Cybersecurity is fast becoming critical, yet remains a non-core competency for most executives

  (Photo: Shutterstock)

(Photo: Shutterstock)

Over the past two years, cybersecurity for trucking has emerged as a leading issue for carriers of all sizes. However, it's still often overlooked, and only dealt with from a defensive posture. This year, the American Truckers Association (ATA) announced Fleet CyWatch, a new benefit for ATA members. 

The program assists fleet members in reporting information about trucking-related internet crimes and cyber-attacks, and shares information to fleets about cyber threats that may impact their operations. The program connects industry, federal enforcement, and associations and trade groups specialized in cybersecurity to improve U.S. road transport safety.

In the supply chain, customers are demanding real-time information, quotes and visibility, and those that don’t invest in the necessary technology will rapidly lose their market place. 2018 has also marked the year of the ELD. Things will never be the same for the transportation industry. With advancements in technology, comes greater security risk.

Speaking at TMC's Fleet Data Management and Cybersecurity Conference, Chris Cooper, president of Boyd Brothers, said he sees hacking issues all the time. “Cybersecurity threats are on the rise,” he says. "The risk and threats are real and growing. How do we protect ourselves?"

"It starts with proper backup and with people monitoring it all the time. It’s not a choice, but a necessity."

Randy Goggans, co-founder and executive VP of ThreatAdvice, says there’s a well-known saying in his circles: There are only two types of companies. Those who have been hacked, and those that will be. "Really, to me, it's 'and those who have been hacked, and those who don’t know they’ve been hacked.'"

"This is organized crime,” Goggans say. “It’s sophisticated, and they’re after you. So, get prepared. It takes an average of 206 days to detect a breach. Most companies we see today pay the ransom. It may not be a lot. It may be like three bitcoins, but when it comes down to it, CEOs want their data back. They usually pay."

"$3 billion ransomware was paid out in cryptocurrency in the U.S. Over $500 billion globally in 2017 alone," he says.

Why are we more at risk than ever? The advancement of technology. Everything’s connected; many more connected devices, including IoT devices. There are multiple entry points from phishing, to spam, to user passwords, to installing malware, to divulging confidential information to third party vendors.

GlobalData believes that spending on artificial intelligence (AI)-infused cybersecurity tools is set to increase significantly over the coming years. Their figures show that companies worldwide spent a combined $114 billion on security products (both hardware and software) and services in 2017. By 2021, the figure is expected to have passed $140 billion, at a compound annual growth rate (CAGR) of 6%. Spending on services accounted for 68% of total spending in 2017 and this share will remain relatively steady through 2021, despite the CAGR of the services segment (4.9%) being outstripped by that of products (7.7%).

The company’s latest findings show that while cybersecurity has now become a critical business function, it remains a non-core competence for a significant number of boards. Chief information security officers (CISOs) have become increasingly common in recent years (recent research suggests that nearly two-thirds of large US companies now have a CISO position), but the majority do not report directly to the CEO, which reduces their effectiveness.

Cyrus Mewawalla, head of Thematic Research at GlobalData said, ‘‘The frequency of cyberattacks is only likely to accelerate over the coming years, therefore it is vital that senior executives have a full understanding of the inherent risks and implications. The losers will be those companies whose boards do not take cybersecurity seriously, as they run a higher risk of being hacked.’’

‘‘Traditionally, most companies have adopted a prevention-based approach to cybersecurity," said Mewawalla, "but recent advances in technology areas like machine learning are enabling a move towards active detection of threats.’’

This allows pre-emptive action to be taken to stop breaches before they occur and also serves to free up resources currently occupied with chasing false positives from existing, more reactive systems.

GlobalData identifies the key cybersecurity technologies as network security, unified threat management, artificial intelligence, behavioral analytics, SIEM, endpoint security, mobile security, identity management, data security, application security, email security, cloud security, managed security services, post breach consultancy services.

Screen Shot 2018-07-18 at 2.48.57 PM.png

Looking at unified threat management (UTM), GlobalData believes that this should be an area for growth going forward. The process can tackle diverse threats and also address the issues faced by companies that find themselves with a myriad of security products from a wide variety of vendors, which can result in a security landscape that lacks coherence.

Mewawalla added, ‘‘There is an ongoing move away from a prevention-based approach to cyberattacks and towards active detection of threat actors using intelligence-led tools. Chief information security officers (CISOs) and security executives are increasing investment in detection and response based offerings such as deception technology, software-defined segmentation and behavior analytics.’’

Trucking companies need to create and maintain a cyber security plan. Here are some security tips for trucking fleets:

·   Make sure all employees are trained, and are using best practices when it comes to security protocol.

·   Run a comprehensive malware and antivirus program, for both software and operating systems.

·   Update security patches and limit password attempts. It’s critical for your company to be proactive when it comes to keeping your website’s code updated.

·   Create frequent backups and a “hacked” disaster recovery plan. Make sure you maintain a cloud-based backup, with a comprehensive plan in the event you’ve been hacked.

·   Review your IT environment for vulnerabilities and update your systems accordingly. It’s important that you stay one step ahead of hackers, and keep abreast of changes from password timeouts to new malware protection advances.

Once your trucking company has created a cyber security plan, train all employees and owner operators on how to stay safe and prevent attacks. Make sure they all understand how to generate strong passwords, how to recognize phishing email scams, and how to properly encrypt emails that contain secure information.

With autonomous vehicles virtually at our doorstep, it is becoming mission critical for carriers and drivers to protect themselves. Points of vulnerability will be exploited by those who seek to cause harm, economically or otherwise.

Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.