In July, the FBI sent an alert to trucking companies advising them of the potential for their electronic logging devices to be hacked. While the FBI told FreightWaves the alert was not in response to any specific threat, it did raise alarms in the industry.
How vulnerable to a hack is the transportation industry?
In October 2019, a panel at the American Trucking Associations’ Management Conference & Exhibition discussed a report that found businesses in the trucking industry and overall supply chain were the fifth most at risk of a cyberattack. Threats against the industry had increased 100-fold in just four years, the experts on the panel said.
If a new Travelers Cos. (NYSE: TRV) risk survey is accurate, not only is the industry still vulnerable a year later, it also isn’t prepared to address cyberattacks.
“With more employees relying on their ability to connect with company systems from remote locations, and many consumers preferring online transactions in an age of social distancing, it’s more important than ever for companies to do all they can to mitigate exposure to cyber threats,” Tim Francis, enterprise cyber lead at Travelers, said in a release announcing the survey results.
The 2020 Travelers Risk Index found that 79% of those surveyed believe companies should have the proper cyber prevention tools in place, but only 51% have purchased cyber insurance to protect against a data breach or cyber event.
Interest in cyber prevention lags
Even more concerning, according to the survey, is that only 44% have visited a cyber prevention website to learn how to protect their business, 43% have conducted a cyber assessment for customers’ assets in their custody or under their care and control, and just 41% have simulated a cyber breach.
Global container shipping company CMA CGM’s systems were hacked this week, putting a spotlight on the issue. A criminal enterprise calling itself Ragnar Locker broke into CMA CGM’s systems and took control of data, demanding payment before returning access to the data.
The world’s second largest company, Mediterranean Shipping Co. (MSC), suffered a malware attack in April. Cosco and A.P. Moller-Maersk have been hit in the past. On the trucking side, perhaps the most famous hack was the 2017 NotPetya attack on FedEx subsidiary TNT Express. FedEx said that attack resulted in a $300 million financial hit to its bottom line.
It’s not just large enterprises, though, that are victims of cyberattacks. In April, a 16-truck family-owned refuse hauler in Massachusetts was victimized.
For many in the transportation sector, while they may not handle sensitive data themselves, their customers do. Port operations are just as vulnerable, especially due to the amount of data transmitted between international companies and global customs authorities. During his keynote address at American Shipper’s recent Global Trade Tech Summit, Gene Seroka, executive director of the Port of Los Angeles, said data security has grown in importance for the port, which has had a cybersecurity operations center since 2014.
“We’ve also begun developing the next level of port protection. In the works is the first maritime sector cyber-resilient center designed to protect data flowing through our port community,” he said. “The pandemic has only heightened activity by opportunists. Since March of this year, unauthorized intrusion attempts are averaging roughly 40 million per month on our systems. That’s up nearly 50% from January alone. We all know that attempted intrusions and threats never stop. We have to stay one step ahead of the bad guys all the time.”
Remote work increases risk
The Travelers survey was conducted for the insurance giant by Hart Research and gathered responses online nationally from 1,216 business decision-makers July 6-23. The results showed that the growth in remote work since COVID-19 has heightened attention on cybersecurity.
“Taking appropriate precautions and having a plan in place should something go wrong will put an organization in position to seamlessly get back up and running. This is critical in ensuring that employees will be able to continue to access systems and maintain productivity, while also delivering a high level of service to customers,” Francis said.
Just 48% of respondents said their organization has utilized hacker intrusion detection software, while only 47% said they had performed a cyber risk assessment on their company and just 37% had done so on vendors. Forty-two percent had written a business continuity plan that could help them respond to a cyberattack.
The survey was first conducted in 2014, and since that time, 22% of respondents said their company had been victimized by a cyber event.
Almost half of organizations (47%) said the business environment is riskier than before, up from 36% in 2019’s survey.
Travelers’ Cyber Security website offers tips on what businesses can do to protect themselves. These include conducting focused cybersecurity awareness training, using virtual private networks (VPN) with multifactor authentication, enhancing cybersecurity monitoring and early warning protocols, and implementing an endpoint detection and response solution.