Exclusive: Logistics firms face rising OT cyber threats amid global tensions
Cyber attackers are increasingly targeting logistics and supply chain networks, aiming to destabilise nations and gain strategic leverage without ever crossing a border.
According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern.
"There's two key reasons nation states do this," he explained during a recent interview with TechDay.
"One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains."
These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely.
"A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains."
In some cases, tactics have extended to disrupting weapons infrastructure, such as drones.
"When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained.
Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said.
"In OT, even a minor change can disrupt operations, so remediation needs to be more targeted."
Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said.
"That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks."
Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS).
Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million.
These costs were largely driven by lost revenue, recovery expenses, and employee overtime.
"It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said.
Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising."
Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said.
He added that one of the most pressing vulnerabilities is the level of remote access in these environments.
"We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security."
Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier.
Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment.
Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said.
Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring."
A cyber attack on Denmark's power grid in 2023 served as a wake-up call.
"One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists."
While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity.
"It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity."
He drew a sharp distinction between cyber criminals and state-backed actors.
"Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game."
Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said.
"My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike."
For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility.
"Most people I speak to admit they don't know 100% what's out there or how it's connected," he said.
"Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure."
There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months.
Still, Poggioli said complacency is not an option.
"If you don't know how big the problem is, you won't know how to solve it," he said.
"Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
14 hours ago
- Techday NZ
Exclusive: Logistics firms face rising OT cyber threats amid global tensions
Cyber attackers are increasingly targeting logistics and supply chain networks, aiming to destabilise nations and gain strategic leverage without ever crossing a border. According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern. "There's two key reasons nation states do this," he explained during a recent interview with TechDay. "One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains." These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely. "A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains." In some cases, tactics have extended to disrupting weapons infrastructure, such as drones. "When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained. Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said. "In OT, even a minor change can disrupt operations, so remediation needs to be more targeted." Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said. "That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks." Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS). Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million. These costs were largely driven by lost revenue, recovery expenses, and employee overtime. "It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said. Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising." Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said. He added that one of the most pressing vulnerabilities is the level of remote access in these environments. "We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security." Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier. Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment. Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said. Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring." A cyber attack on Denmark's power grid in 2023 served as a wake-up call. "One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists." While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity. "It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity." He drew a sharp distinction between cyber criminals and state-backed actors. "Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game." Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said. "My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike." For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility. "Most people I speak to admit they don't know 100% what's out there or how it's connected," he said. "Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure." There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months. Still, Poggioli said complacency is not an option. "If you don't know how big the problem is, you won't know how to solve it," he said. "Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."
Techday NZ
a day ago
- Techday NZ
Ian Tickle named Chief of Global Field Operations at Freshworks
Ian Tickle has been appointed as Chief of Global Field Operations at Freshworks, moving from his interim position to take on the role full-time. Tickle had previously held the role on an interim basis since early 2025, while also serving as Senior Vice President and General Manager of International Sales. He now assumes permanent responsibility for driving Freshworks' global field sales, focusing on both new business development and expanding relationships with existing customers. The company announced that Tickle, based in London, brings three decades of experience in global sales and enterprise software leadership. Prior to joining Freshworks a year ago, Tickle served in senior roles at Domo as President and Chief Revenue Officer, and at Oracle as Vice President EMEA, SaaS Solutions. His career has included extensive experience in scaling global sales operations, driving revenue growth in competitive markets, and leading transformation initiatives. The company highlighted his role in delivering results across international markets and supporting business expansions worldwide. Management view Dennis Woodside, Chief Executive Officer and President at Freshworks, commented on Tickle's appointment, noting the impact he has had since joining the company. "Since joining Freshworks, Ian has distinguished himself as a customer champion and exceptional leader, working across the organization to deliver results for our users, our teams, and our company. He's made a big impact in a short time, and I am excited to see this momentum continue under his leadership as demand for our uncomplicated IT and customer service software grows." Tickle was specifically noted for his influence on the company's financial performance in the first quarter of 2025. During this period, Freshworks posted a year-on-year revenue increase of 19%, reaching USD $196.3 million, with an operating cash flow margin of 30% and an adjusted free cash flow margin of 28%. Continued leadership In this new capacity, Tickle will continue to report directly to CEO Dennis Woodside and serve as part of the wider management team. The company stated that his London base allows him to maintain strong international ties and support global operations as part of Freshworks' ongoing expansion. Tickle outlined his plans for the new role and highlighted his initial focus since joining Freshworks. "I'm honoured to take on this role permanently and excited about the opportunities ahead for our global field operations. From day one, my focus has been on building a world-class team that partners across the business to deliver meaningful impact for our customers, our people, and the company. This new role gives me the opportunity to extend that impact more broadly, while staying deeply connected to the needs of our global markets," said Ian Tickle, Chief of Global Field Operations at Freshworks. Background Freshworks provides service software for both customer and employee experiences to more than 73,000 companies worldwide, including organisations such as Bridgestone, New Balance, S&P Global, and Sony Music. The company's solutions are used by businesses to improve service efficiency, employee productivity, and long-term customer loyalty. Tickle's work at Freshworks over the past year was noted for continued focus on customer outcomes and collaboration across different business areas. The appointment is intended to provide continuity and further the company's objectives for global growth and market expansion. Follow us on: Share on:
Techday NZ
2 days ago
- Techday NZ
Data diode market to reach USD $919.29 million by 2034
The data diode market is projected to reach USD $919.29 million by 2034, with a compound annual growth rate (CAGR) of 7.0% from 2025 to 2034, according to research by Polaris Market Research. Data diodes are specialised hardware devices that enforce a unidirectional flow of data between networks, typically from a secure internal network to a less secure external one. Unlike software-based gateways and firewalls, which can be susceptible to cyber threats, data diodes provide a physical layer of security, making them ideal for environments that require strict separation and regulatory compliance. Once largely employed within military and critical infrastructure environments, data diodes now see adoption across an increasing range of sectors, including finance, healthcare, manufacturing, and energy, where sensitive and mission-critical information must be robustly safeguarded. Market developments The Polaris Market Research report values the data diode market at USD $467.66 million in 2024 and projects growth to USD $919.29 million by 2034. SMEs are expected to experience heightened adoption of data diodes, as they too are now targets of cyberattacks that formerly affected primarily large enterprises. The Asia Pacific region is forecast to see pronounced growth, driven by ongoing industrialisation and escalating cyber risk. Multiple factors are expected to fuel wider adoption of data diodes. The report notes, "There has been a significant rise in ransomware attacks, cyber espionage, and nation-state threats targeting critical infrastructure. This has prompted organisations to actively seek solutions that offer zero-attack surfaces. Data diodes act as a physical barrier to unauthorised access, which effectively eliminates pathways for cyber intrusions into sensitive networks." The integration of operational technology (OT) with information technology (IT) through the Industrial Internet of Things (IIoT) also raises the risk of cyber vulnerabilities. According to the research, "Data diodes offer an effective way to transfer sensor data from OT systems to IT platforms without making the system vulnerable to backflow attacks." Furthermore, governments globally are enforcing tighter cybersecurity regulations, especially in industries such as finance, defence, and energy. The report notes, "Data diodes help entities comply with these regulations by preventing data tempering and ensuring secure audits." There is also a trend towards greater use in critical infrastructure sectors. The report highlights, "Data diodes are being increasingly deployed in power plants, water treatment facilities, and transportation networks to protect them from cyber threats. These devices ensure continued operations by preventing data leakage or malware infiltration while still enabling outbound communication." Data diode types and trends Data diodes come in various forms according to use case and integration requirements, including hardware-based, software-assisted, and virtual data diodes. Hardware-based data diodes employ physical limitations, such as optical fibres or digital circuits, to guarantee one-way transfer. This makes them resistant to hacking, malware, and configuration errors. Software-assisted diodes reinforce hardware controls with software layers to support a broader array of protocols and data formats. Virtual data diodes, intended for situations where physical separation is impractical, simulate one-way data flow but offer a lower security assurance compared to hardware-based alternatives. The study identifies several emerging trends in the sector. There is increasing miniaturisation of data diode units, leading to more portable and compact solutions suitable for mobile or small-scale applications. Modern units have become protocol-agnostic, supporting diverse industrial and IT protocols to facilitate broader network deployment. There is also enhanced integration with security operations centres (SOCs); data diodes are now used to securely transmit logs and alerts, shielding source systems from exposure. Cloud connectivity has become another focal area. With the proliferation of cloud adoption, manufacturers are working to ensure data diodes can provide safe outbound connectivity for the transfer of information to cloud services, permitting companies to make use of cloud analytics without increasing vulnerability to inbound threats. Regulatory and infrastructure considerations Regulatory compliance remains a crucial driver for data diode adoption, particularly in scenarios where information integrity and auditability are paramount. The physical enforcement of one-way data communication contributes to meeting stringent sector-specific requirements. The ongoing digital transformation across industries, with the convergence of OT and IT, increases the need for robust security controls. Data diodes are positioned to become integral in strategies to safeguard industrial operations and infrastructure from ever-evolving cyber threats. As the frequency and sophistication of cyberattacks increase, the demand for high-assurance network protection technologies like data diodes is gaining momentum. These devices offer unparalleled security through the physical enforcement of one-way communication, making them crucial for sectors that need high confidentiality and regulatory compliance. With ongoing advancements in protocol support and integration capabilities, the data diode market is poised to witness sustained growth in the coming years.
