[Stay on top of transportation news: Get TTNews in your inbox.]
SAN DIEGO — Transportation is now one of the most cyberattacked industries in the United States, which puts trucking in the crosshairs of hackers, a panel of cybersecurity experts said here during American Trucking Associations' Management Conference & Exhibition on Oct. 6.
“This is why we’re doing a session on cybersecurity,” said Ken Craig, vice president of special projects at McLeod Software, citing data from Forbes that said transportation ranks No. 5 on the list of industries with the most cyberattacks.
“If you take a step back from all of the critical infrastructures such as financial, transportation, medical and so on, transportation moved from No. 10 to No. 2 most-attacked in 2018,” said Sharon Reynolds, chief information security officer for Omnitracs, in reviewing separate cybersecurity data by business sector from IBM X-Force Threat Intelligence Index.
Reynolds said that small trucking companies tend to be the biggest targets for ransomware attacks because they often don’t have sophisticated protections and, as a result, could be more likely to pay hackers who disable their computer systems. On the other hand, larger trucking companies, which often have more significant protections, can produce a bigger payday for hackers, Reynolds told Transport Topics.
“From what I understand from sources, the attackers — when they come into your network — will check your financials to see how much they can charge you,” she said. “They’re looking to see what you can afford as a company, because if they ask for too much you won’t want to pay it. They want you to pay because this is a business model for them.”
Joseph Saunders, CEO of RunSafe Security Inc., said that once an attacker discovers a vulnerability in a company’s computer system, the odds are good he will strike more than once.
“The hacker is really an underground business operating as efficient and sophisticated as any other business operation, including the ones you all operate,” Saunders told executives attending the session.
Saunders said that motor carriers should conduct at least one annual assessment of their computer systems, including penetration tests and tests of their risk management framework for the likelihood of an attack. They also may want to apply software patches and create an incident response plan.
Harold Sumerford Jr., CEO of J&M Tank Lines, whose company was hit with ransomware attacks on two occasions, said that hackers will spend up to 18 months analyzing a company’s computer system before attacking it. “These are pretty smart people,” Sumerford said.
He recommended that truckers foremost protect personal information on company employees and customers, and educate employees about threats of phishing scams in emails, and even attempt to be careful about protecting accounts payable information.
“By the time you get the notice, you’re in deep yogurt,” said panel moderator Craig.
Want more news? Listen to today's daily briefing: