Cyberattacks and ransomware breaches are increasing steadily, according to internet and technology experts. Although they are never completely preventable, fleets can make specific efforts in order to lessen the risk of attack and keep their businesses safe.
A cyberattack takes place when a hacker digitally breaks into a company’s IT system and proceeds to encrypt certain files, documents, or the system as a whole. Then, the attacker will blackmail the company into giving them a ransom by threatening to steal or delete the company’s important data.
Ransomware attacks are becoming more common across all businesses–not just trucking–and have been deemed a top overall security threat. Because many companies end up quietly paying an attacker’s requested ransom without submitting any report of the attack, the exact number of recent cyberattacks is hard to determine.
Global reports of cyberattacks across all industries jumped by 715% between 2019 and 2020, according to Bitdefender, a cybersecurity and antivirus software firm.
Throughout 2019, the transportation industry became one of the most cyberattacked industries in the country, with attacks on 3PLs and fleets becoming particularly dangerous. These attacks are able to compromise all digital information of the targeted fleet, the fleet’s clients and the fleet’s business partners.
Still, too many industry businesses have not implemented necessary precautions or recovery plans.
The trucking industry is going through an era of many technology changes and upgrades, mostly consisting of software meant to boost on-road safety and business practices, rather than any ransomware defense. Luckily, many tech vendors often dive deep into cybersecurity possibilities within their software and can discuss proper protections with the fleets they serve.
“Customers are trying to move freight and get more efficient, so cybersecurity is not in the forefront of their mindset,” said McLeod Software chief security officer, Ben Barnes. “Helping them through the murky waters is part of our strategy. At the end of the day, it affects us all.”
Cybersecurity experts and IT workers say a majority of companies fail to implement any cyberattack prevention strategies whatsoever, and only consider the risk once they’re already a victim.
“My experience is, regardless of industry–whether trucking or shipping or healthcare–once a company is hit with ransomware, they become far more serious about securing their data,” said HudsonAnalytix chief technology officer, William Elkins, whose company is focusing primarily on trucking-related cybersecurity solutions.
“Partnering with proper software vendor companies is key,” said Leonard’s Express director of systems development, Chris DeMillo. “But, ultimately, the responsibility lies with the [fleet] or 3PL.”
Many fleets avoid investing in any cybersecurity insurance due to the rising costs involved, which continue to increase as ransomware attacks grow steadily. On the other hand, some businesses buy this insurance and then believe their fleets are completely safe from cyber attacks, which is not the case, according to experts.
When purchasing cybersecurity insurance, “you really aren’t set, and it can give you a false sense of security that it’s a panacea, when it’s not,” said Leonard’s Express chief marketing officer, Michael Riccio. “What are you doing at the blocking and tackling level to alleviate having to use that insurance?”
Leonard’s Express fell victim to a ransomware attack itself a few years ago, which employees believe occurred from an email phishing scam. The trucking and freight brokerage firm refused to pay the ransom, and the hackers ended up not stealing any important data, luckily. Still, the company used the event as motivation to improve its cybersecurity methods and practices.
A company must create a proper cybersecurity plan, complete with assessment of the company’s valuable assets and where they are located within its software. Entry points into the overall system must be well-known, as well.
“[Although] having a plan doesn’t always help prevent [an attack], if something happens, it lays out the playbook for how to deal with the problem,” said McLeod’s Barnes. “You’ve got to identify the crown jewels and figure out how to protect them.”
Then, a company can decide which preventative practices to implement, including the installation of antivirus software, firewalls, or third-party cybersecurity methods.
“When you’ve done this assessment, it’s a lot easier to put up a cyber budget,” said HudsonAnalytix’s Elkins. “Offset that expense with the impact of an outage. You’ll make different decisions if you consider the cost.”
Then, ensure the plan is utilized by everyone in every department–not just the IT department.
“Make the plan ahead of time, print the plan, and have it all over the place,” said Trimble Transportation vice president, Chris Sandberg. “You should test every so often that the steps you have in place for the business haven’t changed and don’t need to be [updated]–at minimum, annually, but preferable quarterly.”