Cybercrimes are becoming the most significant security threat faced by trucking companies, especially by smaller carting firms. By adopting the proper cybersecurity measures, truck owners reduce their risk of losing money and productivity to computer criminals.
An Overview of Cybercrime
Mixed Motives: Financial gain is not the motive behind every hacking attack. Some cybercriminals disrupt a carting firm’s operation and inflict financial losses on the company to show off their hacking skills.
The Prevalence of Cybercrime: In 2020 1.1 billion cyberattacks were launched. The independent security software evaluating firms AV-TEST Institute reports that daily, Google thwarts 18 million phishing attacks. Weekly, the technology firm VMware records 9.1 trillion attempted cybercrimes. These numbers illustrate the importance of cyber safety to the over-the-road freight hauling industry.
What Cybercriminals Are After: Hacking into a cartage company’s computer system isn’t always about stealing company information. The hacker is also after truck drivers’ personal information. In some instances, after a data breach, a carter has a legal obligation to provide its drivers with credit monitoring at an average cost of $148 per affected driver.
Common Cyber Crimes
Phishing Scams: The goal of a phishing scam is to steal information. Phishing scams try to dupe computer users into clicking a link. Opening the link allows malware to enter a company’s computer system. Once the phishing software is in a data system, the hacker who planted the malware can download a firm’s information and sell it on the dark web.
Ransom Wear: Ransome wear locks a business out of its servers. To regain access to their database, the victim pays the hacker a ransom. In 2018 a carter in Minnesota, Bay and Bay Transportation, discovered the hard way that a ransomware hacker can detect and defeat efforts to circumvent the ransomware. The longer a hacker holds a firm’s information hostage, the more money the company loses. Ultimately, it may prove more cost-effective to pay the ransom.
Social Engineering Scams: One victim of a social engineering scam unwittingly wired $250,000 to hackers working out of Thailand. Social engineering is theft by deception. A company receives what looks like a genuine email from one of its vendors requesting payment. The email includes a link that sends the money to a cybercriminal.
Cyber Theft Counter Measures
Countering Social Engineering Scams: Before making any payment using an email link, verify the invoice’s legitimacy. Have your accounting department contact the payee to authenticate the request.
Protection from Cybercrime Losses: Financial losses and liabilities stemming from cybercrime aren’t likely to be covered under a Commercial General Liability Policy. Cyber insurance indemnifies businesses against the cost of phishing, ransomware, and social engineering scams. There are two types of cyber insurance policies, Cyber/Network, and Crime/Theft. Each type of policy covers different consequences of a cybersecurity breach. Comprehensive policies that combine cyber/network and crime/theft coverage are available.
Consider Joining CyWatch: Members of the American Trucking Association (ATA) can take advantage of CyWatch, a clearinghouse for ATA members to report cybercrimes committed against them. Data collected through CyWatch enables the ATA membership to protect itself against cyber-attacks. CyWatch is a collaboration between the ATA, Federal Agencies, and cyber safety experts.
The Role of Drivers In Cybersecurity
Include Drivers in Cyber Safety Training
Research conducted by Carriers Edge, a virtual training provider for truck drivers, found three-quarters of over-the-road freight carriers do not include their drivers in cybersafety training. Those companies mistakenly believe drivers can’t inadvertently cause a computer security breach because drivers are shut-out of internal network systems. These firms also think that the security software on driver’s tablets is adequate to counter system security risks. The reality is driver’s tablets use the company’s firewall, exposing the firewall to penetration by malware.
Drivers commonly use company-issued tablets for business and private use. A lack of education on cybercrimes can result in truck drivers and their employers falling prey to phishing or ransom malware.
In June of 2017, Farmingdale, NY-based Leonard’s Express learned the value of investing in employee cybercrime training. For three days, Leonard’s worked to counter an attack on their computer system that started with a staffer opening a phishing scam link.
Once in the company’s computer system, the malware spread like wildfire. For three days, the company ran its operation using paper and ink. Leonard’s got lucky because the attack didn’t cause significant harm. Other carting companies have sustained six-figure losses because of hacking.
What to Teach Drivers
All your employees, including drivers, need to know where to watch for phishing scams.
- Free email sites
- External websites
- Social media sites
Companies should inform all their employees of the dangers of using the company network and devices for downloads from non-company websites. Consider establishing a company policy that prohibits downloads from external websites to firm issued computers, tablets, and cellphones.
Provide Drivers With VPN
On the road, truckers depend on unsecured public WiFi to stay connected to the company network. A Virtual Private Network (VPN) creates a secure connection between a driver’s device and the company servers. VPN advantages include:
- Keeps hackers from obtaining a computer’s IP address
- Encrypts information going to and from a device
- Conceals internet activity
VPN enables a driver to connect to their employer’s computer system from anywhere in the country. Just remember, while a Virtual Private Network can be a valuable tool, it is not a substitute for anti-virus software.
Keeping Your Semis Safe From Hacking
Cyber Safety in The Repair Shop: If you own an over-the-road freight hauling concern, your maintenance personnel use computerized tools to troubleshoot and fix tractors. Electronic diagnostic tools relay information from the truck’s onboard computer to a laptop or tablet.
Protect Maintenance Department Computers: Maintenance shop computers can provide cybercriminals with a gateway into a semi’s computer system. Maintenance shop devices need the same protective software used on your office computers e.g., anti-malware and anti-virus programs. Parts counter computers are connected to the internet constantly, so it requires extra diligence to keep parts department devices cyber safe.
Educate Maintenance Techs: Staff training is a company’s first line of defense against cybercrime. Bi-directional software sends information from a tractor to a computer and from a computer to a semi. If someone out in cyberspace hacks bi-directional software, they can remotely seize control of a rig. Teach your repair staff to only use bi-directional programs from known manufacturers.
Watch for Questionable Components: Technicians should question the presence of electronics that don’t look like they belong on the truck.
Know How Truck Information Is Used: A skilled hacker can break into a semi’s computer and tamper with its operating systems. A cybercriminal can remotely render a truck inoperable. Some third-party software providers collect information from a semi’s computer. To minimize hacking risks, research how software producers use data collected from a truck’s computer. Take the time to read and understand software manufacturers’ privacy policies.
Plan for the Future
The transportation industry has become one of the most susceptible industries to cyberattacks, which makes trucking incredibly vulnerable. From large logistics operations to small mom & pop shops, no one is safe – especially with attackers becoming more and more sophisticated.
Which simply means – be careful and be sensible. Create policies for your employees to follow based around simple do’s and don’ts. Include what to watch out for, things to be wary of, and when it makes sense to alert management about a potential threat. Cyber threats are not going away and will likely be with us for many years to come. That means addressing it now will pay dividends for you, your company and your employees in the future.