DP World cyber attack highlights supply chain vulnerability
Thousands of shipping containers filled with consumer goods were stuck at ports around the country this week after a cyberattack hit global port operator DP World Australia.
The company shut down its Sydney, Melbourne, Brisbane, and Fremantle port operations after discovering hackers had breached its systems. DP World, Australia's largest port operator is still in the process of resuming full operations following the attack.
The move led to significant delays in handling cargo and containers at affected docks. As an emergency measure, DP World Australia disconnected its internet connection, causing disruption to crucial port operation systems.
Director of the Freight and Trade Alliance, Paul Zalai, said earlier this week that limited operations had resumed with DP World’s docks at Brisbane and Fremantle moving through imports and exports. However, Sydney and Melbourne were only dealing with imports.
“We have heard from one of our members, who say DP World told them it’ll be another two weeks before accepting export cargo at (Sydney’s) Port Botany,” Zalai explains. “That’s going to have devastating effects for our operators.”
Zalai noted that one regional exporter has 300 containers stuck at one port, and while the full extent of the outage is not yet known, operations on Monday suggest that it will not have a significant impact on the flow of goods for Christmas shopping.
“More and more is becoming apparent by the hour… The overall position is looking a lot better than it did over the weekend, as operations are up and running,” he said.
Companies' supply chains are often the target for cyber criminals. The supply chain of a multinational firms such as DP World will comprise thousands of vendors, many of whom can be vulnerable to cyber attacks. Hackers target such vendors as a means of gaining access into a larger company – the so-called back door cyber attack.
It is vendors who are too often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organisation itself.
A recent Accenture study showed that, in the US, 43% of cyberattacks were aimed at small to medium-sized enterprises but that just 14% of such companies are adequately protected. Those are scary numbers, and it’s a similar story on both sides of the Atlantic.
The most common method for cyber attackers to breach supply chain networks involves exploiting software vulnerabilities. Malicious updates or compromises to open-source code serve as channels for injecting malware. Mitigating this threat can be achieved through third-party risk management and enhancing cyber security awareness through training.
Politically motivated cyber criminals, meanwhile, target supply chains with the aim of disrupting or halting the flow of utilities, goods, and services. They may also seek to steal intelligence information, destabilise financial activities, or facilitate military actions.
The effects of Russia’s invasion of Ukraine, for example, has extended beyond Ukraine. It is believed that Russia has retaliated against the US and other countries for the sanctions they’ve imposed, with state-sanctioned cyber attacks. Criminals will also use the crisis to their advantage and actively look for opportunities to capitalise on the global chaos.
Basic cyber security housekeeping is the single best method of managing cyber attacks is to look at preventing them before they occur. Despite the increasing sophistication of cyber attacks, human error is still a leading cause of cyber security breaches, but by building cyber security awareness, providing up-to-date relevant information for staff, and enhancing password security, it can help employees to recognise and stop third-party data leaks before they become severe breaches.
- For further insight check out the latest issues of Supply Chain Magazine, Procurement Magazine & Sustainability Magazine
BizClik is a global provider of B2B digital media platforms that cover executive communities for CEOs, CFOs, CMOs, and leaders in sustainability, procurement, supply chain, technology & AI, cyber and FinTech. It also covers industries such as manufacturing, energy and EV. BizClik is based in Norwich, London, Dubai & New York. It offers content creation, advertising and sponsorship solutions, webinars & events.