Cybercriminals are embracing artificial intelligence to target material handling companies.
By Nick Fortuna
IN RECENT YEARS, businesses of all types have become familiar with cybersecurity threats such as ransomware, phishing and internal bad actors, but is your company ready for realistic-looking deep fakes?
Cybercriminals are constantly increasing the sophistication of their probing methods, and with the emergence of artificial intelligence, they’re taking their game to the next level, according to cybersecurity expert Theresa Payton, a featured speaker at this year’s MHEDA Annual Convention & Exhibitor Showcase.
Through voice and video cloning, cybercriminals can create convincing fake identities to trick employees into giving up sensitive information such as log-in credentials to software programs, Payton said.
A former White House chief information officer and chief executive of the Charlotte, North Carolina-based cybersecurity firm Fortalice Solutions, Payton said companies need a multilayered cybersecurity approach to stay ahead of evolving threats. When she takes the stage at MHEDA’s convention in Tampa, Florida, on Monday, April 28, she’ll emphasize the importance of “investing in both technology and people” to safeguard operations.
“In a world where cybercriminals are constantly innovating, staying ahead of threats requires a proactive, all-encompassing approach to cybersecurity,” Payton said. “Today’s cybersecurity solutions are failing us because they typically do not design for the human-user story. We often find that tools fall short because we did not have a ‘human in the loop’ in the designs.”
Once cybercriminals have breached a company’s systems, they can wreak all types of havoc, seizing control of computers and internet of things (IoT) devices to shut down operations or exfiltrate information about the company, its employees and its customers. The harm to a business’s bottom line and reputation can be immense.
For industries like material handling, the threat from cybercriminals is “even more pronounced” due to companies’ growing reliance on interconnected systems, automation and IoT technologies, Payton said.
“As your company integrates more devices and platforms into its operations, the attack surface expands, creating new vulnerabilities that can be exploited,” she said. “A cyberattack on your operational technology systems – often overlooked in favor of IT security – could have devastating consequences, potentially disrupting your entire supply chain or production process.”
Bad Actors Join Forces
Payton said the cybersecurity landscape has shifted dramatically since her time in the White House under former President George W. Bush, with cybercriminals tweaking both their tactics and motivations. In the past, cybersecurity experts focused on protecting networks and systems from independent hackers or criminal organizations motivated solely by financial gain.
In recent years, however, cybercriminals have operated in loose partnership with authoritarian regimes in China, Russia, North Korea and Iran, launching so-called advanced, persistent threats (APTs). Those APTs aim to use espionage, data theft, system disruption and network destruction to give those regimes political or strategic gain.
“One of the most striking changes is the blurred lines between nation-state actors, cybercriminals and fraudsters,” Payton said. “These criminal enterprises now often appear to come from the same ‘crime family tree.’ What’s truly concerning is how these groups borrow tactics and technologies from one another. For example, sophisticated ransomware attacks, often used by cybercriminals for profit, are increasingly being leveraged by state-sponsored actors as a means of destabilization or coercion.
“Cybercrime has become a highly organized, cross-functional industry with overlapping objectives and shared resources,” she added.
In light of that, companies need to think more holistically about their cybersecurity strategies, focusing not only on preventing breaches but on detecting them, mounting a thorough response and recovering from them swiftly. Savvy companies are working to identify their biggest risks and become more proactive, adapting their defense strategies to the ever-changing tactics of cybercriminals, Payton said.
“Today, cybersecurity is no longer just an IT issue,” she said. “It’s a critical business function that requires constant vigilance, strategic foresight and a clear understanding of the evolving threats at play.”
Payton said a robust cybersecurity strategy starts with strong endpoint protection to defend against malware and other attacks targeting devices on your network. In addition, IT teams should perform regular security audits to identify and address vulnerabilities before attackers can exploit them. That
includes examining operational-technology systems, ensuring your industrial networks and critical infrastructure are fortified against emerging threats.
As modern supply chains become more interconnected, they’re increasingly vulnerable to cyberattacks, Payton said. Cybercriminals often target third-party vendors and partners to gain entry to larger networks, so cybersecurity must extend beyond your own walls and be integrated into every link of the
supply chain.
To mitigate these risks, Payton outlined six key strategies:
- Adopt a robust third-party risk management program. This includes conducting thorough cybersecurity assessments for all critical vendors, contractors and partners. Ensure that partners meet your security standards, and continuously monitor their performance. This proactive vetting process reduces the risk of introducing vulnerabilities through external connections.
- Implement strong access controls and segmentation. Limiting access is a key to mitigating risk, so use strict access controls to ensure that only authorized personnel can interact with sensitive systems and data. Additionally, network segmentation should be applied to isolate critical supply chain data from less-sensitive areas. This limits the spread of potential breaches and allows for faster detection and containment.
- Monitor for anomalies across the supply chain. Constant vigilance is essential, so you should employ real-time monitoring tools to detect unusual activity across your supply chain. These tools can identify potential threats early, enabling you to act before they become major problems. Supply-chain risks often manifest in subtle ways, and early detection can make all the difference.
- Ensure data protection best practices across partners. Data security is paramount, and it’s essential to ensure that all supply chain partners are adhering to best practices for data encryption, storage and transfer. Set clear data protection requirements as part of your contracts with vendors, and regularly audit their compliance. This ensures that your partners are safeguarding sensitive information as diligently as you are.
- Develop a contingency plan and communications strategy. In the event of a cyberattack, having a clear, tested contingency plan is crucial. Establish a rapid response protocol, and define roles for both internal teams and external suppliers. Ensure that your communication strategy is streamlined so all parties can react quickly and effectively to minimize the impact of a breach.
- Prioritize employee training and awareness. Human error remains one of the biggest threats to cybersecurity. Regular employee training is essential to ensure that your teams can recognize and respond to phishing attempts and other forms of social engineering. Fostering a culture of openness and vigilance where employees feel empowered to report suspicious activity can prevent many security breaches before they occur.
Focus on the User Experience
Payton said it’s essential that material handling companies design security protocols that take the human user into account. Too often, she said, security strategies focus solely on technology or infrastructure, overlooking the people who interact with those systems daily.
By examining the behaviors, needs and workflows of employees, customers and third-party vendors, companies can gain a clearer picture of their vulnerabilities.
Security systems should be designed to be intuitive and user-friendly, encouraging positive security behaviors and minimizing friction that could lead to mistakes, Payton said. Training should be interactive and role-specific so employees feel empowered and prepared rather than intimidated or burdened by security protocols.
With cybercriminals and nation-state actors teaming up to imperil supply chains, Payton said it’s vital for everyone connected to material-handling companies to prioritize cybersecurity and mount a team effort of their own.
“Security needs to be built into every project, product and partnership from day one and continuously assessed as new risks arise,” she said. “By fostering a business-wide commitment to cybersecurity, designing systems with human users in mind and constantly adapting to the changing threat landscape, companies can create a resilient and secure foundation that safeguards both the organization and its people.”
Article Takeaways
1. Growing Risk. Cybersecurity threats are evolving with AI, emphasizing the need for robust multilayered defenses.
2. New Challenges. Collaboration between cybercriminals and nation-states requires companies to adapt holistic cybersecurity strategies.
3. Vital Protection. Integrating cybersecurity across supply chains is critical for ensuring resilience against cyberattacks.
