Cybersecurity for logistics companies: urgency & responsibilities

Cybersecurity for Logistics Companies: Urgency and Responsibilities

On October 31, the Logistics Platform Roosendaal, in collaboration with Platform Veilig Ondernemen, hosted a breakfast meeting. Invited by Sjel Wijngaards, chairman of the platform and Deputy Managing Director at Jan de Rijk Logistics, whom I’ve had the pleasure of working with in the past, I attended to discuss a crucial theme: cybersecurity. The goal was to raise awareness about looming threats and ways logistics companies can strengthen their digital security. While the odds of a fire are just 1 in 8,000, the likelihood of a cyberattack is 1 in 5 – a statistic that should alarm any business.

Cybersecurity is More Relevant Than Ever

The first speaker, retired Major General Pieter Cobelens, delivered a sobering yet insightful talk on cyber threats. With a sharp, humorous, and provocative approach, he shared his perspective on the generally lax attitude towards cybercrime in the Netherlands.

Cobelens stressed that ideally, everyone should work within the cloud and that the government should be responsible for cloud data security, given the growing reliance of individuals and businesses on these services. However, he pointed out that the government doesn’t always employ the most skilled cybersecurity experts, as top talent often works in the private sector where salaries far exceed public sector limits. As a result, crucial decisions regarding complex systems may be made by individuals who may lack the necessary knowledge and experience.

With vivid examples, Cobelens illustrated the potential consequences of cyberattacks on essential systems such as payment networks, electricity, and water supply. “If our basic provisions collapse, panic ensues. And we Dutch aren’t accustomed to scarcity, so when things go wrong, they go very wrong indeed.” He also warned of threats posed by nations like North Korea, China, Russia, and Iran, which treat cybercrime as a full-fledged weapons industry.

Stricter Regulations for Logistics Companies

Henk Bijsterbosch, the second speaker, focused on the new European NIS2 (Network Information Security) directive, which took effect in the EU on October 18, 2024. In 2025, this directive will be translated into the Dutch Cybersecurity Act, requiring all companies in essential sectors, including logistics, to manage and report cyber risks. This law mandates that companies with 50 or more employees, or companies in critical sectors, meet new security requirements. This includes conducting risk analyses on suppliers, establishing incident response plans, and registering essential services.

With the advent of this law, there is also a chain responsibility: companies must ensure their own cybersecurity and have visibility into the security of their suppliers. It’s estimated that around 10,000–12,000 companies in the Netherlands will be directly affected by these requirements, with indirect implications for about 50,000–70,000 suppliers. Notably, company directors could soon be held accountable for non-compliance with the NIS2 directive, heightening the responsibility and urgency for adherence.

Peter Lahousse: A Glimpse into the World of Cybercriminals

Ethical hacker Peter Lahousse gave the audience a glimpse into the world of cybercrime. He demonstrated how criminals operate, provided insights into the dark web, and explained the millions involved. His presentation highlighted that while cyber threats are escalating, many Dutch businesses are still behind in IT security, despite nearly every company having fire insurance. Every 11 seconds, a cyberattack brings a business somewhere in the world to a halt.

Cybercrime is no longer a distant issue. With the rise in cybercrime and the NIS2 legislation on the horizon, it’s critical to approach both the technical and organizational aspects of security with the utmost seriousness.

The Shift to the Cloud and Application Rationalization

While moving to the cloud can introduce new threats, it remains a necessary step for businesses. Migrating to the cloud often provides better security options and facilitates collaboration. Yet, this step alone isn’t enough. Companies must also scrutinize their application landscape. Over time, due to mergers or natural evolution, a mix of old and new systems may develop, often with legacy applications on outdated servers using vulnerable protocols. This scenario can be a target for attackers.

Application rationalization is essential here: a thorough review of all applications helps companies retire outdated systems and address security vulnerabilities. This process can lead to a leaner, more secure, and efficient IT landscape.

For more information on how I can assist with application rationalization and cloud security, feel free to visit my website, improvelogisticsit.com.