The session provided an overview of real working cybersecurity activities surrounding the trucking industry. Over the past two years, cybersecurity for trucking has been questioned and exploited in different ways short of industry actions. Moderator Ross Froat, director of engineering and IT of ATA, also announced Fleet CyWatch, a new benefit for ATA members.
Fleet CyWatch is an ATA Technology & Maintenance Council (TMC) and Transportation Security Council (TSC) supported program that assists fleet members in reporting information about trucking related internet crimes and cyber-attacks, and shares information to fleets about cyber threats that may impact their operations. Fleet CyWatch coordinates with private and federal efforts to provide motor carriers with information and recommendations in the areas of cybersecurity awareness, prevention, and mitigation methods. The Program connects industry, federal enforcement, and associations and trade groups specialized in cybersecurity to improve U.S. road transport safety.
The panelists were Chris Cooper, president of Boyd Brothers, Randy Goggans, co-founder and exectuvie VP of ThreatAdvice, Mark Zachos, general manager of DG technologies, and Ryan Brander, manager of product and cybersecurity of Geotab.
Cybersecurity threats are on the rise. Cooper says he’s a trucker and an operations guy, not an IT guy. He’s on the panel to give it a day-to-day view. Boyd is owned by Daseke. They’re a flatbed carrier with about 1090 trucks and annual revenue of $200 and do about 200,000 loads a year. Daseke is a 5600 company, by comparison. Over the past seven days they say they received 27% of all their emails is spam, and there’s a 1:3 ratio of phishing emails to real ones. He sees hacking issues all the time.
“The risk and threats are real and growing. How do we protect ourselves?” he asked.
“It starts with proper backup and with people monitoring it all the time. It’s not a choice, but a necessity.”
Randy Goggans says he’s hearing from boots on the ground that there are issues across the landscape of industries. His background is developing cybersecurity to banks.
He says there’s a well-known saying: “There are only two types of companies. Those who have been hacked, and those that will be.” Goggan added: “Really, to me, it’s ‘and those who don’t know they’ve been hacked.'”
“This is organized crime. It’s sophisticated, and they’re after you. So, get prepared,” he said. “It takes an average of 206 days to detect a breach. Most companies we see today pay the ransom. It may not be a lot. It may be like three bitcoins, but when it comes down to it, CEOs want their data back. They usually pay.”
“$3 billion ransomware was paid out in cryptocurrency in U.S. Over $500 billion globally in 2017 alone,” he said.
Why are we more at risk than ever? The advancement of technology. Everything’s connected; many more connected devices, including IoT devices. There are multiple entry points from phishing, to spam, to user passwords, to installing malware, to divulging confidential information to third party vendors.
“Technology alone is not effective,” he said. “You need employee training.”
“Phishing is by email. Smishing is via text message. Vishing is by phone. All are ways to give up information.”
The five takeaways every business should today: (1) Have a weapons grade backup; (2) two-factor authentication; (3) religious patching of third party apps; (4) employee awareness training; (5) and cyber liability insurance.
Brander focused on heavy trucks from the perspective of an IT guy. He approaches ways to create protective solutions from the point of view of a hacker.
“Wireless threats and ELD devices. Geotabs is the fastest growing telematics company in the world. We have 1.15 million decices in the field. 40% YOY growth,” he said.
Heavy trucks have wifi now. They’re going to go where trucks are parked, not while they’re driving. They basically get a router and find a way at gas stations.”
“We’re basically stewards of our companies data. Security researchers (hackers) need a way in. You have to know the attack surface.”
With attacks becoming more advanced and sophisticated, training is mission-critical to minimize human error from the cyberattack equation.
Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.