All businesses, and in particular trucking, should be aware of the increasing cyberattack risk which has ballooned during the pandemic. Here are some ways agents can help their trucking clients protect themselves.
During the coronavirus pandemic, cyberattacks have ballooned and evolved; ransomware attacks across all industries spiked 715% year-over-year, according to Transportation Topics.
Although all businesses—including your agency—should be aware of the increasing cyberattack risk, one industry in particular should be on high alert: trucking.
In mid-December 2020, trucking and logistics company Forward Air confirmed it was one of those unlucky victims. Targeted by the Hades ransomware gang, the company was forced to pivot to manual processes in the midst of the holiday capacity crunch, disrupting business operations, delaying customer shipments, and potentially impacting revenue, according to FreightWaves.
The Forward Air story is, of course, just one of many cautionary tales of the increased risk of ransomware in the age of COVID-19 and should be of special concern for your agency's trucking clients.
Vulnerabilities and leverage points include:
- Remote work means data backup and security practices may not be as robust as they are at the office.
- Businesses often underfund data backup, security and disaster recovery.
- Strained by a once in a 100-year pandemic, we're more likely to click a link or download a file from a source that, rested and focused, might give us pause.
Worse yet, according to a New York Times article on recent attacks, “...some cybersecurity experts say they suspect something more nefarious: efforts to interfere with the distribution, or ransomware, in which the vaccines would be essentially held hostage by hackers who have gotten into the system that runs the distribution network and locked it up—and who demand a large payment to unlock it."
Your transportation clients don't need to play a role in COVID-19 vaccine distribution to be a target. “Global supply chains are dependent upon information and goods exchanged through dependable and transparent methods," says Craig Fuller, CEO of FreightWaves. “Cyberattacks put this at risk."
So, how can agents help their trucking clients protect themselves against ransomware threats?
It's important to understand that data security solutions cannot prevent all ransomware attacks. That's why taking a robust, three-pronged approach to protecting your business-critical systems, applications and data is crucial.
That means investing not just in data security but end-user training, data backup and disaster recovery. Be sure to ask these questions:
- Have prime cybercrime targets—business leaders—received ransomware training, and are you regularly communicating the importance of vigilance across the company?
- Are you regularly conducting ransomware awareness training sessions and phishing simulation testing with your team?
- Are you immediately updating software and implementing security patches?
- Are you restricting access to systems and data to only those who absolutely need it?
- Has your IT team or managed service provider implemented a 3-2-1 backup strategy? This means you maintain three copies of data on two different types of media, one of which is stored offsite for disaster recovery.
- Does your business have a ransomware crisis plan in place? And did planning extend beyond the IT team to also include cross-department leadership, including customer service and communications?
- Does the IT team regularly test the recoverability of systems, applications and data?
- Are you performing tabletop exercises to ensure you're prepared—and to ensure you've identified any unknown vulnerabilities?
Cybercriminals have grown increasingly sophisticated—they're leveraging social engineering and expertly spoofing businesses we trust. It makes those urgent emails and web offers we receive from them nearly irresistible.
It's why you should suggest clients:
- Remain suspicious of unsolicited requests for personal data—whether it's received by call, text or email.
- Be wary of generic email greetings from people they know. If something feels off, it probably is.
- Be vigilant of data and financial requests from folks who wouldn't ordinarily make such requests, but who one would be inclined to immediately service, such as the CEO or an executive-level partner they've never met.
- Independently verify data requests by placing a direct call to the business using the contact information on its website—never the contact information provided in the message they received.
- Don't click links or download files from sources they don't know and trust.
- Don't share personal or financial data via email and don't click links that request this information.
- Confirm the website they're visiting is secure before they share sensitive data. Just look for the closed padlock icon and the HTTPS security protocol.
- Look closely at email addresses and URLs for the slight spelling or punctuation changes that signal a source has been spoofed. For example, email@example.com versus firstname.lastname@example.org.
- Never use a flash drive that's not their own or from a trusted source.
Ransomware is the quintessential example of prevention being worth a pound of cure. So, stay vigilant. We're all in this together—and together we can keep the wheels turning.
Meshach Weber is CMO & CXO of Loadsure. A leader in the field of behavioral marketing and behavior design, he's spent the last 11 years of his career in the transportation tech and data protection space, serving both enterprise and startup companies, including XRS, Omnitracs, ONE20 and Arcserve.