search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
WEEKLY NEWS


CYBER RISKS INCREASE ACROSS INTERCONNECTED AIRFREIGHT SYSTEMS


AIR CARG O WEEK


BY Edward HARDY


AIRFREIGHT operators are reporting a sustained rise in cybersecurity exposure as digital platforms link airlines, airports, handlers, forwarders,


and customs systems. Network


interdependence 06


has increased efficiency in cargo booking, cargo processing, and regulatory clearance, but it has also expanded the number of external access points through which attackers can enter operational systems. Disruptions to airport services, booking platforms, and third-party software providers in recent years have demonstrated how a single compromise can affect multiple organisations, slowing cargo flows and delaying aircraft operations. Cloud migration, integrated transport management systems, and


data-sharing arrangements have accelerated across carriers and logistics providers. These developments support faster scheduling and real-time shipment visibility, but they also require continuous outbound and inbound data exchange. The increased reliance on external platforms and vendors means that an incident originating outside a carrier’s own network can still affect its ability to process cargo or manage aircraft turnaround. Industry


responses are shifting from perimeter controls to


resilience planning, identity management controls, and continuous monitoring of


third-party access. Operators are assessing the


operational impact of ransomware attacks, credential compromise, and data exposure across integrated networks, as well as testing continuity and recovery plans that maintain essential functions if systems are temporarily offline.


Vendor access and supply chain dependencies Airfreight operations rely on shared platforms for booking, ground handling, warehouse management, and customs clearance. These systems connect multiple organisations, often across regions, creating dependencies that can allow a breach in one environment to extend to others. Recent incidents at airports and logistics hubs have shown how software supply chain disruptions can halt or delay cargo processing, even when the affected organisation is not directly targeted. Vendors


and service providers increasingly access


Identity compromise and social engineering Credential compromise remains one of the most common entry points for cyberattacks affecting airfreight operations. Attackers use phishing, voice impersonation, social engineering, and email compromise to obtain login information, bypassing technical controls. The introduction of generative AI has increased the scale and accuracy of impersonation attempts, making it more difficult for employees and automated filters to detect fraudulent communications. As attackers improve their ability to imitate trusted senders or


internal personnel, airfreight organisations are introducing identity verification steps that do not rely solely on shared personal information. Helpdesk procedures for account recovery, password resets, and system access approvals are being strengthened to limit the possibility of unauthorised instructions being executed through impersonation. Zero-trust identity frameworks are being adopted to restrict inside networks. Multi-factor authentication is now


movement internal


systems to support maintenance, operational planning, and real-time tracking. The growth of integrated digital workflows has reduced manual handling, but it has also increased the number of accounts, credentials, and application programming interfaces connected to operational networks. Industry security teams are reviewing which suppliers have access to critical systems and are assessing the conditions under which third-party access is granted. Some operators are introducing risk-based tiering for suppliers, continuous monitoring


along with of access patterns and


configuration changes. These measures aim to quickly detect anomalies, restrict unauthorised access, and reduce the chance


ACW 08 DECEMBER 2025


mandatory across most airfreight systems, and privileged access controls are being implemented to ensure that user accounts cannot perform operations beyond the minimum required for their roles. Some operators are adopting session-based access tools, allowing privileged access only for defined tasks and revoking it once the session ends. AI-driven social engineering has also increased the need for


security awareness training across cargo terminals, operations centres,


and third-party controls support environments. ensure payment Training now


includes examples of realistic impersonation, rather than generic phishing indicators. operational


requests, www.aircargoweek.com


In addition, organisations are implementing that


routing


that compromised vendor credentials can be used to move laterally into airfreight systems. Incident response plans are also being revised to reflect the reality that disruptions may originate from external platforms rather than internal systems. Gideon Teerenstra, Europe Cyber Director at S-RM, said


organisations must treat key suppliers differently from general vendors. “The key suppliers should therefore be subject to a comprehensive review,


including an initial in-depth assessment


to deliver insight and enable prioritisation of risk-mitigating activities, continuous vendor monitoring, and have a battle-tested incident response plan ready,” he said. Darren Guccione, CEO and co-founder of Keeper Security, said


third-party environments are effectively part of an operator’s infrastructure.


“Every third-party platform, cloud service, and


shared data environment must be treated as an extension of the organisation’s own attack surface,” he said. Ron


Reiter, CTO and co-founder of Sentra, said shared


accountability is essential. “Shared visibility between partners is key; every entity touching sensitive data must be accountable for how it’s accessed and protected,” he said.


instructions, or aircraft handling orders require verification through independent channels. Teerenstra said basic identity checks that rely on static personal


information are no longer reliable. “Many of the ‘secrets’ that are currently used to identify a call, such as date of birth, social security number, and home address, are commonly sold on the dark web and are therefore not reliable sources to verify a caller’s identity,” he said. Duncan Greatwood, CEO of Xage Security, said credential misuse


remains a leading risk. “Adopting Zero Trust principles, such as continuous


reauthentication, strict identity verification, and


least-privilege access, limits how far an attacker can move even if credentials are compromised,” he said. Matthew Corwin, Deputy Chief Privacy Officer at Guidepost


Solutions, said awareness training must reflect the capabilities of AI-enabled impersonation. “Security awareness training should emphasise


the sophistication and quality of engineering attacks leveraging AI tools,” he said.


Data governance, continuity planning, and resilience Airfreight organisations manage large volumes of operational and commercial data across warehouse management systems, booking platforms,


flight scheduling systems, and customs current social


clearance


environments. Over time, data is often copied or transferred across internal repositories, shared platforms, and analytical environments. This can result in “shadow data” that is stored outside monitored systems, leaving it exposed to unauthorised access. Shadow data presents particular challenges when evaluating


the impact of incidents or reporting the scope of data exposure to regulators or partners. Operators are increasing investment in data classification, inventory management, and automated discovery to maintain visibility across data flows and storage locations. Resilience planning is also being updated to ensure operations


can continue if core systems are disrupted. Manual fallback procedures remain part of contingency planning but are not considered sustainable for extended periods. Organisations are developing playbooks that cover ransomware response, network segmentation, and system isolation while maintaining ground operations at a reduced scale. Reiter said data that is not classified as sensitive can still be


exploited. “Less sensitive data can still be weaponised when combined with other sources to create potent attack vectors,” he said. Corwin said resilience planning now prioritises ongoing testing.


“These companies are investing in risk assessments and business impact assessments to ensure they understand their exposure and current capabilities,” he said. Teerenstra said resilience strategies assume network intrusion


will occur. “The sector presumes breaches are inevitable and focuses on continuous monitoring,


threat detection, preparedness, and minimising breach impacts,” he said. response


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14