Unveiling the Threats You Can’t See: Cybersecurity Advice for the Trucking Industry

1

The trucking industry is no stranger to threats. Fleets are constantly implementing security measures to reduce the risk of stolen cargo and prepare for deteriorating infrastructure and driver safety on the road. But with Cybersecurity Awareness Month starting October 1, it’s time for the industry to focus on the threats we can’t always see – the digital ones.

Technology is becoming an integral part of the entire trucking industry, from IoT-enabled devices to electric and autonomous trucks. Because of this, fleets must reprioritize their cybersecurity strategy. A report from Willis Towers Watson states that the biggest threats facing today’s transportation executives are cyber vulnerabilities. With security risks on the rise, the stakes are high and it’s critical that fleets have the right protections in place.

Understand the Risks Before Hitting the Road

Throughout the course of this year, I’ve seen cybersecurity discussions take center stage at conferences and trucking industry events. I recently moderated a panel with cyber experts including an FBI agent and an ethical hacker. One of the biggest takeaways? The trucking industry is an extremely attractive target for cyber criminals, and trucking executives must shift their focus from tangible to intangible threats. However, to be successful in keeping a fleet secure, one must first truly understand these invisible criminals.

Hackers understand there’s money to be made in attacking transportation systems. Ransomware and malware attacks are on the rise, with criminals targeting their back-office solutions. These attackers are stealing sensitive data like the personal information of the driver or route information, which can be harmful for employees and customers. One transportation company lost $340,000 after thieves accessed an employee’s laptop.

In addition to outsider threats, fleets must also prepare for insider threats – both from their own company and third-party exposures from partners or customers. Human error remains one of the most damaging cyber threats, even though it’s usually unintentional. It’s important for transportation companies to look beyond their own businesses and examine the technology, processes and people in their third-party vendor networks. For example, one company lost $850,000 after it adopted a new technology without realizing the weaknesses in a partner’s system. Establishing guidelines and verifying they are followed for both employees and partners will help mitigate many of these insider threats.

Training Truck Drivers for Security Success

While the IT team is historically the primary owner of cybersecurity across an organization, it’s crucial for all employees to understand the basics of their company’s cybersecurity policy. In today’s trucking landscape, many carriers have BYOD policies and more and more drivers connect their personal devices to trucks to run applications such as the software used to record drivers’ hours on the road. As the number of personal devices increases, trucking companies must implement cybersecurity awareness to ensure everyone understands their role in defending against these threats.

Phishing emails are a popular method hackers use to infiltrate a system, so employees, including drivers, must understand how to identify business email compromise and what type of links or attachments not to open. By simplifying the training to everyday processes, drivers can better understand the reality and scope of these threats.

Re-evaluate Systems Continuously

Security is not a one-time IT implementation. According to Verizon’s Data Breach Investigations Report, 99.9 percent of breaches occur due to a vulnerability that was uncovered over a year ago. Fleets that do not keep up-to-date on their security processes and planning are prime and easy targets for attackers. Security systems need to be updated continuously to help mitigate new risks. It’s not about buying the latest and greatest security solution. Every security solution has to be tailored to the unique needs of a company based on factors such as size, how they store data and the connected devices they’re using. Companies must re-evaluate their needs on an annual basis to ensure their security needs are still being met.

Security Resources in Trucking

Organizations such as the National Motor Freight Traffic Association (NMFTA) are working to educate members on issues impacting the transportation industry. They recently updated their cybersecurity website with guidelines around securely charging medium and heavy-duty electric vehicles. I’ve also had many conversations with dedicated cybersecurity teams within trucking companies to outline how to best protect their data and confidentiality. The ability to share information and resources with customers and competitors alike will only help bolster cybersecurity efforts in the trucking industry as cyber threats become more sophisticated.

According to Gartner, cybersecurity spending is set to exceed $1 trillion from 2017 to 2021. While cyber threats will continue to increase, collaboration and partnerships will allow the transportation industry to properly defend against such threats.

Share.

About Author

Chief Information Security Officer of Omnitracs