FIATA Seeks to Deter Cyberattacks in Freight Forwarding

Companies Need to Be Aware of Threats Because of the Large Amount of Data Stored in Systems, Executive Says
FIATA executives
FIATA executives Stephane Graber (from left), Ivan Petrov, Turgut Erkeskin and Jens Roemer at a news conference in Brussels during the FIATA World Congress. (FIATA International Federation of Freight Forwarders Associations)

[Stay on top of transportation news: Get TTNews in your inbox.]

A voice for global freight forwarders, FIATA executives stressed that small and medium-size companies must prepare for cybersecurity threats before and after attacks because of a rise in electronic data-sharing in the world’s growing interconnected supply chain.

Top executives from the Geneva-based International Federation of Freight Forwarders Associations (known as FIATA) addressed reporters Oct. 4 in person and virtually from Brussels during the 60th FIATA World Congress.

Attendants from 76 countries gathered Oct. 3-6 for “The Changing Climate of Logistics” event.

FIATA is a nongovernmental membership organization representing freight forwarders and logistics firms in 150 countries.

“In the discussion of digitalization, the elephant in the room is really about data ownership and the transfer of data (or access to data) by third parties and how this is secured for the companies that have to share data because the data is commercially sensitive,” FIATA Director General Stephane Graber said when asked virtually by Transport Topics about cybersecurity initiatives.

FIATA is a world leader with its electronic bill of lading, which incoming President Turgut Erkeskin (currently senior vice president) explained can be used as a single multimodal transport electronic document in the entire supply chain for traders, banking corporations and transport operators.

“It is very important that our members have awareness about possible cyberattacks to their systems because freight forwarders have a tremendous amount of data in their systems. This data is required to conduct their day-to-day business and even analyze their business and to be able to make forecasts in the future,” Erkeskin said, adding that freight forwarders should perform a risk assessment of their systems and seek ways to mitigate risks.

Containers at European port

Containers at a European port. FIATA's electronic bill of lading can be used as a single multimodal transport electronic document in the entire supply chain for traders, banking corporations and transport operators. (Global Shippers Forum)

FIATA has repeatedly alerted its members about cybersecurity threats this year. It plans to issue a revised document on best practices to prevent cybercrimes and hold training sessions, particularly for small and medium-size companies.

“Today the problem is everything is connected,” Graber said.

Hackers can also intrude on digital supply chains of larger freight forwarders and logistics firms by exploiting weaknesses in smaller companies and stealing customer data, financial records and transaction details to commit identity theft, financial fraud and other crimes.

“That’s also a way to enter your system through smaller companies that lack the same knowledge and capacity to defend themselves or to know about the best practices. It’s really [cybersecurity training] that we want to do with our members. A first step to give them some guidance, to explain to them what are the risks today and how they detect some risks and what are the best practices they can implement,” Graber said.

In March, FIATA warned members that the logistics industry is becoming more vulnerable to cyberattacks because of its increasing use of technology to optimize operations. Not only is confidential data at risk, but cyberattacks can also disrupt business operations, strain corporate finances and damage reputations with customers and suppliers.

Freight forwarders are urged to conduct regular risk assessments, implement strong password policies, train employees (managers included) on cybersecurity risks, back up critical data and invest in cybersecurity solutions.

“There is another element that is important. You cannot avoid or guarantee that you will not have any cyberattack,” Graber noted. “The problem is, how do you handle it? What should you do the day you are exposed to a cyberattack or cybercrime? It’s very important to be able to share best practices with our members to be ready to face the day when they are confronted with an incident.”

Before the gathering, FIATA issued an alert to warn members about sophisticated phishing emails to thwart hackers trying to masquerade as FIATA employees.

“Check the appearance and content of the communication carefully. Generally, you may notice subtle but noticeable differences to documents and emails such as misspelling, a blurred logo or one with slightly different colors; changes in the amount invoiced; changes in the method used to request payment; a different contact name or phone number for correspondence,” the alert warned.


What does it take to become the best technician in the country? Hear from two experts who supervised the exams at TMCSuperTech. Tune in above or by going to  

It suggested freight forwarders evaluate an email’s domain name to verify FIATA’s real email root address instead of merely relying on a sender’s displayed name. FIATA’s website lists legitimate employees and company email addresses, logos and signatures.

“Check the bank account details of any invoices received in the name of FIATA. FIATA is based in Switzerland and uses a Swiss bank account (‘CH’ IBAN) which has not changed for many years. Bank accounts based in countries outside of Switzerland are not connected with FIATA. If in doubt, contact FIATA immediately,” the alert stated.

FIATA Senior Vice President Jens Roemer pointed out that FIATA and the Global Shippers Forum approved in April a Charter for Protection and Governance of Data in International Trade, which established minimum arrangements for data security and confidentiality that providers and operators of digital booking and trading platforms should adopt and incorporate in end-user agreements.

The charter lists five sections with several principles for data provided by a supply chain stakeholder: data ownership; permission to store, transfer or analyze data; duty of care to protect data; obligation to report data loss or unauthorized access; and obligations of “Big Transport” companies as industry gatekeepers for data.

Want more news? Listen to today's daily briefing below or go here for more info: