When it comes to cybersecurity, many supply chain organizations are practically holding up a sign that says, “Welcome.”

Recent research[1] shows that 70 percent of breach notices in the first half of 2025 did not specify the attack vector, reflecting gaps in visibility and attribution. This lack of transparency impedes response efforts. AI-driven analytics that fuse signals from multiple data sources can help close these visibility gaps and provide more precise attribution.

Strategic Theft

Strategic theft is the practice of using identify theft, social engineering, or other forms of deception to fraudulently broker cargo and change its destination. Supply chain theft often occurs through a technique called “double brokering,” which is linked to organized crime networks, mostly occurring in California near the port of Long Beach. Double brokering involves duly authorized motor carriers and brokers clearly working together to essentially misrepresent themselves into a load that comes from a very real broker or shipper and eventually makes its way to a very real carrier, but at a rate that’s reduced from the original load agreement. The carriers secretly re-brokers it to another carrier without the shipper’s or original broker’s knowledge or consent, often leading to theft, non-payment, or liability issues for all parties involved. This practice bypasses proper vetting, leaving the ultimate hauler potentially unqualified, uninsured, or even nonexistent, and it can result in significant financial losses, cargo damage, and supply chain disruptions.

Reports are that this form of theft saw a 1,475 percent increase from Q1 of 2022 to Q4 of 2024 and that it now represents about one-third of all cargo theft. As these threats continue to grow and proliferate, there’s never been a worse time to let our vigilance slip. But this is exactly what many organizations are beginning to do. By taking advantage of vulnerabilities in the supply chain, bad actors are already making billions of dollars stealing physical cargo, and they don’t even need to leave their homes to do it.

Advanced Persistent Threats (APTs)

Hackers are persistent! APTs are long-term, targeted attacks often carried out by nation-states or organized groups. The Chinese government and Russian organized crime are notorious for infiltrating company databases, and then exfiltrating proprietary IP and product designs over extended periods of time, all the while avoiding detection. Many North American companies have seen their proprietary designs showing up in China, with identical characteristics.

Zero Day Attacks

Certain attacks can be characterized as “zero day attacks,” so called because the organization has zero days to react, as the violation often occurs well before IT administrators are even aware of the breach. By deploying malicious shellcode that scans networks for unpatched software vulnerabilities, APT groups are able to exploit areas of weakness. For this reason, it is essential that an organization, and its entire supply base, remain current on software patches, as even a few days is enough for a hacker to exploit a non-patched vulnerability.

Man-in-the-Middle Attacks

Hackers are also on the lookout for employees who are traveling outside of the office for work and decide to connect via the closest publicly available network, instead of a secure network. As the employee’s laptop looks for the closest network, hackers will set up a device that mimics a fake wireless network. The hackers may cleverly name it something that fools the user into believing it is an approved public network, such as in an airport, and may even have a mock icon. In doing so, the hacker becomes the “man in the middle,” who is capturing everything that the employee does on the network. They will pass on messages sent to other individuals, websites like Amazon, or other providers, but also now have access to the laptop.

Operational Technologies (OT)

Many cyber vulnerabilities for supply chains exist in operating technology (OT), which includes internet of things (IoT) devices, robots, industrial control systems, supervisory control systems, data acquisition systems, programmable logic controllers, and other technology that organizations use to connect, monitor, manage, and secure their industrial operations. These tools and technologies are increasingly at risk, and many organizations are woefully unprepared. Although malicious email attacks are common, more organizations are requiring practices like multi-factor authentication to reduce the risks of such attacks.

To prevent cyberattacks, prevention is clearly a core element. Enabled by AI, systems should ideally be able to detect hackers performing reconnaissance and scanning, before they are able to gain control. Once intrusion occurs, it may be exceedingly difficult to detect an attack, so preventing entry is the ideal approach. Not always so easy to do.

[1] Verizon 2025 Data Breach Investigations Report

Portions of this blog were developed from a presentation by Julie Earp, Professor of Information Systems at NC State University.