Cyber security: people are the biggest weak spot

Cyber attacks are becoming increasingly widespread. How to protect against them was a key question at a panel discussion organised by the German Logistics Association (BVL) at the transport logistic trade fair entitled ‘Cyber security in logistics: How supply chains remain secure in the digital age’.

Crucial: the human factor

‘The biggest weak point remains the human factor,’ said Kerstin Hoppe, Chief Transformation Officer at Thyssenkrupp Materials Services. The company was the target of a cyber attack in 2022. It is extremely important to ensure that employees remain vigilant at all times so that such attacks are not successful.

But companies must also take precautions for emergencies. For example, it is very helpful if employees have a printed telephone list with numbers that can ensure that the company remains operational. ‘The goal must of course be to get the systems up and running again so that customers can be served as quickly as possible.’

The chain is only as strong as its weakest link

Hoppe pointed out that the same applies to cyber security as to the supply chain: the chain is only as strong as its weakest link. ‘Your own systems can be as good as they like, but if your partners haven’t taken the necessary precautions and are the weak link in the chain, you're vulnerable,’ said the Thyssenkrupp manager.

Lucas Noerpel-Schneider, CEO of Noerpel SE, pointed out the high dependence on IT. ‘The logistics industry is a data industry.’ His company has a logistics centre covering 60,000 square metres. Goods are stored there according to a chaotic warehousing system. ‘It’s impossible to find a specific pallet quickly,’ said Noerpel-Schneider.

Noerpel was attacked in 2021

The Ulm-based freight forwarding group was the target of an attack on its IT systems on a Saturday in 2021. ‘Our employees all came into the company spontaneously on Sunday and rallied together against a common enemy,’ he said, finding at least one positive aspect of the attack.

As a general cargo forwarder, Noerpel works with various partners in a cooperative that serves other regions. ‘It is important that the network formulates an appropriate security standard from the management level and enforces it at all partner companies,’ said Noerpel-Schneider.

Hoppe regretted that companies were not yet as far along in their cooperation as they were with the Supply Chain Due Diligence Act. There, certain codes of conduct had to be signed. Cyber security had not yet reached that stage.

Danger posed by AI

‘When I look to the future, I am very concerned about how such cyber attacks could be amplified with the help of artificial intelligence,’ said Hoppe.

Logic and computing power could enable cyber attackers to launch attacks on a completely different scale. ‘This raises the exciting question of how companies can respond,’ said Hoppe. This makes it all the more important to continuously raise awareness of cyber security at all levels within the company and to provide further training in order to close any potential loopholes. (cd)