Tomáš Kotál, Senior Logistics and Distribution Manager Sony DADC
The continuing growth trend in online sales not only brings faster delivery speeds but also presents challenges beyond mere efficiency improvements. In today’s e-commerce environment, where outsourcing services to fulfilment centres is becoming the norm, it is crucial to consider the protection and handling of data transferred by clients alongside service requests. While outsourcing offers numerous benefits, including cost reduction and enhanced efficiency, it also introduces risks related to the security of sensitive information.
Protect sensitive data
When choosing a potential partner, entrepreneurs carefully consider various service factors, such as the geographical location of the centre, modern systems that provide comprehensive insight into inventory and order status, picking capacity that ensures smooth processing of individual orders, and, importantly, the cost. However, we often find that data and information security is neglected, even though it can be the most important part of the service. With outsourcing, we share with the service provider not only data on what, how much, and to whom we sell, but also a complete insight into the core of our business. Detailed data analysis clearly reveals specific demand in real-time, bestsellers, and their seasonality. Isn’t this data worth protecting?
Over the past decade, data leaks have become a major concern for everyone, including international corporations. These breaches, regardless of the market segment they affect, always have a drastic impact on both the reputation of the organization that failed to protect the data and its clients. The rise of phishing, ransomware, and social engineering, combined with the growing implementation of AI, continually raises the demands on every single link in the chain of interconnected processes that together form the provided service. Only service providers who are aware of these risks and possess sufficient expertise will be able to guarantee their clients secure data management in the near future. As in many other sectors, the entire security chain is only as strong as its weakest link. Many companies now find themselves just one click on a malicious link away from complete paralysis.
Cyber threats and their consequences
Today, we take the physical security of buildings for granted. Just as no one would think of providing services without sufficient software protection. But is acquiring the latest software really sufficient to consider our services secure? Surveys show that people tend to underestimate the risk of cybercrime and are often reassured by the belief that the IT department has ensured the necessary protection on the company computer. Let’s take a look at three examples of underestimated threats, which are among the most dangerous due to their simplicity.
1. Phishing, Malware, Ransomware
Although it may seem that there is no one left who does not know about these attacks, their risk has not decreased significantly. It is these simple attacks we face daily that really test the strength and defence capabilities of the targeted organization. Most of you probably recall the last primitive spam in your mail, such as “winning the lottery” where you only need to send a transaction fee, or a request “to pick up an undelivered package”. Who would click on something like that? Don’t be fooled; despite their apparent simplicity, these threats still pose a high risk. The strategy of these attacks lies in their quantity, together with the possibility that at the time you receive this email, you will be dealing with, for example, a delayed shipment. Then all it takes is a slight inattention to turn a primitive threat into a successful attack.
2. Default passwords on hardware
As in the previous case, this is not rocket science. Many successful attacks were possible simply because users and organizations underestimated the situation and did not take even the most basic steps to protect themselves and their infrastructure. Think about it, do you remember the login credentials for your home router? It’s okay; most people don’t. However, I have to ask again. Do you remember at least changing them from the default admin/admin? Did the technician who installed your router do it? The trend in the market is IoT (Internet of Things). With the growing number of such devices in the home network increases the need to have a well-configured first line of defence — the router that handles all communication with the outside world. Given the trend of working from home, this becomes an aspect that employers cannot afford to ignore.
3. Stolen passwords
Passwords receive a lot of attention, yet we still encounter users who refuse to use multiple strong passwords or, in the worst case, use passwords that were already stolen and are listed in databases shared among hackers on the “darknet.” A password serves as a unique key to the entire digital world and should be perceived as such.
Real-life case study
We all know the theory, so let’s look at a specific real-life situation involving phishing in practice, combined with social engineering. Most companies, in an effort to attract new customers, do everything they can to be visible on the internet. Thus, in addition to the necessary minimum, information that is not sensitive by itself may appear online. In various combinations, it can help hackers break into the organization. In our case, the hacker had basic publicly available data about the company and the name of one supplier. By emailing the reception desks of both companies, he also obtained contact information for a specific person in the purchasing department and the visual appearance of the correspondence. Based on this data, he faked a stylized email in which, posing as the supplier, he informed about a change in the bank account to which payments for delivered materials should be made. Since the targeted company had strong control mechanisms in place, this attempt failed for the attacker, as the request was verified with the supplier. Are you wondering how a similar attempt would turn out in your organization?
Choosing a provider
If you have to think about the answer, there is a high risk that a similar attack could succeed. And how would your partners fare? Is the level of cybersecurity a parameter you consider when choosing your suppliers? The question is, how can you even determine the level of cybersecurity? This area is not easily quantifiable and is generally viewed as being fine as long as there are no problems. The level of security can be indicated by the certifications that the surveyed organization has. Surprisingly reliable can be a simple question about what the company does to prevent cyber threats and ensure safe services for its clients. Besides standard references to the use of modern hardware with available security updates, firewalls, and strong password policies, the response from a potential provider, such as Sony DADC, should include a detailed methodology for employee training. Regular comprehensive training on security and information protection, equipping employees with knowledge about confidentiality, integrity, and availability of information in all work environments, whether in the office, in production, or working from home, should be a given. Simple yet critical processes, such as internal phishing penetration tests, where individual campaigns are evaluated and followed by personalized training, can often minimize these threats.
A similar situation can occur in the field of physical security, where various physical security certifications may be crucial. However, even in this case, it is fundamental to focus on employee training, especially in the area of protection against techniques such as tailgating and the correct handling of confidential information. After all, no one wants their sensitive data to end up in the regular trash can and become easily accessible. And think how easily all doors open for someone with a safety vest and a stepladder. Therefore, it is essential to train employees on these potentially overlooked threats that can have serious consequences for the organization’s security.
Conclusion
In conclusion, the protection of all data is an absolutely crucial aspect in today’s digital age, which should not be underestimated. Cyber threats such as phishing, malware, and ransomware are constantly evolving and becoming increasingly sophisticated. With the development of artificial intelligence, social engineering, which exploits human gullibility to obtain sensitive information, is becoming another significant risk. It is therefore essential that individuals and organizations take proactive measures to protect their data. Using strong passwords, regularly updating software, and educating yourself about cybersecurity are the foundations that we should not only accept, but also require. Only in this way can we face these threats and protect our values and those of our clients.
When choosing a potential partner, it is essential to always consider whether the available hardware, software and certifications really provide a sufficient level of protection for your data. While acquiring cutting-edge and powerful software and hardware is not difficult, gaining know-how in training employees and cultivating their good habits is a long-term process that requires careful attention and regular investment. This factor plays a key role in the overall information and cyber security of an organization. Thanks to our extensive experience with highly sensitive data from the entertainment industry, Sony DADC adheres to the most demanding standards. This commitment to excellence benefits our customers across all sectors.
***
