Everywhere you look in business and society these days, computers rule the world. And, as recent cybercrime statistics show, criminals know it.
Recently, Cloudwards reported in its Cybersecurity Statistics Report that while the COVID-19 pandemic brought much of America to a standstill, cybercriminals were working overtime. The rate of cyberattacks has jumped 600% since the onset of COVID, the report noted, with the total cost of cybercrime damages for 2021 alone reaching $6 trillion worldwide.
Trucking companies were not spared from this threat, as the widely reported attack on Marten Transport last October demonstrates. But experts say that, as an industry, trucking remains one of the least fazed by these threats — which could paralyze their fleets and exacerbate an already sluggish supply chain.
“Cyberattacks against all businesses have been steadily rising, with trucking being one of the most targeted industries,” wrote CarriersEdge President Mark Murrell in a May LinkedIn article. “Yet when I bring up the subject, people kind of gloss over (it).”
It’s critical that trucking companies remove that gloss, said McLeod Vice President and Chief Information Security Officer Ben Barnes. That’s because often one vulnerability — even the smallest one — leads to another.
“In the cyber world, hackers who gain access or find the exploitation vector into a computer system often sell that access and privilege escalation to other criminals who then perform different attacks,” he said. “One type of attack could be ransomware, another could be theft of data, or a third possibility is the utilization of those exposed internal systems for further attacks on that company’s vendors or customers. Cybercriminals have truly formed a pyramid of ways to make money, and they have become very organized.”
Trucking companies should be willing to share their experiences in the area of cybercrime, added Barnes.
“I would say we all get complacent at times with cybersecurity,” he shared. “I have been a big advocate for those trucking companies that have suffered an attack to share the experience, the steps taken to recover, and some of the pain points of going through an attack. I believe that if we share those experiences, we learn from each other and build a stronger, unified defense. That will help keep everyone in trucking engaged.”
Others agree.
“(Cybercrime is) an increasing problem worldwide and nationally,” said San Jose State University’s Mineta Transportation Institute Principal Investigator Scott Belcher. “Everybody’s got some level of security; the question is whether they really have a good sense of what their potential risks are and whether they’re managing those risks as part of their overall security profile. That’s where we need to get to.”
Belcher said the reason many areas of the transportation sector underestimate cyber threats is because they erroneously think there’s nothing criminals would gain by attacking them. Compared to hacking banking or credit card information, a fleet of reefers hauling cheese doesn’t present that much motivation, goes the thinking.
What’s more, the number of cyberthieves could be in the thousands.
Former FBI Agent Chris Tarbell, who will speak on the subject in Tuesday’s general session at Truckload 2022: Las Vegas, said in a recent presentation that just to determine the amount of traffic on the internet, agents checked a random website and within 13 minutes there had been 42,000 hits on the site. Does that number surprise you?
“That number does not surprise me,” said Barnes. “Websites can draw heavy amounts of visits, depending on search criteria and search engine results. Some websites can have hundreds of thousands of hits per day, others much less. This factor depends on content and popularity.”
The size of the carrier is becoming less of a factor when thieves plan to attack, according to Barnes.
“I believe the small and mid-size trucking companies are easier targets for attack due to lack of a cybersecurity strategy, shortage of cyber talent, cyber education, and the cost for cyber defense,” he added. “But we have recently seen larger carriers come under more pointed attacks; therefore, I believe the trucking industry as a whole should focus more on cybercrimes.”
Belcher addressed the issue of ransomware.
“There’s the tactic of ransomware. They will take control of and have access to the system, have access to public data, and they will hold the city, they’ll hold the transit agency, they might hold a trucking company hostage,” he explained.
“[The cybercriminals] will require a ransom to release the data and return access to the system or to get out of the system,” he continued. “We’ve seen plenty of examples of that throughout the country in which they’ve shut down transportation operations or they’ve shut down city operations for weeks or for months. Or we’ve seen operations pay the ransom or insurance companies pay the ransom. It’s millions and millions of dollars in terms of ransom.”
Combine that with the substandard security practices, lack of adequate IT personnel and general apathy about the issue, and the industry is poised for disaster, noted Murrell.
“Fleets are concerned about road safety and devote considerable effort to preventing problems, but aren’t that concerned about cybersecurity,” he said. “That only makes the risk of attack even more significant.”
The irony of the current state of the industry is this: The very things companies have been the most progressive about — investing in new trucks laden with technology — are what’s now producing multiple potential intrusion points for bad actors.
Dallas-based consultant Rob Robins, who writes regularly on issues facing companies in transportation, logistics and the supply chain, said the industry in general needs to modernize its back-end IT systems to keep up with what’s being deployed on the road.
“Trucking and logistics businesses are increasingly reliant on technology, which is why it’s more crucial than ever to safeguard these systems against cyber assaults,” shared Robins. “Freight transportation has evolved, and cybersecurity experts are trying to address these issues by providing freight delivery system cybersecurity protections that may reduce the likelihood of this problem.
“System backups, security software updates, data backups and network segmentation are all front-line defenses that the transportation industry needs to look at more closely because ultimately, prevention is the best defense,” he continued.
What should trucking companies consider as they build a defense against cyberattacks?
“There’s no silver bullet to prevent an attack,” said Barnes. “Companies need to be prepared for how to respond, mitigate, and recover from an attack when, not if, it happens. Bruce Schneirer states in his book ‘Click Here to Kill Everybody’ that the only way to secure a computer is to encase it in concrete and sink it in the bottom of the ocean.”
Dwain Hebda is a freelance journalist, author, editor and storyteller in Little Rock, Arkansas. In addition to The Trucker, his work appears in more than 35 publications across multiple states each year. Hebda’s writing has been awarded by the Society of Professional Journalists and a Finalist in Best Of Arkansas rankings by AY Magazine. He is president of Ya!Mule Wordsmiths, which provides editorial services to publications and companies.
