BY JAMES COOKE, EDITOR AT LARGE
techwatch
Defend your DC network
WITH THE FLOW OF INFORMATION AS CRUCIAL AS THE
flow of goods and materials in a distribution operation today, it’s
vital that the information network be secure from cyberattacks.
That’s why a recent report on the growing danger of advanced
persistent threats (APTs) should serve as a red flag for logistics
managers.
APTs are an espionage tactic used by hackers and cyberter-
rorists to steal intellectual property from a company’s comput-
er systems. A recent survey of more than 1,500 security profes-
sionals conducted by ISACA (formerly the Information Systems
What makes this particularly worrisome,
according to ISACA, is that APTs pose a much
greater danger to enterprises than “traditional”
threats. “APTs are sophisticated, stealthy, and
unrelenting,” said Christos Dimitriadis, inter-
national vice president of ISACA, in a state-
ment announcing the publication of the
report, Advanced Persistent Threat Awareness:
Study Results. “Traditional cyberthreats often
move right on if they cannot penetrate their
initial target, but an APT will continually
attempt to penetrate the desired target until it
meets an objective – and once it does, it can
disguise itself and morph when needed, mak-
ing it difficult to identify or stop.”
Examples of APT attacks include the recently reported inci-
dents of cyberespionage by Chinese military hackers targeting
corporations and the media. Although in many cases, the hackers
are trying to steal corporate secrets, some are simply looking to
cause mischief. “Sometimes, the motives of the attack are disrup-
tion of the business,” says John Pironti, an adviser with ISACA.
“Other times, it’s disruption of reputation. They don’t need to
steal data to be successful.”
Although logistics managers may think this problem is strictly
an information technology issue, that’s not the case, says Pironti.
That’s because these types of cyberattacks are being launched
more often at supply chain and distribution networks.
What makes these networks an attractive target has largely to do
with access, Pironti says. Hackers have figured out that they can
sometimes gain entry to a designated compa-
ny’s IT system by exploiting its network con-
nections. That is, instead of attacking the
company’s computer system directly, they’ll
try to sneak in through the information con-
nections it has with suppliers or carriers. “A
small guy will be less protected than the big
guy,” he explains. “If I can’t get into the man-
ufacturer, let me see who they are working
with and get in through that entry point.”
In fact, Pironti says he knows of at least 10
cases where hackers have broken into logis-
tics software to place
phony customer orders.
The company is then
forced to go in and root
out the fake orders, which
results in a slowdown in its
distribution operation and
impairs its ability to ship
orders on time.
