[Stay on top of transportation news: Get TTNews in your inbox.]
Cybersecurity breaches are an ever-present danger for all types of businesses, and freight transportation companies are no exception.
It may not be possible to eliminate this threat entirely, but with the right safeguards in place, trucking and logistics companies can reduce the risk of being hacked or falling victim to a ransomware attack, industry experts said.
“We are a heavily targeted industry,” said Cory Staheli, chief information officer at motor carrier Trans-System Inc.
Staheli believes that hackers often perceive trucking companies as easy targets based on the assumption that they lack the sophistication and resources to properly protect themselves online.
And those hackers are not merely kids in a basement getting into mischief.
“We need to understand what we’re up against,” Staheli said. “These guys are highly organized criminals. They are trying everything they can to take our money from us.”
Trans-System, based in Cheney, Wash., is the parent corporation of three trucking companies — flatbed hauler System Transport, TWT Refrigerated Service and bulk carrier James J. Williams. Trans-System ranks No. 95 on the Transport Topics Top 100 list of the largest for-hire carriers in North America.
Industry experts said cyberattacks are increasing in both frequency and complexity.
It’s not a question of if, but when a cybersecurity breach will happen at your company, said Joe Russo, head of information technology at Isaac Instruments, a supplier of electronic logging devices and fleet-management technology.
Wally Stegall, a corporate technical fellow with fleet telematics vendor Morey Corp., agreed.
“No fortress is impregnable,” Stegall said. “In cybersecurity, that is just a fact.”
In recent years, the increase in remote work has created even more security challenges.
As the COVID-19 pandemic took hold and working from home became much more common, it provided easier access for cyber criminals, Russo said in a presentation during Isaac Instruments’ virtual user conference in November.
Cyberattacks increased three- to five-fold from the pre-COVID days, he said, primarily because many organizations were not adequately prepared for the abrupt shift to remote work.
“They weren’t prepared to give everyone their own laptop so people used their personal laptop,” Russo said. “If you do that, you don’t know if that personal laptop is protected or had security tools. That is how we’ve seen an increase in breaches — through those home devices that were never patched, not protected, had back doors, had the threat agent waiting to collect the keyboard entry to see how they connect back to the home office. Then he’s opened the door. He’s in. If you don’t have countermeasures, they have accessed all the data.”
Before the pandemic, businesses primarily built their security measures around a firewall, but once people started working from home, they had to extend their defenses outside those secure walls, Trans-System’s Staheli said.
“Organizations were struggling to properly secure the home environment, something that they hadn’t done before,” he said.
How Cyberattacks Are Evolving
Phishing attacks via malicious emails are the most common way for cyber criminals to access a company’s information.
“Scam email is getting harder and harder to detect, and it seems like it’s escalating more,” Staheli said, particularly as scammers master the use of artificial intelligence algorithms.
“What we see is a lot of emails where someone pretends to be someone else, asking for a one-off financial transaction,” he added.
Meanwhile, some hackers have shifted their phishing attempts to text messages, which some recipients might be more inclined to answer than an email.
Other scammers are utilizing even more aggressive schemes.
“More and more, we are starting to see social engineering as a way to get in,” Isaac’s Russo said, referring to “old school” methods such as calling the help desk and asking for access to accounts.
Russo discusses the pandemic’s effect on cybersecurity at the Isaac Instruments’ virtual user conference. (Isaac Instruments)
Among the most severe cyber threats facing the trucking industry are ransomware attacks, in which a hacker seizes control of a company’s network, encrypts its data and then literally demands a ransom in return for releasing it.
“Often before encrypting a company’s data, the bad guys will do everything possible to destroy the backups. They will either delete them or encrypt them,” Trans-System’s Staheli said. “Once they know a company’s ability to recover from backups is removed, they then encrypt the servers and workstations and ask for payment. They know companies are likely to pay the exorbitant ransom if they can’t recover their data on their own.”
Businesses can take certain precautions to recover more quickly from a ransomware attack, Staheli said.
For one, he recommended that companies embrace the “3-2-1” methodology: maintain three backup copies of their data, use two different storage media for the backups, and keep one copy of the data off-site.
He also pointed to the practice of storing immutable backups that can’t be altered in any way.
“By having a backup off-site, in the 3-2-1 model, and having immutable storage, the bad actors are not able to destroy or encrypt the backups. The company can then restore from their backups and not pay the ransom,” he said.
Best Practices for Cybersecurity
Defending a company from cyberattacks begins with proper preparation.
“An attacker must succeed only once. The defender must succeed every time,” Isaac’s Russo said. “You need to think like a hacker.”
Russo outlined the following steps for businesses to ramp up their cybersecurity efforts: review the company’s incident response plan; stay up-to-date on current scams and share that information with employees, including those working at home; have a cybersecurity policy that covers remote work; have a cyber insurance policy in place before an incident; and consult with security experts in the industry.
“There’s a lot of technology out there to help put security practices in place,” Russo said. “It’s a matter of finding the right partner and the right fit.”
Education is key. Companies should invest in training their employees to spot suspicious emails. Otherwise, it is all too easy for someone to click on an email or respond to something that seems to be legitimate at first glance.
Russo emphasized that training ideally should be done in a “microlearning” fashion — in easily digestible increments. They should also make this training as interactive as possible.
“At Isaac, we have mandatory awareness training for everyone,” he said. “Everyone gets microlearning material, then there’s targeted training for different roles in the company.”
Good password hygiene is another important security practice.
First, passwords should always be used.
“Some companies have people log in without passwords because they feel it’s disruptive. But you have to force them to be required. If you have a password that is less than 10 characters, it can be hacked almost immediately,” Trans-System’s Staheli said.
The increasing use of personal devices for work purposes has created new opportunities for cyber criminals. (Getty Images)
A password should be long — between 14 and 16 characters — and contain a mixture of capital letters and punctuation marks. This will make the code highly difficult to crack.
“One of our strategies is not to change passwords very often, so that people can remember them and not have to write them down,” Staheli added.
Passwords stored in a browser can be retrieved by hackers. Instead, he recommended using a password vault such as LastPass or KeePass. Those services “remember” all of your passwords for you and offer a built-in password generator, but they can be expensive, he cautioned.
Staheli said companies also can enhance security through multifactorial authentication, which requires a user to provide more than one verification factor to gain access to an account or a device. Those factors can include something a person has, such as a smartphone; something the person knows, such as a PIN; or something unique to you, such as a fingerprint. When users enter a password, for example, a code is sent to their mobile phone to further authenticate their identity.
In addition to companies’ individual efforts, industry collaboration on cybersecurity is ramping up. American Trucking Associations offers Fleet CyWatch, a program that assists fleet members in reporting cyberattacks and shares information about the latest threats.
Cybersecurity also is a core consideration for the trucking industry’s technology ecosystem, especially as companies integrate more third-party devices and systems into their operations. Morey’s Stegall said fleet operators need open architectures that are secure, yet still allow the free flow of information.
“There are two extremes — one is you can be so open that you are subject to attack, or you can be so closed that you can’t get the benefits of transformative technologies,” he said, “so there has to be, without compromise, security with openness [while] making sure you’re shutting down the bad actors.”
Want more news? Listen to today's daily briefing above or go here for more info
Through it all, the cybersecurity field continues to evolve, and the criminals are getting smarter.
“In the last two years, I’ve been on 40 different conference calls and webinars with my peers, all of us trying to figure out the right way to adjust and adapt to this,” Staheli said. “It is coming to a point now where it is becoming reality, and companies are responding to it.”
The bottom line is that all companies, large and small, are susceptible to cybersecurity threats, even with the tightest controls in place. After all, even the U.S. federal government was hit by a major data breach.
Nonetheless, trucking and logistics companies can mitigate these threats by establishing security and response plans, educating employees and taking a multifaceted approach to securing their data.