ATLANTA — Defending against cyberattacks is often a matter of returning to the basics, according to Justin Turner, director of the counterthreat unit special operations team at SecureWorks.
Turner, who spoke at the McLeod Software User Conference on Sept. 19, said even sophisticated security professionals occasionally fail to patch their systems. SecureWorks is a cybersecurity services company that was founded in 1999.
“Oftentimes, it’s the really simple things you need to focus on to defend yourselves,” Turner said. “You don’t have to solve all your security problems in one leap.”
As trucks become increasingly automated, opportunities for cyberattacks abound. The Internet of Things allows vehicles, televisions and refrigerators to communicate, but it also presents a host of targets for cyber criminals.
Trucking fleets offer a trove of information for hackers because they store consumer data and company data. Some common vulnerabilities fleets face include distributed denial-of-service attacks, which can interrupt service, and data breaches.
In June, cyberattackers struck TNT, a European parcel carrier that FedEx Corp. has owned since last year. The attack involved an information technology “Petya” virus infiltrating the company’s systems. In July, TNT still was experiencing the attack’s repercussions in the form of delays in processing packages and shipments.
While Turner acknowledged that adversaries target specific industry verticals, he said most bad actors can seamlessly move to other verticals.
“It is important to know the specifics in your vertical, but you could potentially be the victim of any one of these groups,” Turner said.
Hannah Hoeflinger, professional lines broker at INSUREtrust, said that even keys to trucks can be hacked. She used the example of someone who walked into a Jeep dealership and figured out how to code all the Jeeps’ keys.
“The more points of connectivity you have, the more vulnerable your infrastructure,” Hoeflinger said. “There’s a lot of solutions out there. Insurance is one of them. I don’t think anyone is totally secure. There is absolutely no way you can 100% protect yourself, because human error will always exist.”
Clients from various fields approach SecureWorks asking the company to assess their networks. Turner, who has worked in cybersecurity for 15 years, said the company has done 700 of these incident-response engagements with its clients.
Turner said a few of the company’s clients are trucking equipment manufacturers. He said certain clients, including the equipment manufacturers, ask SecureWorks’ technical testing team to analyze software that the fleets are trying to adopt.
“For some of those organizations, it’s a matter of awareness,” Turner said. “They may not be the direct target, but something about them is actually very valuable to somebody else.”
Phishing attempts, in which a cyberattacker sends a link with malicious software, are the most common attacks because they are reliably effective, according to Turner. However, he said ransomware attacks, which occur when a hacker takes possession of data and only releases it when a certain sum of money has been paid, also are becoming popular because they are relatively cheap to conduct.
He advised companies to evaluate where the “crown jewels” of business are, because cyberattacks are a matter of “when” and not “if."
“Preparedness is probably the number one thing. You will have some kind of an incident,” Turner said. “Your preparedness and ability to respond to that is really, really important.”