[Stay on top of transportation news: Get TTNews in your inbox.]
Trucking companies that are becoming more technological are at risk of increased vulnerability, but there are steps they can take to mitigate such threats.
“As the industry gets more dependent on computers in terms of the different ways in which routes are scheduled, things are run, more automated, more computer-dependent, more online, then the risks increase,” Scott Godes, insurance recovery, cyberinsurance and commercial litigator at Barnes & Thornburg, told Transport Topics.
TFI International, which ranks No. 11 on the Transport Topics Top 100 list of the largest for-hire carriers in North America, confirmed recent reports that four of its Canadian-based courier divisions were hit by a ransomware attack Aug. 20. This came less than a month after the FBI warned truckers that cybercriminals could target electronic logging device vulnerabilities as a means of seizing business information.
Natural gas and propane join electric power as alternatives to diesel. Host Seth Clevenger talks with Chad Lindholm of Clean Energy and Stuart Weidie of Alliance Autogas. Hear a snippet, above, and get the full program by going to RoadSigns.TTNews.com.
“All industries are becoming more susceptible to these types of vulnerabilities,” Sharon Reynolds, Omnitracs chief information security officer, told TT. “Trucking is not alone in that. However, historically, trucking hasn’t been as connected. So now there is a whole transportation sector that is becoming more connected.”
Mimecast cybersecurity strategist Matthew Gardiner noted that cybercriminals don’t just look for companies and industries that are operationally dependent on computers. They also consider whether the target has the ability to pay while having a limited ability to prevent or recover from an attack.
“The more operationally dependent you are on IT systems and data, the more attractive you are to cybercriminals,” Gardiner told TT. “The vast majority of cybercriminals are financially orientated. They are always looking for ways to make money, and ransomware has become one of the most direct ways of monetizing cybercrime.”
Ransomware is a type of malware that encrypts files on a computer. The attacker will then demand payment to restore access to the data. Payment also might be demanded for not publishing the data.
“The number of ransomware attacks have been on the rise the last few years,” Godes warned. “The other one that has been on the rise that trips up companies is something called a business email compromise.”
That happens when a company’s system is hacked in a way that allows the attacker to send emails on the company’s behalf to other companies. The hackers will pose as the company so that clients send money directly to them.
“Another when you’re operationally dependent on IT is they can DoS you,” Gardiner said. “That’s denial of service. Basically they can freeze up your systems and then blackmail you. It’s not technically ransomware, but it’s kind of similar in that they hold your systems down and ask for money to let them go.”
Omnitracs’ Reynolds noted there also has been an increase in phishing and fraud this year. But one thing that is helping, she noted, is the trucking industry’s resolve.
“Many fleets have succumbed to ransomware throughout this year,” Reynolds said. “It seems to be increasing. I think the trick here is to use that resiliency that these fleets have. These companies have been through so much adversity through the years.”
The back offices and support staff are where the threats have been occurring. But the trucks themselves also are becoming more integrated with technology. Godes noted he hasn’t seen a truck get hacked, but it is something of which companies should be mindful.
“There is that risk,” he said. “To the extent that a truck is entirely automated in a way that the computer systems that are talking to the internet have control over the driving, the braking, the steering or the navigation systems, then I suppose anything is possible.”
Trucking companies have resources available to them to mitigate the threats. Gardiner noted that nothing needs to be invented. Everything exists among the technology, processes, best practices and general know-how. The difficult part is implementing those protections.
“The key principle in security is layered security,” Gardiner said. “That could mean technical layers, but it can also mean business-resilience layers. You want to have preventive controls. You want to stop bad things from happening, and there are multiple of them.”
Want more news? Listen to today's daily briefing: