The transport sector in the UK is a vast interconnected network, and only becoming more so with the introduction of new technology. However, despite its growing sophistication, the sector is plagued by constant delays, cancellations, strikes, and at times, seems to be struggling under the weight of its own infrastructure. Alongside these issues, sector professionals need to better understand this landscape, constantly evaluating their security procedures to protect against a huge range of ever-changing potential threats – both cyber and physical.
How can the transport sector protect against a growing range of threats?
Malware attacks are increasing exponentially across all sectors and have had a catastrophic effect on an organisation’s ability to carry out normal operations. The WannaCry attack that locked down the NHS’s outdated IT systems really brought the concept of a cyber-attack into tangible focus – patient data was inaccessible to staff for days and the NHS was forced to spend £92 million on repairs. Never has it been more apparent that thorough cybersecurity measures are a must. WannaCry also raised wider concerns about security procedures in similar organisations that are part of the country’s critical infrastructure. A large part of the transport network is publically funded, like the NHS, leading to financial restrictions – which can often result in lax security practices. That being said, the transport sector has gotten off relatively lightly, with fewer incidents on a disastrous scale.
The size and customer through-put of these large organisations, perhaps more than any other sector, results in lot of potential targets. Notably, British Airways was hit by a cyberattack in 2018 which saw 380,000 customer card details compromised by hackers. Airlines seem to be the favoured industry for cyber criminals, with Forbes recently revealing that cyberattacks aimed at airlines have risen 15,000% from 2017 to 2018.
Physical security in transport has always been a high priority, with terrorist and criminal behaviors capable of causing immeasurable damage. Even incidents intended to disrupt, not cause harm, like the Gatwick drone attack shows that any breach can still cause huge monetary damage to a business, its supply chain and its customers – with Gatwick airport and the airlines that operate within it reportedly losing tens of millions of pounds. Organisations must be prepared for any eventuality and have counter-measures in place to combat against emerging tech. One thing is clear, whatever the threat, cyber or physical – the stakes in the industry are incredibly high.
Quality is the name of the game
Say Communications recently put together ‘The State of Trust in Security Companies Barometer’ from a range of industries (transport, financial services, education, health, retail and leisure, utilities and infrastructure) and job roles to find out what decision-makers look at when choosing a new security provider, and their motivations for purchase. Below are some of the key take-outs:
The transport sector has the one of most varied range of assets to protect, from its passengers to its stations. The London Underground alone has five million travellers a day, if the system which manages the signaling was compromised, even for a day, it would bring the city to a standstill. Resultantly, our study revealed the transport sector as one of the most concerned with a security solution’s quality. Secondary to quality, the sector was also focused on whether or not a vendor was compliant with industry standards. Interestingly, cost was still an important concern but less so than industry compliance and a products proven ability to function in a mission critical regulated environment.
Media coverage seemed to generally be a polarising topic across the industries that we covered in our security report, but transport decision-makers are more likely to take coverage into consideration when choosing a vendor than others. Thirty-nine percent of respondents said they’d factor in national coverage and 43% said the same for trade media – well above the average of other industries: 25% and 37% respectively. However, while sector professionals pay attention to traditional media they are generally distrustful of social media, online forums of discussion and advertising.
Key takeaways for security vendors
The importance of effective security, especially cyber, to the transport industry has never been greater. Technology has brought rapid digital transformation to all aspects of business, these digitised and connected networks create more targets for cyber criminals than ever – but this connectivity also means that when cyber-attacks are successful they can be more severe. The key takeaway for security vendors is that quality, and the ability to demonstrate it, is key to securing a sale; vendors need to use a combination of trade, channel and national media, alongside content marketing to show off a versatile product that can operate in a strenuous environment.