Air Cargo Newsdesk

hacking

How airfreight can avert that hacking cough syndrome

AIR transport businesses are facing an unprecedented cyber crisis, as ever-inventive hackers calmly crash into their innermost secrets, writes Thelma Etim.

Forwarders, airlines, truckers, brokers, handlers and airports around the air transport world are all unknowingly staring at an undefended and often undetectable conflict against pernicious website hackers, a cybersecurity expert warns.

Tayo Dada, founder and chief executive of blockchain-powered cybersecurity services company Uncloak

“For every paid ‘white-hat’ ethical hacker [specialist, legitimate hackers strategically employed by a corporation to uncover vulnerabilities in their software] there are 10 ‘black-hat’ malicious hackers out there who are highly motivated and prey on businesses with poor security controls,” insists UK-based Tayo Dada (below, right), who successfully hacked into Citibank, Lloyds of London and went on to establish auditor KPMG’s first ethical hacking division.

The international transport business is equally exposed to this industrial plague.

2018 saw a dramatic rise in the number of companies from a variety of industries, including the air transport sector, succumbing to immense data breachesMajor air cargo carriers Cathay Pacific Airways, British Airways parent International Airlines Group (IAG), Alaska Airlines and Delta Airlines were among a string of big businesses which found themselves ignorantly drawn into the horrors of a hacking storm.

Two large-scale data breaches put down to hacking

But it was Hong Kong flagship carrier Cathay which arguably suffered the worst blow to its reputation as news reports revealed the company deliberately waited several months before it revealed the large-scale data breach involving 9.4 million of its customers’ personal details – including data containing customer names, passport numbers, ID numbers, travel history and credit card numbers.

IAG’s cyberattack affected 244,000 payments cards, with the names, billing and e-mail addresses, debit and credit card numbers, expiration dates and CVV security codes of some customers all being exposed by criminals.

Yet the majority of industrial hacks have gone unreported, as companies try to screen their embarrassment.

Commenting on IAG’s data breach, cybersecurity expert Dada states: “It was actually a very clever hack that allowed a hacker to plant a piece of rogue software that then redirected legitimate website users to another website from which their credit details were then stolen.”

Dada, who is founder and chief executive of blockchain-powered cybersecurity services company Uncloak, believes there are measures the airline could have taken to prevent the hackers entering. “British Airways could have checked on a daily basis to see if its website code had changed, especially given the amount of web traffic they are accustomed to,” he asserts.

“There is a chance that BA may not have been performing enough regular security checks on the site, which would have spotted if malicious code was indeed being uploaded.”

So, what can air transport companies do to avoid similar hacking breaches? “The most important thing would be regular stringent security checks, checking all the lines of code to ensure that it has not been manipulated,” he advises.

Dada also recommends companies hire a so-called ‘white-hat’ specialist to scrutinise their software and unearth vulnerabilities. This would give them more than a fighting chance against cybercrime.

He also believes this move will, for some people, make white-hat hacking “a more attractive career path than going down the black-hat malicious hacking route.”

“Businesses today face the challenge of harnessing hacking talent in a positive way,” Dada concludes.

Below is a list of eight security measures Dada says air cargo business should immediately implement:

  • Employ effective passwords
  • Use good [quality] antiviral products
  • Use cryptography
  • Have workable firewalls
  • Create a backup system
  • Regularly audit and monitor systems and networks
  • Organise in-house training and awareness programmes
  • Regularly test website security

Read more stories about cybersecurity here

Have your say