Clinton Eckersall      Thu, 29/02/2024

AAW.png

Clinton is a logistics executive with a keen focus on domestic and international freight forwarding. He has been fortunate enough to work on four different continents with multinational and privately owned companies. This experience has given him a well-rounded view (IMO) on people and business in general. He enjoys what he does and places a premium on working with authentic, fun, and passionate people.

He is currently the Director at AAW Project Logistics in Australia & New Zealand.

According to Clinton: Treat people like adults and they will act like adults!

 

Navigating the Cyber Waves in the Logistics private sector

Up until relatively recently, Cybersecurity used to be an agenda item somewhere near the bottom of the list in board meetings at Multinational logistics entities around the world. This topic has quickly moved up close to the top of the agenda and has also found it’s way onto the priority list of owners and boards at Independent logistic companies. 

Expeditors, known as one of the logistics giants in the world had their own terrifying experience with this issue in 2022 and by all accounts are still working on the damage that this caused to their business. Toll Group suffered two major cyber attacks in 2020 which led to the company shutting down most of their systems for an extended period. If these companies with massive IT budgets, teams of people and infrastructure are at risk then what is to say that the smaller, independent companies are not next.

To give the topic some context:

Cybersecurity risks come in three predominant forms:

  1. Ransomware Attacks: With the rise of ransomware-as-a-service (RaaS), logistics companies are prime targets for extortion schemes that can disrupt operations and result in financial losses.
  2. Data Breaches: The vast amounts of sensitive information handled by logistics firms, such as customer data, shipment details, staff records and financial records, make them lucrative targets for cybercriminals seeking to steal or manipulate data for malicious purposes.
  3. Supply Chain Compromises: Supply chain attacks, where adversaries infiltrate third-party vendors or partners to gain access to target organization's systems, pose a significant threat to logistics companies reliant on interconnected networks.

Considering the above, prioritizing cybersecurity is no longer a “nice to have” for the Business owners and Directors of member companies within THLG. At AAW Group Holdings (parent company of THLG member AAW Project Logistics) we prioritize cybersecurity at a board level and although we understand that you can never guard yourself against every eventuality, we do everything within our control to mitigate the risks to our business posed by these malicious threats. Some best practices for each of us to consider include:

  1. Risk Assessment and Mitigation: Conduct regular risk assessments to identify vulnerabilities and prioritize mitigation strategies based on the level of your risk exposure (this varies for each of our companies).
  2. Employee Training and Awareness: Cybersecurity is a responsibility for everyone. The education of employees about cybersecurity best practices is a non-negotiable for every business. Human error (clicking on that strange or funny link you shouldn’t) remains the number one cause of cybersecurity breaches. At AAW, we provide regular cybersecurity awareness training to all our staff.  The training program includes random “phishing simulation” emails to test the actual behavior of our people and keep the topic front of mind. 
  3. Vendor Risk Management: Having good vendors who can work with you on your cybersecurity strategies is essential.  Cybersecurity evolves at a rapid pace and for many  organisations it is not practical have people dedicated solely to this topic.  Partnering with high caliber vendors in this field adds expertise and can fast track your security objectives. Yes, this can be expensive, however how does this measure up to the alternative scenario?
  4. Incident Response and Contingency Planning: Cybersecurity experts will tell you there is no iron clad guarantee in this game so always have a back-up plan which you regularly test.

In conclusion, this is a topic which will become more and more relevant to each one of us in the coming years. How much resourcing assigned to Cybersecurity is aligned to every company’s risk appetite however we cannot deny that this is something that demands every Executives attention as the world and our industry continues its online development at breakneck speed.