For logistics and transport companies, cyber crime is a particularly important threat to consider. As a business, their success relies on the timely and efficient transportation of goods, with any disruption to this process causing both financial and reputational damage. Additionally, the mechanisms of logistics place these companies right at the heart of supply chains, meaning that data is continually being transported over a network of various components to track and monitor goods. As with most other businesses, more processes within logistics are being automated and digitized, but whilst this increases efficiency, it also increases the number of opportunities for cyber criminals to exploit.

Logistics companies make attractive targets for malicious cybercriminals. Not only is it a financially lucrative business, but these organisations also handle a large amount of sensitive information. One particularly damaging cyber threat is ransomware, which is highly disruptive and costly. Given that timeliness is crucial to the success of these companies, they may be seen as more likely to pay the fee that is demanded of them, to minimize any disruption to their operations. Logistics companies of every size should be considering the ransomware threat and putting measures in place to reduce their risk of being targeted, as well as creating an incident response plan.

What is ransomware?

At its most basic definition, ransomware is a type of malicious software that blocks access to key systems, networks, or data, demanding a sum of money be paid as a condition for its release. This can completely halt the ability of a business to operate as normal, which is very costly. The ransom itself can be very expensive, and payment is usually demanded via an anonymous web page, often through cryptocurrency. Criminals may threaten to leak the locked data if the ransom is not paid, which raises the dilemma of whether to pay.

Whilst paying the ransom may seem like the only option for regaining access and preserving the company’s reputation, the reality is that your company is paying money to criminals, and there is no guarantee that you will regain access. Additionally, you cannot be certain that your data will not be leaked anyway, and you will also identify yourself as an organisation that is willing to pay, making you more likely to be targeted again. A 2024 report from 'Cybereason' found that in their sample group, 78% of victims that paid a ransom suffered a subsequent attack, 36% of them by the same perpetrator.

How does ransomware get in?

Phishing attacks are the leading cause of ransomware infections. Phishing works by convincing individuals to click on malicious links or attachments, or to reveal private or sensitive information. If a phishing email surpasses your email security barriers, its success relies on the recipient being tricked into installing the ransomware. Phishing can be highly sophisticated and convincing, for example an email appearing to be from your line manager, sending you an attachment labelled as a familiar document or invoice. This is a far easier method for criminals to use as they themselves are not infiltrating your system, and it can also be much harder to defend against. In addition to phishing, ransomware can also be installed through other means, including unverified websites, or 'malvertising', which is a fraudulent advert that infects your device once it is clicked.

How can I protect my organisation from ransomware?

Fortunately, there are various steps that businesses can take to reduce the likelihood of a successful ransomware attack. Firstly, reviewing your email security settings can allow you to filter what file types are allowed into your inbox. Exploring different settings such as Domain-based Message Authentication, Reporting and Conformance (DMARC) can enable you to set a policy for how email servers handle emails that do not pass certain security checks. Additionally, blocking any websites that are known to be malicious and using safe browsing lists within your web browsers can prevent access to sites known to be hosting malicious content.

Another major step is ensuring that everybody within the organisation is educated and aware of the common features of a phishing email. Being vigilant against this can transform staff from being a potential vulnerability into a line of defence. Common features of a phishing email include a sense of urgency, a sense of authority or mimicry. Taking the time to double check the address of the sender, or to verify a request within an email could be all it takes to stop a ransomware attack in its tracks. Other cyber behaviours should also be enforced, such as having Multi-Factor Authentication switched on and having a strong password policy. For more information about preventative measures, you can read the NCSC’s ‘A Guide to Ransomware’.

How can the ECRC help with this?

Signing up as a free member of the Eastern Cyber Resilience Centre ensures that free support and guidance is delivered straight into your inbox. Information about online fraud and cybercrime, as well as the simple steps you can take to improve your cyber resilience, will be sent to your email and written in a way that is accessible and actionable. The ECRC is a central point to access various free tools and resources, and exists to support SME’s, schools, and charities.

Additionally, amongst a handful of cyber services the ECRC can also offer Security Awareness Training. This is delivered by students working as part of CyberPATH programme. Through CyberPATH, students are trained and monitored by senior ethical hackers to provide a selection of cyber services to businesses, which supports the future cyber talent pipeline and keeps the cost to a minimum.

Training can be issued across either a full or half day and is tailored to the needs of its specific audience. It is designed to be contextually relevant and accessible for all abilities. This could include talking about the most common cyber-crimes committed against logistics companies, as well as common features of phishing emails and suspicious requests. SAT also educates people on the best practices of staying safe, such as secure passwords and MFA, and teaches them why the way they conduct themselves online matters. Police Cyber Protect officers can also deliver SAT free of charge and offer engaging activities such as an online Cyber Escape Room.

Additionally, there is an offer available for micro businesses and sole traders interested in SAT. Rather than an in-person session, CyberPATH offer a 2.5-hour remote training session, at a fixed cost of £60 for one person, with any additional person costing £10. This is optimal for smaller companies, who wish to gain a thorough overview on how to keep themselves safe online.

Ultimately, a ransomware attack can cripple a business, irrelevant of its size. Logistics remains to be a targeted sector, meaning any investment into improving awareness, reviewing cybersecurity measures, and increasing overall cyber resilience, is incredibly important and makes a far better alternative than becoming a victim.

Reporting a live cyber-attack 24/7:

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.

Reporting a cyber-attack which is not ongoing:

Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)