Securing the Supply Chain - A Conversation with Dr. Emma Philpott MBE, CEO of IASME

Q: How can logistics companies protect themselves from cyber attacks targeting weak links in the supply chain? 

Supply chains are a prime target for cyber criminals, who often exploit the weakest link to gain access to larger organisations. Even if a company has strong cybersecurity measures in place, attackers may infiltrate through a less secure third-party supplier. This makes it critical for businesses to view supply chain security as a shared responsibility. One proven approach is to require suppliers to meet specific cybersecurity standards, such as obtaining Cyber Essentials certification. This ensures a minimum level of protection across the entire supply chain, reducing vulnerabilities and strengthening collective resilience. You may want to ask some of your most important suppliers for additional cyber security measures but asking all suppliers for Cyber Essentials as standard is an affordable and achievable requirement for even the smallest of organisations. 

Q: Why is it important for logistics businesses to follow cyber security guidelines, and how do these help? 

Logistics and supply chain businesses are vital to the UK’s infrastructure, making them attractive targets for cyber criminals. To protect these sectors, the UK Government and the National Cyber Security Centre (NCSC) have developed frameworks like the Cyber Assessment Framework (CAF) and Cyber Essentials. These guidelines provide clear, actionable steps to improve cyber security. Cyber Essentials, for example, focuses on five key technical controls that mitigate the majority of common cyber threats. Certification not only helps businesses protect themselves but also reassures partners and customers that they take security seriously. It’s a practical, affordable way to embed cyber resilience into supply chain operations. 

Q: How are smart devices and IoT technology changing warehouse security, and what new risks do they bring? 

Smart devices and IoT technology have transformed warehouse operations, offering greater efficiency and visibility. However, they also introduce new vulnerabilities. Poorly secured devices can serve as entry points for hackers, potentially compromising entire systems. To mitigate these risks, businesses should ensure devices are regularly updated, use strong passwords and multi-factor authentication (MFA), and segment networks to limit access. By taking these steps, companies can enjoy the benefits of connected technology without exposing themselves to unnecessary risks. 

Q: Why are logistics companies a target for ransomware, and how can they defend against it? 

Logistics companies are critical to global supply chains, and any disruption can have far-reaching consequences. This makes them attractive targets for ransomware attacks, where hackers encrypt data or threaten to leak sensitive information unless a ransom is paid. To defend against such attacks, businesses should adopt a multi-layered approach. Regularly backing up data and storing it offline ensures operations can be restored without paying a ransom. Implementing robust access controls, multi-factor authentication, and network segmentation means that if someone does click on a malicious link in a phishing email, the attack can either not progress or the effect will be limited.  

Q: What are some simple ways to teach logistics staff to spot and handle cyber threats? 

Training staff doesn’t have to be complicated. Start with short, practical sessions that teach basic cyber hygiene, such as not using the same username and password on different accounts and being suspicious of unexpected emails asking for urgent action. Tailor training to specific roles—for example, teaching warehouse staff how to secure IoT devices or drivers how to protect mobile systems. Encourage a culture of openness where employees feel comfortable reporting suspicious activity without fear of blame. By empowering staff to see themselves as part of the company’s cyber defence, businesses can turn potential vulnerabilities into strengths. 

Q: How can logistics companies adopt new technology while keeping their systems secure?

Adopting new technology doesn’t have to come at the expense of security. Before implementation, conduct a risk assessment to identify potential vulnerabilities. Work only with vendors who can demonstrate that they prioritise security, and ensure new technology integrates seamlessly with existing cybersecurity measures. Regular updates and system monitoring are essential to stay ahead of emerging threats. By embedding security into the adoption process, businesses can innovate confidently while safeguarding their operations.