Cyber-warfare. The word causes shudders throughout the e-tailing business, and you need to look no further than Target, Michaels and Neiman Marcus for the latest examples of significant consumer data theft. Unfortunately, cybersecurity and the thought of data being compromised haven’t caused as much concern among other businesses. For those involved in the movement of goods, but not in e-tailing, cybersecurity is an ever-increasing headache.
Consider this recent story from a homeland security investigator with whom I shared a panel on the topic of cybersecurity: The saga begins with containers exported from South America and drugs stowed in with the cargo. The vessel arrives in Amsterdam, and the containers are offloaded. At this point, the drug smugglers hack into the terminal operator’s computer system, track where their containers are located and figure out when they can break into the containers. The goal is to retrieve the drugs in a way they are least likely to be observed or caught. This process was used repeatedly before it was discovered.
Many companies don’t even worry about who has access to their goods or documents. They aren’t even sure they know how payroll data for their own employees is protected.
There’s an oft-stated feeling in the transportation industry that supply chain corruption is only a concern when it involves shipments of drugs or high-value goods. Although it’s true that drugs have been shipped within furniture and commingled in fresh fruits and vegetables, the reality is that corruption of the supply chain means more than cargo damage or loss. If a container arrives with evidence of someone living in it, your supply chain has been corrupted. If bribes have been paid to foreign officials, or trade secrets have been stolen or the computer code to the design of your latest product is posted on the Internet, your supply chain has been corrupted. You need only read the daily news to see regular evidence of supply chain corruption in the form of theft of trade secrets, misdeclarations of goods and other illegalities — and with alarming frequency.
When it comes to high-value cargo, the term needs to be defined. The obvious meaning of a multimillion-dollar shipment is clear, of course, but those often travel with additional security. A shipment can be high value because it’s the new line for a successful apparel company, or it could be the latest mockup of a construction site. These and many more examples offer situations where competitors or bad guys see a way to gain an advantage if they steal the information. Therefore, the cargo is ripe for theft.
In the IT community, the general feeling is large companies with much to protect usually do a successful job with their electronic infrastructure. Much like the neighborhood thief who avoids the home with an alarm system and looks instead for the open window through which to get into the house, however, hackers are now looking for easier access to highly prized information.
So, they’re turning to intruding into a service provider’s system — the freight forwarder, law firm, accountant or air conditioning/heating provider. They might also plant malware on your website and use its spread to get into your computer system.
As the threat of computer hacking spreads to companies of all sizes and sorts, here are some questions to consider:
— Has the issue of cybersecurity remained with your IT department or do you have involvement from ownership, the board or the officers regarding compliance?
— When was the last time you had your computer system checked by a third party as a form of due diligence?
— If you’re a service provider who is required to report about cybersecurity measures in a request for quotation, how can you be sure the steps you say are being taken actually are being implemented regularly within your company?
— Just about every company now supports BYOD — bring your own device. This is generally done to facilitate ease of working remotely. How recently did your company review how best to balance the need to keep data secure with enhancing employee working flexibility? How frequently is that issue revisited?
— How big is your computer infrastructure budget? Is it adequate?
— Do you know the internal reporting procedures in the event you discover your company has been hacked?
— Who handles reporting the hack to management? To outside regulatory authorities? To law enforcement? Is there a procedure in place?
At a recent meeting of major companies and law firms, an IT security consultant was asked how many of the companies and law firms represented in the room had been hacked. His immediate answer was “all of them!” How is your company preparing for that eventuality?
Susan Kohn Ross is an international trade attorney with Mitchell Silberberg & Knupp in Los Angeles. Contact her at firstname.lastname@example.org.