Keep your shipment and company safe

The maxim “cargo at rest is cargo at risk” may still be applicable, but in the current environment even cargo in transit is fraught with theft and hijacking threats – especially for high-value items. This doesn’t only pertain to the physical realm; company data may also come under attack.

The monetary value of an entire load is not the only thing attractive to criminals, who may be enticed by “in-demand” goods like cigarettes, pharmaceuticals, cosmetics, liquor, electronics, and designer jewellery or clothing.

2020 saw a decline in cargo crime-related losses from theft, pilferages, armed robberies, and hijackings. However, when global economies began to open up in 2021 following the relaxation of Covid-19 lockdowns, growing trade and import/export volumes similarly increased criminal activity.

This is concerning to Kennedy Ntenjwa, head of Santam’s Marine Division, who points out that today’s transporters are now burdened with the additional costs of applying full security measures to protect their loads. In fact, without these measures, such as satellite tracking devices and armed escorts, insurance policy warranties may be negatively impacted.

“Security measures today are key when pricing or quoting on a risk,” says Ntenjwa. “It stands to reason that good security attracts more competitive pricing, and with so many players in the market it puts extreme pressure on pricing overall.” The old adage that price is king also rings true and, he says, “the drive to reduce costs across industry lines has also had a major impact on loyalties”.

To counteract this and rebuild brand support, Santam Marine has taken the strategic decision to rejuvenate the value proposition to its clients and brokers. It is doing so in a number of ways, first of which is tackling the security issues transporters of marine goods experience.

“We are working with security companies that provide patrol security to trucks, to see how they in turn can take this value proposition to our clients and brokers. We have also increased our ongoing client webinar education around risk management and risk mitigation measures,” explains Ntenjwa. “What is crucial to understand is that while security measures may bring additional costs to the transporter, some of those costs are mitigated by a decrease in premiums.”

Santam Marine is also focused on rebuilding the value of marine insurance through quality education of brokers, especially among the small to medium demographic, where such brokers have neither the right product knowledge nor expertise. “Through Santam’s learning and development portal, they can access an upskilling programme, which is also designed to clarify the value of marine insurance. This is particularly important so that the industry can attract the youth into a marine insurance career,” Ntenjwa notes.

“There is a misconception that marine is too complicated, and takes too long to master and progress a career. We tackle that head-on because our solution is a combination of education and training and, yes, possible mandatory certifications. But this will translate into improved remunerations and the likelihood of study incentives, which we believe will encourage the youth into an exciting career,” he asserts.

“Overall, our goal is to see the revival and sustainable strength of the marine insurance sector. All stakeholders – be they private industry, brokers, or clients – need to forge improved relationships to combat threats in the market. We must all be willing to commit time and resources to protect our respective interests,” he continues.

But physical threats aren’t the only hurdles that this industry has to overcome. “The shipping and logistics industry is increasingly a target of cybercrime and ransomware attacks, a trend that has accelerated in recent years. The reason for this is simple – these companies store and process a wealth of personal information that is immensely valuable, so a successful attack can be a highly profitable exercise,” explains Kate Mollett, regional director of the data services platform Commvault Africa.

“The damage these attacks cause financially and reputationally can be catastrophic,” she adds. “Companies need to implement leading-edge ransomware recovery and ransomware protection to enable them to protect and recover data quickly, minimising damages and loss.”

An industry under siege

“There are many examples of cyberattacks and data breaches across the shipping and logistics sector, from companies of all sizes. There were also several high-profile data breaches in 2020 and 2021, which have shone a spotlight on this industry under siege,” Mollett points out.

“In April 2020, Mediterranean Shipping Company was the victim of a malware attack that caused an outage to the company’s website and customer portal. In June, global conglomerate Maersk reported a cyberattack that caused in excess of US$300 million in losses,” she reveals.

This trend accelerated into 2021. “In November, shipping giant Swire Pacific Offshore fell victim to a cyberattack that caused a significant data breach that resulted in the loss of confidential proprietary commercial information and personal data,” relates Mollett.

“In December, US logistics company DW Morgan exposed over 100 GB of sensitive data on clients and shipments, including financial, transportation, shipping, and personal details. Also in December, Hellman Worldwide Logistics was targeted by RansomEXX ransomware, and more than 70 GB of stolen data, including customer names, user IDs, email addresses, and passwords was leaked.”

No size-based discrimination

While these are all examples of large multinational shipping and logistics conglomerates, cyberthreats affect providers of all sizes across the supply chain. A case in point is a malware attack on a third-party supplier for Canada Post in May 2021, which resulted in a data breach impacting 950 000 parcel recipients. Another example is a ransomware attack on a small trucking company in the US, which could potentially have taken down the entire business.

“The reality is that cybercrime does not discriminate based on size; all organisations throughout the supply chain need to take the relevant steps to protect data and ensure the ability to recover from an attack. While digital transformation can improve efficiency in the logistics sector, it can also introduce vulnerabilities if data security is not prioritised,” Mollett emphasises.

A multi-layered approach

“Data security is a vital tool to protect against ransomware. It needs to take the form of a multi-layered defence to guard on multiple levels, built on a zero-trust framework for advanced security that should be flexible and scalable to meet digital transformation goals,” continues Mollett.

She says that the first step is to identify, assess, and mitigate risk exposure. “This includes implementing tools like multi-factor authentication and dual authorisation. Data then needs to be locked and hardened, using air gapping and immutable copies of data, to reduce the attack surface and better safeguard data,” she expands. “Clean backup copies help to minimise risk as well as the downtime associated with a data breach. Active monitoring and advanced threat and anomaly detection provide early warning alerts of suspicious and malicious activities.”

Consistent recovery processes need to be put in place across all data and workloads to restore wherever the data is needed. According to Mollett, solutions should also actively work to avoid ransomware file reinfections by deleting suspicious or unnecessary files from backups, isolating suspect backup copies, and enabling restoration to a safe location.

With the increasing number of attacks on the shipping and logistics sector, protecting data is essential, but Mollett advises that the ability to recover quickly in the event of an attack is arguably even more important. “Extended downtime and continued exposure can end up costing millions and the reputational damage can be severe, not to mention the regulatory penalties associated with leaked personal information,” she notes.

Clearly, having an effective recovery strategy and the right tools in place are critical to protecting organisations in this vulnerable industry, whether that relates to the cargo being shipped or the data and information crucial to operations.