Big-time hacks used to be few and far between. But they happen so often now that it's hard to keep up.
While large carriers have perhaps invested in state-of-the-art cybersecurity, it's likely their smaller counterparts have not. Due to the thin margins on which the latter often operate, their technology may be outdated. And they may be deferring any upgrades until they absolutely have to — which may be too late.
Any carrier, large or small, can be vulnerable to a sophisticated hacker. No one is bulletproof.
A non-exhaustive list of cyberattacks on logistics firms in 2020
Toll Group is hit by a MailTo ransomware attack, re-enabling track and trace on deliveries. The firm gets services back online more than six weeks later.
Total Quality Logistics, a brokerage based in Ohio, says hackers have breached its information technology system. Attackers access carrier account information, tax identification numbers and bank account numbers. This leads to a carrier lawsuit against TQL, alleging negligence.
Toll Group is hit by another ransomware attack, unrelated to the one in January.
Manitoulin Transport, based in Canada, is attacked by ransomware after employees reported issues with system access. The stolen information is then leaked online a couple months later.
Flatbed specialist Daseke suffers a ransomware attack. Data is stolen, then posted to the dark web. The attack does not result in operational disruption. TFI International also suffers a ransomware attack this month. The attack impacts only TFI's parcel and courier subsidiaries in Canada, including Canpar, and costs $6 million.
Tennessee-based Forward Air suffers a ransomware attack that causes widespread disruptions across its public-facing and internal operations systems. Customers aren't able to book loads for days.
Given the speed with which technology changes, it's certainly a challenge to stay abreast of what you need to do to keep your organization safe. But the basics are a good place to start.
Fleets should start their cybersecurity journeys by familiarizing themselves with the risks. No one is 100% safe from various attacks, so identify where you are most vulnerable.
Using computer technology to improve monitoring, communications and efficiency creates a new opening for hackers to attack such systems.
Any system with Wi-Fi, Bluetooth, GPS or internet connectivity, onboard computers, ELD, telematics or other connected devices presents an opportunity to hackers, who might engage in the following tactics:
- Injecting ransomware into systems to disable and hold them hostage.
- Redirecting GPS systems to other locations for the purposes of theft.
- Accessing corporate networks to browse and steal financial or personal records.
Once you have a protection plan in place, inform internal teams or external customers of it, as well as how you will react to an attack. Having a plan increases your value.
Prepare to prevent
The Consumer Watchdog group recommends installing kill switches that can be remotely activated if a vehicle is stolen, but it notes it would be better to prevent such attacks in the first place.
Hardware- and software-based solutions are emerging in response to these cybersecurity breaches. Aftermarket solutions can be installed in trucks without any vehicle modifications, and they can store telematics data within the vehicle and protect it with encryption when transmitting data over the internet.
Cloud-based solutions provide the most secure data-housing environments, as they are typically browser-based, with data stored behind encrypted firewalls on third-party servers. These data centers are usually monitored around the clock with limited access by personnel, and security systems are assessed regularly.
While there are various security measures fleets can take, what they can no longer do is pretend they're immune from hackers. Keep these things in mind, in addition to what's noted above, as you move forward:
Take the threat seriously
Realize this issue is not going away. Assume you will be targeted.
Attackers are becoming more sophisticated every day. Thinking like a bad guy can help you identify vulnerabilities.
Develop policies and plans
Develop and implement cybersecurity and asset-protection policies across the organization.
Train employees to ensure compliance. Audit systems, processes and policies regularly to confirm they are up-to-date and effective.
Engage functional teams — operations, IT, safety, driver training — to develop plans and solutions specific to your organization.
Keep an eye on the competition
Stay on top of what's happening in the industry, especially what peers and competitors are doing and whether any new products or processes are available.
Consider subscribing to industry newsletters and looking for relevant blogs in places such as LinkedIn.
Bernadette Harmon, senior solutions architect at JBF Consulting, and Dennis Heppner, principal at JBF Consulting, contributed to this article.
Brad Forester is the managing partner and founder of JBF Consulting. Views do not necessarily represent those of Transport Dive.