Don’t Let OT Hackers Spoil Your Holiday

Daniel Bren -
Don’t Let OT Hackers Spoil Your Holiday
Illustration: © IoT For All

Online business has been booming since the start of the Covid-19 pandemic, and holiday retail sales are projected to increase between 4 percent and 6 percent this year. Manufacturers, logistics companies, and retail giants like Walmart face extraordinary pressures to meet customers’ online demands and maintain zero downtime while ensuring warehouse security from threats including OT hackers.

These factors have compelled many to invest in automated logistics and smart warehouse technologies that are known to be more efficient than individual workers performing the same tasks. For example, a new Amazon robot can reportedly handle 1,000 items per hour. As such, digital transformation has accelerated and delivered rapid advancements in digital supply chain logistics, warehouse components, and tools. 

The Cyber Risks of Digitalization

Unfortunately, all of this modernization has led to greater complexity from geographically distributed warehouses as a critical element of supply chain logistics, as well as multi-vendor and multi-generation technology opening vulnerabilities in an increasingly dynamic threat landscape. As SLAs and ROIs are key drivers in smart warehouse operations, everything is connected; air gapping is no longer a feasible approach. And this makes it extremely challenging for teams to continuously map and understand their security posture.

Threat actors have identified this reality as a low-hanging, lucrative market; they continually search for new ways to find and exploit security vulnerabilities and disturb supply chain operations. Hackers have already carried out successful cyberattacks against some of the world’s largest smart logistics and freight forwarding companies. In some cases, operations had to be halted, resulting in disruption, downtime, financial losses, and regulatory disclosures to shareholders.

In December 2021, Germany-based Hellman Worldwide Logistics, which has hundreds of offices and operates in 173 countries, was hit by a cyber attack that forced it to shut down its IT. The company’s refusal to pay the ransomware demand resulted in a leak of 70.64GB of documents, credentials, correspondence, agreements, orders, etc.  

For another example, Expeditors, a Seattle-based global logistics company with more than 350 locations across 100 countries, was hit by a targeted cyber-attack earlier this year that disrupted its global operating systems. The attack ultimately caused $60 million in damages.

The Inherent Cyber Risks of Warehouse Management Systems

Smart logistics and warehouse companies rely upon integrators to streamline warehouse management systems (WMS) for their operations. A WMS is a software solution that provides visibility into the company’s inventory and manages supply chain fulfillment operations all the way from the distribution center to the store shelf.  It is a must-have in today’s digital age.

However, integrators face several challenges that can create security gaps, including:

  • Ensuring seamless communication between the WMS and multiple technologies
  • Overcoming cybersecurity skill gaps: IT and operations teams are experts at building smart logistics systems and managing their enormous databases but face challenges identifying digital assets prioritizing risks appropriately and lack vulnerability management skills
  • Ensuring reliable and efficient operations: Downtime and network delays result in lost revenue, impact supply chain security, and can affect brand integrity

Ensuring the Security of Smart Warehouses

The goal of the business is to achieve zero downtime and ensure that robotic automation and procedures work seamlessly and reliably. This makes it a far better strategy to proactively assess, manage, and mitigate cyber risks than to react only after attacks have already happened. 

Whether you are a smart logistics integrator, WMS vendor, or smart warehouse vendor, you must lay a foundation for securing your operations. Here are my top recommendations:

  • Maintain central continuous visibility of digital assets in monitored warehouses. This is key to closing cybersecurity gaps, exposures, and vulnerabilities. Visibility is not only asset inventory and vulnerabilities, as it also includes visibility over unsecured communication such as unencrypted traffic between the assets at the warehouse.  
  • Make sure that management systems of IoT devices are patched and protected with complex passwords.
  • Assess and identify network segmentation gaps. Smart warehouse networks should be divided into VLANS, and the communication between processes should be passed through a firewall. Moreover, the Firewall policy should be reviewed carefully to make sure that the allowed connection between the environment and the IT/Internet is properly hardened. 
  • Process data internally while providing controlled visibility for customers.
  • Continuously analyze risks that can impact security controls and industrial systems to ensure that the OT driving the warehouse’s functions securely and reliably 24/7.


To ensure a smooth flow of goods and prepare for this year’s holiday peak season, organizations should optimize warehouse operations for speed, efficiency, accuracy, and cybersecurity. Using these strategies to streamline smart warehouse environments will ensure peace of mind from attacks, even during the peak holiday season demand. 

As an added bonus, these operational changes translate into a first-rate customer experience, which fosters brand loyalty, generates positive customer feedback, helps grow the business, and improves the bottom line long after the holiday rush has passed.

Daniel Bren - Co-Founder & CEO, OTORIO

Guest Writer
Guest Writer
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.