Exclusive: Logistics firms face rising OT cyber threats amid global tensions
According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern.
"There's two key reasons nation states do this," he explained during a recent interview with TechDay.
"One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains."
These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely.
"A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains."
In some cases, tactics have extended to disrupting weapons infrastructure, such as drones.
"When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained.
Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said.
"In OT, even a minor change can disrupt operations, so remediation needs to be more targeted."
Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said.
"That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks."
Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS).
Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million.
These costs were largely driven by lost revenue, recovery expenses, and employee overtime.
"It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said.
Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising."
Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said.
He added that one of the most pressing vulnerabilities is the level of remote access in these environments.
"We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security."
Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier.
Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment.
Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said.
Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring."
A cyber attack on Denmark's power grid in 2023 served as a wake-up call.
"One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists."
While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity.
"It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity."
He drew a sharp distinction between cyber criminals and state-backed actors.
"Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game."
Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said.
"My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike."
For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility.
"Most people I speak to admit they don't know 100% what's out there or how it's connected," he said.
"Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure."
There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months.
Still, Poggioli said complacency is not an option.
"If you don't know how big the problem is, you won't know how to solve it," he said.
"Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
7 hours ago
- Techday NZ
Firebolt opens Singapore hub to boost data & AI in APAC
Firebolt has announced the establishment of a new regional hub in Singapore to support growth and demand for data and AI initiatives across the Asia Pacific region. The new Singapore hub will serve a diverse customer base, including Fortune 500 companies, and is designed to support engineering teams managing analytics and artificial intelligence (AI) workloads. This expansion is a response to increasing demand for analytical infrastructure that can support large-scale, real-time applications throughout the region. Leadership appointment Central to this regional expansion is the appointment of Deepak Ajmani as Head of Asia & ANZ. Ajmani brings over two decades of technology industry experience, having previously held leadership positions at Oracle, Dell, Google, and, most recently, serving as Vice President of A/NZ & Emerging Markets at Confluent. He is recognised for his expertise in enterprise data and cloud strategies and for building go-to-market teams across Asia Pacific. "Organisations across APAC are pushing the limits of analytics and AI workloads," said Deepak Ajmani. "Firebolt's ability to process massive volumes of data at low latency and high concurrency - all while optimising for cost - is a game-changer. I'm excited to partner with forward-thinking companies across the region to unlock new possibilities with Firebolt." Ajmani's appointment is expected to help Firebolt accelerate its growth in key sectors such as financial services, eCommerce, and technology, strengthening the company's capacity to meet the specific needs of the region's organisations. Technical characteristics Firebolt's platform is designed for engineers operating mission-critical analytics and AI workloads, with a focus on price and performance. Using Postgres SQL compatibility and native Iceberg support, the system allows for low-latency analytics, scalable batch extract-load-transform (ELT), and handling of AI workloads. Current market context Firebolt's expansion to Singapore takes place in the context of heightened investment in AI-driven analytics, cloud infrastructure, and data platforms optimised for cost. The company has reported that demand in the Asia Pacific is growing at a faster rate than in any other region where it operates. Earlier in the year, Firebolt also began operations in Bangalore and has since made a number of executive appointments. "We're seeing demand in APAC accelerate faster than in any other market we've entered," said Sandeep Mathur, Managing Director of APAC. "With Deepak joining the team, we're well-positioned to meet the region's surging need for analytical infrastructure that can power the next generation of real-time applications." Firebolt reports that its technology offers low-latency, high concurrency, and AI-ready capabilities for a range of enterprises, addressing the need for efficient and scalable analytical processing as organisations continue to invest in digital transformation initiatives. Strategic direction In discussing the company's mission, Hemanth Vedagarbha, President at Firebolt, highlighted the focus on performance and flexibility for engineers using analytical databases. "Our mission is to give engineers an analytical database that delivers unmatched performance, flexibility, and control," added Hemanth Vedagarbha, President at Firebolt. "Deepak's track record in scaling high-performing businesses and teams will be instrumental as we enter our next phase of growth, ensuring we deliver greater efficiency and value across the region." Firebolt's ongoing presence in the Asia Pacific is intended to enable businesses in a variety of industries to manage high-volume data workloads efficiently, particularly as AI adoption continues to grow.
Techday NZ
11 hours ago
- Techday NZ
Jen Easterly joins Huntress Strategic Advisory Board for AI focus
Huntress has appointed former CISA Director Jen Easterly to its Strategic Advisory Board, marking her first private-sector position since leaving government. Easterly previously led the US Cybersecurity and Infrastructure Security Agency (CISA), where she initiated programs such as Secure by Design and the Joint Cyber Defence Collaborative (JCDC). Prior to CISA, her career has included positions at Morgan Stanley, the US Army, the White House, and the National Security Agency (NSA). In joining Huntress, Easterly will provide advisory leadership as the company expands into AI-driven cybersecurity amid increased media scrutiny surrounding her recent career moves. Huntress, now valued at USD $1.5 billion, has recently grown its operations and capabilities, including embarking on a partnership with Microsoft and investing in further developing its cybersecurity platform. The company's focus remains on using technology to support under-resourced organisations confronting advanced cyber threats. Huntress Chief Executive Officer Kyle Hanslovan said the appointment came at a significant moment for the organisation. "It's an honor to welcome Jen to our Strategic Advisory Board. She's arguably the single most transformative US government cybersecurity leader of our time, and her work at CISA set the gold standard for making critical resources accessible to the masses, not just the big players. She's joining Huntress at a time of hyper-growth, hot off the heels of a major collaboration with Microsoft and a bold expansion of our cybersecurity platform, and I'm hyped up over the passion she brings to our mission. Expect to see us leveraging her expertise to experiment with exciting new ways to harness our threat intelligence, augment our SOC experts with AI, and strengthen our partnerships throughout the industry," said Kyle Hanslovan, CEO of Huntress. Easterly's new role will involve bridging the gap for businesses that do not have the time, technical resources, or expertise to manage cybersecurity risk. She will work directly with Huntress to transform unique threat data from its extensive client base into practical intelligence, aiming to support the broader cybersecurity sector with actionable insights and regular reporting. Easterly is also expected to use her expertise and relationships to improve outreach to underrepresented communities and to develop new partnerships aligned with the company's mission to broaden accessibility in cybersecurity. Describing her decision to join Huntress, Easterly said the company's mission and technical abilities were differentiating factors. "I've worked with countless organisations over the years, but Huntress stood out for its exceptional leadership, technical prowess, and unwavering commitment to a mission that truly matters. The challenges we face today are stark. Cybercrime is outpacing the growth of most U.S. businesses, state-sponsored actors are relentlessly targeting critical infrastructure, and threat actors are continually evolving their tactics. Keeping pace with these threats will require dedicated efforts to build strong community partnerships and elevate collective knowledge. That's why I'm excited to join Huntress to disrupt threat actors in bold, innovative ways and make a real, measurable impact on our community," said Jen Easterly, Advisory Board member. Easterly's move to Huntress follows attention around her withdrawal from a West Point post, with her choice of a private-sector security firm drawing industry and media attention. The role will see her focus on shaping how Huntress integrates artificial intelligence into its security operations centre (SOC) activities and its approach to industry threat intelligence. Her experience at the intersection of government, defence, and private sector cybersecurity will play a direct role in the company's growth strategy, especially as it seeks to support smaller organisations facing the same level of cyber risk as larger enterprises. Huntress expects Easterly's guidance to reinforce its goal to make security resources more accessible and to drive the use of new technology to improve defences across the board. Follow us on: Share on:
Techday NZ
a day ago
- Techday NZ
Alok Garodia joins FLOW as Chief Financial Officer to drive growth
FLOW Digital Infrastructure has appointed Alok Garodia as Chief Financial Officer, bringing more than two decades of financial leadership experience to its management team. Mr. Garodia assumes the role with immediate effect, having previously served as Chief Financial Officer at Prime Venture Partners, a global venture capital fund. During his career, Mr. Garodia has also held senior financial positions at internationally recognised companies such as Nokia, Nike and Lenovo. His background as a Chartered Accountant and his experience span numerous sectors and geographies, with an emphasis on financial strategy, operational efficiency, and growth management across the Asia Pacific region. The appointment was confirmed by Sanjay Goel, Chief Executive Officer of FLOW. Mr. Goel commented on the arrival of Mr. Garodia, stating: We are delighted to welcome Alok to our leadership team. His vision and strategic financial leadership will be instrumental in contributing to FLOW's growth ambitions and strengthening our position as a top-tier digital infrastructure provider in Asia Pacific. With Alok's track record, we are confident our finance function will elevate operational excellence to support sustainable value creation. FLOW Digital Infrastructure is a developer and operator of data centres in Asia Pacific. The firm, whose digital infrastructure platform is supported by PAG, an alternative investment management company focused on the Asia Pacific region, has been expanding its presence and operations since being founded in 2021. PAG manages over USD $55 billion in assets under management and has investments across private equity, real assets, and credit and markets businesses. Alongside Mr. Garodia's appointment, FLOW has made recent investments in its senior leadership, with Sanjay Goel appointed as Chief Executive Officer, Andrew Oon as Chief Commercial Officer, and Onno Reijgersberg as Chief Business Operations Officer. These moves are part of FLOW's efforts to accelerate its current expansion and the next phase of its organisational growth. The company recently made public the build-out of a new data centre in the Central Tokyo area, reflecting its commitment to expanding data centre capacity in key regional markets. FLOW's portfolio now includes eleven assets located across Japan, Korea, Philippines and Malaysia, with more than 170MW of current and planned IT capacity. FLOW's business model involves investment in, development and operation of hyperscale, cloud and enterprise data centres, primarily targeting high-growth markets in Asia Pacific. The organisation's infrastructure solutions cover a range of mission-critical requirements for both core and edge computing requirements. PAG, FLOW's parent company, has more than 790 employees working in 15 key offices globally, and provides FLOW with significant capital backing. The company's real assets strategy includes an existing portfolio of data centre assets, which align with FLOW's operational focus and regional market presence. The leadership changes and new appointments are set against the backdrop of a rapidly evolving digital infrastructure landscape across Asia Pacific, with FLOW positioning itself to respond to growing demand for hyperscale data centre services from businesses and cloud providers.
