Cybersecurity Awareness Month is upon us, and it is the perfect time to take a closer look at the intangible threats facing the trucking industry. At Omnitracs, we see fleets deal with physical risks such as stolen cargo and driver safety on a daily basis, but it’s important to understand the unforeseen cybersecurity risks as well. As technology becomes more integrated within trucking fleets, from autonomous trucks to fleet telematics to IoT devices, fleets need to put a cybersecurity program in place.
Cyber concerns keeping fleet managers up at night
Throughout the course of this year, I’ve seen cybersecurity discussions take center stage at conferences and trucking industry events. During Omnitracs’ user conference back in February, I moderated a panel with cyber experts including an FBI agent and security researchers. From that discussion, it’s clear that cyber criminals find the transportation industry to be an attractive target, which puts pressure on trucking executives to shift from a reactive to proactive cyber approach.
According to the American Trucking Associations, the trucking industry generated $700.1 billion in revenue in 2017, making it no surprise as to why hackers would target this lucrative industry. In terms of attack vectors, there’s been a rise in hackers executing ransomware and malware attacks on back-office solutions. In fact, Cisco’s cybersecurity report stated that 59 percent of transportation security professionals believe that cloud infrastructure and mobile devices are among the most challenging to defend against attacks. Through these channels, hackers have the ability to steal personal data and sensitive route information.
Fleets must also take a long, hard look at internal processes and operations to see where there might be exposures. Unfortunately, human error continues to be one of the most damaging cyber threats, with individuals falling victim to phishing scams and providing personal information to attackers. These types of mistakes can be extremely costly to transportation companies. Having testing protocols in place and employee training programs will help minimize cyber risks that stem from human error.
Keep systems updated to maintain security
According to a study from EY, 89 percent of organizations believe their cybersecurity program does not fully meet their organization’s needs. This underscores the fact that fleets must keep up-to-date on their security processes and plans to avoid being prime targets for attackers. Processes and technical controls need to be updated regularly to help mitigate new risks. It’s not about buying the latest and greatest security solution. Success is having good cyber hygiene by patching vulnerabilities regularly, checking existing configurations, and continuously assessing new risks that impact the overall security program. Every security program has to be tailored to the unique needs of a company based on factors such as what types of data they store, the criticality of their services to customers, and the overall value of the data and infrastructure to the business.
Take advantage of resources and seek out partnerships
Luckily for fleet managers, there are a number of resources at their fingertips to help in cyber planning. Organizations such as the National Motor Freight Traffic Association (NMFTA) are working to educate members on issues impacting the transportation industry. They recently updated their cybersecurity website with guidelines around securely charging medium and heavy duty electric vehicles. At Omnitracs, we speak to many cybersecurity professionals and teams to understand their pain points and successes as they relate to cybersecurity. We even go one step further by having open and honest discussions with competitors and sharing resources to ensure the trucking industry has a strong defense against cyber threats. This type of collaboration and partnership will help the transportation industry grow and implement the right protections for the future.
Jeremy Daily, Associate Professor of Mechanical Engineering at the University of Tulsa, offered his insight on how companies, including smaller telematics providers, can keep information secure.