Globalization and increased e-commerce have led to a shift in consumption, relying heavily on efficient and rapid delivery. The transport sector in France, predominantly road-based, faces a dual challenge of enhancing efficiency and adopting a means of transport that meets this new, higher standard. In the context of a competitive market driven by e-commerce demands for quicker deliveries at reduced costs, logistics has become increasingly crucial. Recent graduate and Claims Professional at Axa, Charlotte Prieur, has outlined the cyber risk in the ground transportation sector as part of her completion of the Certified Cyber Insurance Specialist training course.
Why is there Cyber Risk in the Ground Transportation Sector?
Within a company’s supply chain, ground transport is a key element in the success of the entire logistics chain. The digital environment for a transport company can be broken down as follows: IT systems, Operational/industrial systems, and On-board systems.
- IT systems are classic systems for day-to-day administrative management.
- Operational/industrial systems are digital logistics and routing software and platforms.
- On-board systems are mainly for vehicles and pertain to all the necessary technology needed within the vehicle.
In a varied and complex digital environment, it is important to integrate both IT and operational systems but networks are interconnected and if one is infected, the other can be too. In 2023, the transport sector faced a global average of 863 cyber attacks every week. Furthermore, 1 out of every 49 organizations in the transportation industry is affected by a ransomware attack.
Third Party Cyber Risk in the Ground Transportation Sector
In the ground transportation sector not only is the company at risk of a cyber attack but involved third parties take on that risk as well. Although the repercussions for the company can be catastrophic, the consequences for third parties should not be overlooked, particularly in terms of liability. Delayed delivery, loss or damage to goods, theft of goods, and identity theft are all financial consequences faced by affected third parties of a company in the ground transportation sector suffering a cyber attack. Cyber attacks on these key systems can disrupt operations and impact supply chains and the broader economy. In ground transportation, third parties face risks like delayed deliveries, goods loss, theft, and identity theft, underscoring the widespread threats in the modern transport landscape.
Check out our Masterclass on third party digital risks.
Cyber Threat Actors in the Ground Transport Sector
With the transportation sector’s increasing digitization, it has become a prime target for cyberattacks, notably from lucrative-oriented cybercriminals employing ransomware attacks globally. Ransomware and extortion campaigns have surged with attackers seeking financial gain by compromising data integrity.
Nationalist Hacktivist Groups
Since the onset of the Russia-Ukraine conflict, nationalist hacktivist groups have significantly increased activities. They employ cyber techniques, including DDoS attacks and extortion campaigns, often targeting transportation entities as symbolic objectives. Noteworthy hacktivist campaigns include those by groups like Killnet, NoName057, and Anonymous Sudan, contributing to geopolitical narratives.
State Threat Actors
State-aligned cyber offensive operations target the transportation sector, both for industrial espionage and as a medium for conducting broader espionage and kinetic disruption National air and rail companies are perceived as symbols by politically motivated attackers aiming to tarnish the image of the originating state. Attacks on transportation entities, such as the Port of Nagoya, have wider economic implications, disrupting supply chains and impacting global trade.
Case Study: Cyber Risk in the Ground Transportation Sector
The ground transport sector accounts for 16% of France’s GDP, and is undergoing considerable digitalization, and, as a result, this vital sector is becoming a target for hackers. In 2017, FedEx’s European branch suffered a cyber-attack that impacted the company’s operations and reported an estimated loss of $300 million. The company software was infected by the NotPetya ransomware virus which froze users’ computers, encrypted their files, and demanded a ransom of $300 million in bitcoins to restore access. The COO of FedEx admitted that the company will suffer a significant loss of revenue and an increase in costs from contingency plans and the remediation of affected systems. However, the company did not witness any third-party data breaches as a result of the attack.
In summary, the ground transport sector is advancing through technology and innovation, yet faces escalating threats in tandem. To safeguard against vulnerabilities, companies must prioritize a robust cybersecurity and cyber-resilience strategy encompassing IT, industrial, and operational systems. The potential damage is significant, necessitating comprehensive prevention, seamless consistency, and a forward-looking approach to secure core infrastructure. The imperative for the transport sector is to proactively and sustainably fortify its security strategy for enhanced resilience.