ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
#
Ransomware
#
IoT Security
#
Advanced Persistent Threat Protection

Exclusive: Logistics firms face rising OT cyber threats amid global tensions

Today
Author image
By Melania Watson, Interview Editor

Cyber attackers are increasingly targeting logistics and supply chain networks, aiming to destabilise nations and gain strategic leverage without ever crossing a border.

According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern.

"There's two key reasons nation states do this," he explained during a recent interview with TechDay.

"One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains."

These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely.

"A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains."

In some cases, tactics have extended to disrupting weapons infrastructure, such as drones.

"When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained.

Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said.

"In OT, even a minor change can disrupt operations, so remediation needs to be more targeted."

Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said.

"That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks."

Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS).

Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million.

These costs were largely driven by lost revenue, recovery expenses, and employee overtime.

"It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said.

Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising."

Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said.

He added that one of the most pressing vulnerabilities is the level of remote access in these environments.

"We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security."

Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier.

Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment.

Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said.

Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring."

A cyber attack on Denmark's power grid in 2023 served as a wake-up call.

"One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists."

While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity.

"It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity."

He drew a sharp distinction between cyber criminals and state-backed actors.

"Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game."

Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said.

"My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike."

For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility.

"Most people I speak to admit they don't know 100% what's out there or how it's connected," he said.

"Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure."

There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months.

Still, Poggioli said complacency is not an option.

"If you don't know how big the problem is, you won't know how to solve it," he said.

"Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."

Related stories
Nearly half of developers say over 50% of code is AI-generated
Thyssenkrupp boosts supply chain with Celonis AI technology
Cohesity & MongoDB expand integration for enterprise data resilience
Azul & Chainguard partner on zero-CVE Java containers
ReliaQuest report exposes rise of social engineering cyber threats
Top stories
Commvault & Kyndryl partner to boost cyber recovery services
Drone Forge secures record Flexrotor order with Airbus in Asia-Pacific
Lantronix & Aerora partner to advance AI-powered drone systems
Ecommpay launches free pack to boost eCommerce accessibility
Poor cloud security leaves secrets & data at risk, report finds