Back in April of this year, I posted an IdeaXchange blog about the dangers of data breaches and how to reduce the threat. That blog primarily focused on privacy laws and compliance; but for every warning and software fix to prevent breaches, there are bad actors who consistently figure out ways to get through and do damage.
The August edition of FleetOwner magazine has an article that addresses the chaos that cybercriminals pose to every business, and how the threat to our industry has grown substantially. Citing a 2022 IBM Security study, the article notes that transportation is in the top 10 most targeted industry. Adding to the problem, so many other industries higher up on the list rely on trucking and other transportation types as an essential part of the supply chain.
With a supply chain that is increasingly global, security compliance from suppliers is essential. In February of this year, Toyota had to shut down operations throughout Japan after one of its suppliers, which had third-party access to Toyota’s manufacturing plants, suffered a data breach. This puts a great deal of pressure on manufacturers and retailers (really, any business that deals with suppliers that are intertwined in their systems) to ensure compliance and strict security measures from their suppliers.
Trucking as a target
It used to be that hackers needed to use complex actions to hack into a system; now, it’s as easy as sending a fake email to an employee that seems to be coming from a legitimate sender. Instead, that “phishing” email comes from a bad actor who easily gets into the company’s system from a well-meaning employee. The FleetOwner article notes that “Half of the incidents IBM X-force remediated at transportation companies originated with phishing emails, followed by stolen credentials (33%), and vulnerability exploitation (17%).”
During the pandemic, when more workers where working from home and security might be more lax, the problems and attacks only increased. Fortunately, companies have also gotten smarter and many put in place additional security measures both before and during the pandemic to at least mitigate the harm a breach can cause.
So, if the money from ransomware and harm from data breaches is mostly in manufacturing and retail, why would cybercriminals go after trucking? The FleetOwner article addresses that as well. Once COVID hit, bad actors saw how attacks could affect transportation organizations and businesses, including fleets. John Sheehy, senior VP of research and strategy for IOActive stated, “You might be attacked because of who your client is – or who their client is.” He further explained “that a criminal looking to infiltrate a high value target could use a fleet’s weaker cybersecurity as a way in.”
Zero trust should be the company mantra
Companies should just accept the fact that hackers are trying to get into their systems and, unfortunately, may likely succeed. Often, as I showed above, through innocent good intent from an employee or the employee of a supplier. That means you must make cybersecurity a major ongoing initiative, whether you work through a provider or handle it all in-house. Think of your company as a house that has leaks everywhere. You wouldn’t just plug up the roof and leave the wall holes alone. That’s how you need to think about your systems and servers. Leaks are everywhere and criminals will find ways to capitalize on that.
There are things you can do to help limit the danger, including the ability to quickly identify a threat so it can cause limited damage (or, hopefully if caught soon enough) no damage at all. The article lists a number of steps organizations should take, including:
- Pinpoint your vulnerability – Consider working with a professional IT security company to assess your internal and systemic vulnerability. Guaranteed, they will find weaknesses that you can then strengthen and defend against.
- Make your employees part of the solution – If you think just beefing up your IT team is the answer, you’re very mistaken. Every employee should have some kind of training in what to look for. Cyber criminals are very smart and very inventive. Make sure employees question anything that seems just a little “off,” regardless of where it seems to come from. And give employees a reporting structure so they know who to inform when a questionable situation arises.
- Identify your risk level – What are the most valued parts of your organization: your financial records; asset information; customer data; employee data? Whatever that might be, evaluate your IT systems in protecting those areas and systems and decide the best way forward that will be the least disruptive to your organization.
The ability to trust has taken a major hit over the last couple of decades so skepticism today is a valuable trait. As criminals keep getting cleverer, your security measures need to do so as well. This is one of those cases where failure is definitely not an option. You may not catch every attempt; but you’ll be well-armed to limit the damage from an assault.
Read my IdeaXchange blog and see how your fleet can reduce the risk of a data breach.