WHO STOLE MY CONTAINER?
- Date: 28/09/2015
How many of you have had your credit card stolen or cloned and then found purchases on your credit card that were not yours? Unfortunately it is a common occurrence worldwide. The Nielson Report estimated that payment card fraud globally reached US$14 billion in 2014.
This is one aspect of theft and cybercrime. It is a growing threat to our personal lives, but it is an even greater risk to businesses around the world. So I would like to discuss how traditional theft and the increasing risk of cybercrime to facilitate theft can affect the container business and how you can mitigate these risks.
Data from the TT Club claims analysis indicates a persistent and growing incidence of theft which is the biggest single cause of claims, accounting for 12.7% of all global TT Club claim costs. The Global Supply Chain Intelligence Report from BSI Supply Chain Solutions estimates that over US$23 billion was lost to cargo theft in 2014.
TT Club data for the last five years (2010-2014) reveal that 52% of theft costs result when using contractors, thus prevention should start with due diligence checks on contractors you use. Furthermore, 54% of theft costs occur in transit, which can be mitigated by measures including sending trucks in convoy, only stopping at approved truck stops, not leaving the truck unattended, altering routes on regular deliveries, only using approved transport contractors, sharing bad experiences and using available GPS tracking technologies. Finally, 27% of theft costs involve losses from premises, underlining common sense approaches, such as good fences, security guards, CCTV monitoring, automated gate control systems, and scrupulous paperwork. Most thefts are found to be inside jobs, so monitor and do due diligence on staff.
While the above advice will help mitigate theft, cybercrime has spawned new risks. We can’t just rely on the use of seals, locks, alarms, tracking devices and the like. Today we are all driven by systems and rely heavily on the support of the internet. Reliance on such internet connected systems inevitably increases the exposure of businesses to cybercrime - a truly global issue and can affect any business. Criminal organisations are increasingly using cybercrime to facilitate cargo theft. If you think cybercrime does not or will not affect your business then you are unfortunately likely to be mistaken.
Do not underestimate value of your data. Data types include intellectual property, financial information, commercially sensitive data, and personal employee data. Even what appears to be the most benign information can prove extremely valuable to the criminal organisation. You need to identify the data that could be vulnerable and ensure that appropriate additional security measures are implemented in order to mitigate cybercrime.
There are reported instances where spyware equipment has been physically installed to existing IT systems. Thus, what initially looks like a minor office break-in and theft could in reality cover-up spyware being installed in all office computers, enabling recording of keystrokes and cursor movements, obtaining passwords, downloading and printing data to a remote source. The result can be that containers are tracked to a terminal and release codes created, allowing access to collect the desired container. Similarly, altering stock levels in warehouses could facilitate theft by avoiding immediate detection or simply to disrupt an operation.
Could your business continue to operate effectively without communication systems? What if they were hacked and you had no email, phone, internet access, EDI (electronic data interchange), satellite tracking devices? Many businesses now use electronic means to communicate with equipment drivers and hauliers, and even with outside contractors. If hacked, the communication still appears to be from a trusted source, but it may provide a changed of delivery address, a change of trailer number to collect or a change of trailer with another driver. This can facilitate theft.
Another cyber risk is the increasing use of internet based freight exchange websites. Criminal organisations are posing as legitimate carriers or legitimately purchasing small failing haulage companies who have a recognised brand name. When other operators are desperate to move time sensitive shipments, these criminal organisations present themselves. Where due diligence is not performed the legitimacy of the fraudulent carrier is not readily identified. After the cargo is collected, it inevitably disappears, along with the company itself.
Available software can allow individuals to be tracked and profiled through social media. Criminals can identify where you live, where you work, what times of the day you spend at each, when you are on vacation, your family and friend’s names and photos. While this may be deemed to be the individual’s issue, it can also expose businesses to heightened risk. In the event that an employee’s social media account is hacked, it is entirely possible that other accounts can be assessed, since many of us use the same or similar passwords across numerous applications. Criminals will also search for vulnerable employees to be compromised (bribed or blackmailed). This risk clearly extends to targeting the theft of high value cargoes – drivers’ habits (regular routes, usual truck stops, whether they park their vehicle up and spend the evening eating and drinking in a truck stop away from their vehicle) can be identified. Through undetected profile building, criminal organisations are able to identify the most vulnerable point in the supply chain and simply choose their opportunity to strike.
Theft is a big cost to businesses globally. Traditional security must always be implemented, but risks presented by cybercrime to assist theft are real and growing, and need to be addressed. The increased sophistication of cyber activity makes it challenging to build effective defences. Like most risks, exposure cannot be 100% mitigated. There are, however, increasing options for cost effective and practical steps to minimise cybercrime. Don’t be complacent – seek professional IT assistance.
Port Strategy Article – Opinion Piece – Sept 2015 Edition
Laurence Jones – Director Global Risk – TT Club