Last year, two major cybersecurity events drove home just how vulnerable companies are to potentially catastrophic cyberattacks. In March 2021, Molson Coors Beverage Co. reported that it had been the target of one such attack that disrupted its brewing operations and shipments. Then, less than two months later, a ransomware attack severely disrupted the Colonial Pipeline, which runs from Texas to New Jersey and supplies fuel for nearly half of the East Coast. The pipeline shut down for nearly a week.
The lesson from these events: always assume that you’re a target.
“If you’re in food, in beverage, if you’re a company that’s delivering beverages to a retailer, you’re a target for cybercrime,” says Bill Kraich, vice president of eCommerce at Encompass Technologies.
As fleets become increasingly more wired, it’s more likely they’re on the radar for cyber-criminals. Take electronic logging devices (ELDs) for instance.
“ELDs are the ‘new’ thing, the ‘big’ thing now in the industry and generally speaking those are going to be pretty safe,” Kraich says. “The problem is, they’re safe today. Are they going to maintain that? Likely not, as vulnerability becomes realized and exposed.”
Kraich advises three basic practices distributors can employ to help fortify themselves against cybersecurity breaches.
“First, take a real, hard look at anything you’re doing with an acronym,” he suggests. “Is it VPN [Virtual Private Network], is it RDP [Remote Desktop Protocol] or some other acronyms? Every time you open an RDP or a VPN, you’re creating a vulnerability. Guaranteed, there’s a cloud-based solution that doesn’t require you to do that.”
Kraich points out that the Colonial attack involved its VPN.
Next, Kraich encourages companies to apply multi-factor authentication to their systems. It makes it that much more difficult for malicious actors to breach your operation.
Third, it all comes down to user management.
“One thing that’s really, really common, not as much today, but definitely in the last 10 years, is that a delivery company would have their delivery people use the same login,” Kraich explains. “It’s the same username, same password for everyone and when someone left and went to another company, they still had the password. That’s such an embarrassment today and it still goes on. If you do something like that, you’re just asking for trouble.”
Good user management, he says, is probably the easiest step you can take because it’s easy and mostly free to implement, without requiring any real tech wizardry.
Keeping everyone on your team informed about what sorts of red flags to look out for is a simple step you can take. During the December holiday season in 2020, Adams Beverages in Charlotte, N.C. had its servers hit, disabling its e-mail communications for about 10 days.
“I’m more concerned with the IOT, the ‘internet of things,’ where everything is getting a piece of tech added to it,” says Chris Koch, director of information systems at Adams Beverages. “As that increases, the bad actors have more opportunities to create chaos.”
Since that attack, Adams Beverages has been more alert to such threats and actively safeguarding against them.
“Most cyberattacks don’t occur from state-sponsored groups from Russia or terrorist organizations,” Kraich notes. “They’re low-level criminals looking for an easy way in through the back door. But if you start becoming aware of what your vulnerabilities are, you start putting up those bars and you start making it difficult for those low-level criminals.”