Maybe you don’t know? Or are you just assuming you do? Well, you should know and it should be secure. We know from experience that often WMS security is not a priority. It is like an insurance; in the unfortunate case you need it, you are glad you have it. If you don’t have it, too bad… Security breaches can occur on different levels. They can be caused by outdated software and hardware, poor security and user protocols, but what about thieving staff, poor inventory control and third party employees such as drivers, delivery agents, and maintenance or IT techs?
1. Reliance on old software and hardwareIn most instances, the older your software and hardware, the greater the danger you face from cyber threats. Older systems may not support the latest upgrades, patches, or hardware specifically designed to increase security. For instance, your WMS security may rely on on-premise solutions. Because your company has to pay for the hardware installation, maintenance, upgrades, and replacements you’ve likely got a broad mix of technologies. Disparate infrastructure often needs to use the lowest common denominator technology, which could open you up to a wide variety of threats from the most sophisticated cyber intrusions to low-tech threats designed simply to bring your network down. For example many operations are still run on Windows XP/Windows CE platforms, an operating system Microsoft ceased to support in 2014…. We all know about the horror stories of randsomware crippling complete organisations and costing tons of money. To give you an idea if the severity of these kind of attacks, we list the top 3 of 2017 (who all happen to have pretty dramatic names emphasising the havoc they can cause…):
- NotPetya NotPetya started as a fake Ukranian tax software update, and went on to infect hundreds of thousands of computers in more than 100 countries over the course of just a few days. This ransomware is a variant of Petya, but uses the same exploit behind WannaCry. It hit a number of firms in the US and caused major financial damage: For example, the attack cost pharmaceutical giant Merck over a whopping $300 million in Q3 alone, and is on track to hit that amount again in Q4.
- WannaCry WannaCry (also known as WannaCrypt) has been one of the most devastating ransomware attacks in history, affecting several hundred thousand machines and crippling banks, law enforcement agencies, and other infrastructure. It was the first strain of ransomware to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block (SMB) protocol. Over 180 countries were affected by Wannacry resulting in an economic los of billions of euros.
- Locky Locky is currently the top payload in terms of ransomware and across all malware families, according to a report from security firm Proofpoint. While Locky was 2016’s most popular ransomware strain, new variants called Diablo and Lukitus also surfaced this year, using the same phishing email attack vector to initiate their exploits. (source: https://www.techrepublic.com/) And it does not end with the threat of ransomware. Not every warehouse management system’s security is the same, so your whole operation could be at risk on different levels. Now we are not a big American company trying to scare you, but protecting your company, staff, inventory, and facilities should always be a priority and this requires a robust WMS security protocol. In our years of experience we have seen it all and we know for a fact that there are systems on the market that are not keeping warehouses as safe as they could. On more than one occasion we had to get a company’s operation back online after a security breach, where every day of inactivity is money lost. A safer operation is also a more profitable organisation. Cloud WMS is one of the most cost-effective ways to introduce advanced security into your operations, and your fellow professionals believe that too. A growing percentage of enterprise companies consider the cloud to be more secure than legacy systems, as well as noting that it makes it easier to take further security measures like proper data encryption and ID access policies.