b'MAY 15 - JUNE 25, 2023CYBER SECURITY 35(RISKcontinued fromtoreduceasystemsattacktionsshouldalsobeawareactors.Closingvulnerableareshippedandwherethe page 34) surface. One is to examine net- thatattackers,whichincludegapsrequirestoolsthatgohuman fits into the process. software company. work usage reports and to lockcriminalgangsaswellasdeepintomultipletiersofInaMarch21starticle Over two-thirds of busi- down areas where unauthorizedadversarial governments, oftensuppliersnotjusttotheintheAJOT.com,James nessleadersfeelthattheirorunusualtrafficwasfound.seek to threaten industrial con- thirdpartybutalsototheCoombes,chiefexecutive cybersecurityrisksareAnotherinvolvesenforc- trol systems and other relatedfourth,fifth,andfurthertoofficerandco-founderof increasing,accordingtoaingpasswordbestpractices,operational technology. Secur- theendtier,togaugecyberfreightplatformRaft,com-recentsurveyconductedbyincluding,crucially,ensuringing threats to control systemssecurity risks exposed in ven- mentedThisisaunique Exiger and Stax Consulting,that employees who have leftbecame a priority for the Whitedorsandserviceproviders,moment in time where auto-and cyber vulnerabilities nowan organization no longer haveHousein2021,whenPresi- Kolaskyexplained.Thismation technology is finally represent the top risk concernaccess credentials.dentJoeBidendeclaredthatinsight, coupled with securityat a place where it can impact forsupply-chainmanagers.A vulnerability that is oftenthedegradation,destruction,controls,incidentresponses,thetraditionallyhuman-cen-Eighty-sixpercentofsup- overlooked involves the host- or malfunction of systems thatandsecuritypracticeshelptricoperationsofafreight ply-chain cyber breaches areingonsystemsofexcessivecontrol this infrastructure couldtoidentifyandmitigate anyforwarder.Adding,The financially driven, the Exigerand unneeded third-party apps,causesignificantharmtotheissues before they cause toofutureoffreightforwarding research showed, while 10%which are often risky and rep- national and economic securitymuch damage. relies on human expertise aug-representedsomeformofresent a potential entry pointof the United States.mentedbytechnologyand espionage.forbadactorsbecausetheirThosekindsofattacks,Ai applications, putting auto-There have been severalsourcecodeiswidelyavail- Kolaskyagreed,cancause(DIGITALcontinued frommationandtransparencyup examplesofsupply-chainable. Its also worth noting thatsome real harm. Understand- page 34) front and center.cyber-attacks in recent years,attacksurfacescanincludeingrisksintroducedintois Ai, not all Ai is MachineWiththeapplicationof includinglastyear,whenphysicalaccesspoints,suchsupply chains through indus- LearningwhichintheAitoshippingdata,where MicrosoftExchangeServer,as server rooms and data cen- trial control systems in sup- caseofthesupplychainisthe supply chain begins, and anemail,scheduling,andters,andhumanvulnerabili- pliers and service providers isimportanttorecognizeaswhereitendsorinturn, collaborationplatform,wastiessuchaswhenhackerscrucial in achieving enhancedmost of what is referred to asbeginsagain,couldbeas found to have unpatched vul- convince users to share theircyber security.Ai in the supply chain is ML.bigachangefortheindus-nerabilities,impactingthou- credentials using social engi- Thats why, he says, itsNonetheless,theapplicationtry as the introduction of the sandsofenterprisesdirectlyneering techniques.importanttostayseveralof ML in the supply chain iscontainershippingoversix andmillionsindirectlyandSupply-chainorganiza- stepsaheadofmaliciousforeveralteringhowthingsdecades ago.allowingattackerstoinfil-trate servers and steal data. A similarly unpatched vulnera-bility in Log4j, a widely-used Java logging framework, was discoveredin2021,affect-ing 93% of enterprise cloud environments.Thevulner-abilityallowedattackersto craft malicious input data that resulted in information leaks.InDecember2020,Solar-Winds,amajorsupplierof enterprise software, was compro-mised when attackers inserted malicious code into software updates, which were pushed outtousers,allowingtheRaising capacity. Lowering temperatures. attackerstogainaccessto customerinformation.That samemonth,acyber-attack compromisedAccellionsfile- Exceeding expectations.sharingsoftware,alsoallow-ingtheattackerstoaccess sensitive user information.According to Kolasky, the keyfirststepthatorganiza-tions can take to protect their supply chains from cyber secu-rity threats is to understand the types of risks that adversaries are targeting. One of the mainBleed Size:Close Date: ways that adversaries can gain access to networks and infor-mation is by exploiting vulner-Lowering Temperatures American Journal of Transportation Half Page 8x 10 .125 12/09/22abilities in the attack surface, hesaid.Anattacksurface, accordingtotheComputer SecurityResourceCenter,is the set of points on the bound-ary of a system, a system ele- Title: Pub: Trim Size:Job #: Colors: ment, or an environment where anattackercantrytoenter, cause an effect on, or extractWelcome to done.-NCP_LoweringTemperatures_AJOT_8x10_k1data from.MinimizingtheattackIce cold. And blazing fast. Thats NC Ports. Were known for having the best turn times on the East Coast. surface is crucial to protect- We also simplify logistics, reduce shipping headaches and create customized solutions that make ing organizations from cyberthings happen. In the world of cold chain, we power possibilities. And were just warming up.supply-chainattacks,said Kolasky.ByunderstandingNC Ports 20077 InDesign CC 4C 800.213.4430 // NCPorts.com20077the attack surface, organiza-tions can work to patchFile Name:Client:vul-App: nerabilitiesthatanattacker couldexploitwhichpresentan undue risk to the system, makingitmoredifficultfor adversaries to find a way in.C yBeRS afet eChniqueSThereareseveraltech-niques that can be put to use 22055_20077-NCP_LoweringTemperatures_AJOT_8x10_k1.indd 1 11/12/22 10:56 AM'