The quicker the incident response, the better the outcome – have in place and test a cyber incident response plan;
• Use the right incident response specialists – to move quickly to resolve issues;
• Have a proactive Public Relations strategy in place – manage media attention for stakeholder relationships quickly & effectively.

Why not take the opportunity to review your controls, cyber security incident response plan, which should include intrusion detection testing and gathering potential threat intelligence.

Are you confident your business would survive if it suffered a similar (or worse) cyber-attack?

Maybe not?

Cyber protection insurance is designed to help protect your business from the financial impact of computer hacking &/or data breaches.

That’s why we recommend that logistics businesses consider arranging Cyber insurance coverage. Quality Cyber insurance policies are designed to help protect your business (including staff working remotely) from the financial impact of computer hacking &/or data breaches. If a cyber event emanates from a computer, laptop or other device being used at work (or at home), these policies will respond to cover the cyber event, response costs, loss of profits, public relations costs and any potential litigation which may arise. These policies also include 24/7 specialist incident response teams, which is akin to Information Technology “roadside assistance” and a valuable resource in a time of crisis when urgent support is required.

Logical works closely with those businesses within the logistics industry to help them understand the unique risks they face, and work to develop a tailored risk management program to mitigate exposures and enhance cyber insurance coverage to ensure appropriate protection.

---

* With thanks to Emergence Insurance.