To mark Cybersecurity Awareness Month, Cryopak dives into the importance of being digitally secure in the cold chain industry.
The cold chain industry is one that incorporates several different processes, from manufacturing to logistics. All of these use the latest technological systems to ensure the best quality and service for its customers. But what if that technology is threatened in some way? In this article, we discuss why the issue of cybersecurity is important to the cold chain and what can be done to make sure that a system is able to defend a company’s technology.
Why Cybersecurity Matters in Cold Chain
Recent events are evidence of how the cold chain can be affected by breaches in cybersecurity. In 2020, hackers had targeted 44 separate companies in a global phishing attack. This included pharmaceutical and IT companies involved with the distribution of the COVID-19 vaccine.
The supply chain industry in general is becoming a growing target for hackers and cyberattacks. One of the biggest breaches involved Colonial Pipeline and resulted in 45% of the East Coast’s fuel supply being compromised[ii].
While technology has been highly beneficial for cold chain’s efficiency, the downside to this is the risk of cybersecurity threats. Whether for financial gain or some twisted way of thinking, cyber attackers can create a domino effect that affects the entire process if a breach is successful; putting a system back to normal can take months[iii].
One specific threat to cold chain cybersecurity is ransomware. Ransomware is a digital encryption that hackers use to scramble the data of a target organization. To restore the system, companies are forced to pay a hefty sum to the criminals behind the attack[iv]. Another threat is malware, which operates like ransomware but may not be resolved with a payout. Finally, there is the common practice known as phishing, where fraudulent emails are sent under the guise of coming from a legitimate business. For example, a scammer may try to trick a user by sending them an email with the user’s own email address. Over 75% of cyber attacks start with these emails when employees are not aware of how to spot a phishing scam.
Cybersecurity Best Practices
When it comes to managing a cold chain company’s cybersecurity, there are several questions that need to be asked. What controls are in place to monitor processes? Is the software design process documented? How can the company stay updated on security vulnerabilities? Is awareness of these vulnerabilities being factored into the production process[v]?
To best answer these questions, there are several principles that a cold chain company should follow. First, a company should develop its defenses as if it will inevitably be breached. There must also be awareness that cybersecurity extends beyond technology and is affected by personnel knowledge and company processes. Finally, there should be no gap between cybersecurity and physical security[vi].
October is Cybersecurity Awareness Month
The month of October is Cybersecurity Awareness Month, established by the Cybersecurity & Infrastructure Security Agency (CISA)[vii]. This year, CISA is focusing on how personal accountability is an essential part of cybersecurity in a business. This accountability can be defined as an individual entrusted with cybersecurity tasks, a property that ensures cybersecurity actions, or an overall objective that generates cybersecurity requirements[viii].
CISA also emphasizes that cybersecurity can be implemented for any company of any size. For this, they provide a roadmap with four essential tiers. The first tier covers the fundamentals of communicating the importance of cybersecurity and following basic best practices. The second tier involves program implementation and risk management integration. Third, a company should evaluate its cybersecurity capabilities and have forums to gain further insights. Finally, staff must be trained on how to respond to cybersecurity incidents and defense technologies must be utilized[ix].
Cryopak’s Approach to Cybersecurity
Jennifer Hutton, Director of Information Technology for Cryopak’s parent company Integreon Global, offers an in-depth look at how the organization addresses cybersecurity. “We have the unique situation of being 4 separate companies under the Integreon umbrella: Cryopak, DDL, Launchworks and NexKemia. Creating a centralized network that provides a more secure environment for all four of these companies was one of our earliest challenges. We now offer features which include endpoint protection; single sign-on passwords for employees; beefed up email security and reporting on any security breaches. We also have a new cybersecurity learning program that will come with an intense bootcamp portion for undereducated employees.”
Added Mark Barakat, General Manager of Cryopak, “We are making great strides on continually investing in technology and improving our IT infrastructure. While we have learned that no systems are immune from a cyber attack, we believe that awareness and education for our employees is crucial. The events being planned for October are important building blocks in our company’s growth as we strive to educate our employees that cybersecurity isn’t just IT’s responsibility it’s everyone’s responsibility.”
Cryopak, a subsidiary of Integreon Global, manufactures items for temperature-sensitive shipping needs, including insulated shipping containers, gel packs, phase change materials and temperature monitoring devices. We also offer package design and testing services in our ISTA-certified package testing lab through sister company, DDL. Our packaging engineers can help ensure that your products will arrive within the specified temperature range and undamaged from the hazards of distribution. With Cryopak, you can expect quality materials and superior service from an industry-leading team of experts whose primary goal is to protect the integrity of your products. Serving companies in the pharmaceutical, life science, biotech, food and electronics industries, our company is headquartered in Edison, New Jersey and Montreal, Quebec, Canada with locations throughout the United States, Canada, and France to serve clients across the globe.
About Integreon Global
The four companies that make up the pillars of Integreon Global are Cryopak, DDL, LaunchWorks and NexKemia. Each company alone offers a unique set of services that are critical components in our customer’s supply chain (cold chain packaging and temperature monitoring solutions, packaging, product and materials testing, contract manufacturing, and EPS resin manufacturing). Together, they provide complete end-to-end protection ensuring that the integrity of our clients’ products is maintained. For more information, visit www.integreonglobal.com
Drees, Jackie. “Cyberattacks on COVID-19 vaccine supply chain much larger than initially thought, IBM says.” Becker’s Hospital Review, 30 April 2021, https://www.beckershospitalreview.com/cybersecurity/cyberattacks-on-covid-19-vaccine-supply-chain-much-larger-than-initially-thought-ibm-says.html
[ii]Caine, Chris & Craig Moss. “Supply Chains: The Growing Target of Cyber Attacks.” Supply Chain Management Review, 25 May 2021, https://www.scmr.com/article/supply_chains_the_growing_target_of_cyber_attacks
[iii] “The Risk of Supply Chain Cybersecurity Threats.” Certitude Security, 30 March 2020, https://www.certitudesecurity.com/blog/analysis-and-assessments/the-risk-of-supply-chain-cybersecurity-threats/
[iv] Associated Press. “Explainer: Ransomware and its role in supply chain attacks.” ABC News, 3 July 2021, https://abcnews.go.com/Technology/wireStory/explainer-ransomware-role-supply-chain-attacks-78651239
[v] Best Practices in Cyber Supply Chain Risk Management. National Institute of Standards and Technology, https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/briefings/Workshop-Brief-on-Cyber-Supply-Chain-Best-Practices.pdf
[vi] Best Practices in Cyber Supply Chain Risk Management. National Institute of Standards and Technology, https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/briefings/Workshop-Brief-on-Cyber-Supply-Chain-Best-Practices.pdf
[vii] Cybersecurity Awareness Month. Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/national-cyber-security-awareness-month
[viii] Computer Security Resource Center. National Institute of Standards and Technology, https://csrc.nist.gov/glossary/term/accountability
[ix] Cybersecurity Resources Road Map. Department of Homeland Security, 27 July 2018, https://us-cert.cisa.gov/sites/default/files/c3vp/smb/DHS-SMB-Road-Map.pdf