2021 is a big year for cybersecurity.
InfraGard, a nonprofit organization focused on collaboration between private fleet security and cybersecurity professionals and the Federal Bureau of Investigation, is celebrating its 25th anniversary. Many of my security team and I are proud to be individual members of InfraGard. Through our memberships, we work to safeguard the country's critical infrastructure — much of which falls under the protection of private companies and entities. At its core, InfraGard is a space for the public and private sectors to collaborate, network, and improve our collective understanding of current security and cybersecurity threats.
With this milestone in mind, I brainstormed cybersecurity's evolution pertaining to our industry and what top tips I would recommend to fleet professionals today to keep their businesses as protected and secure as possible.
Tip #1: If you're an over-the-road or last-mile driver, practice vigilance behind the wheel
If you're a driver, you should abide by your company's policies on using your in-cab technology. In addition to this, you should always remain situationally aware. Many attackers are sending emails and SMS links to your phone, and these are all attempts to defraud you personally or use your credentials to harm your company. In addition to this awareness, remain aware of anomalous behaviors in the truck, tablet, and your cellphone. If something doesn't feel right, go with your gut instinct, and talk to your local security department.
Tip #2: Develop a comprehensive IT plan
IT professionals should defend and detect against ransomware. Here are the top action items IT departments should keep top of mind:
- Implement phishing awareness training across the company, as attackers typically start with phishing.
- Use email filtering solutions to help block malicious URLs sent across the company.
- Start taking a look at your perimeters and identify indicators of compromise that are well known.
- Utilize frameworks like MITRE ATT&CK, which is a well-established knowledge base of adversary attacks and techniques.
- If you know what parts of your network are vulnerable, close the door like you would a submarine. The flood may get to one part of the submarine, but containing the vulnerability and working with a third party for forensics will help you better contain that flood to one area.
As I always say, prepare for the worst and hope for the best. With pre-established playbooks and incident response plans at your disposal, you can get ahead of risks.
Tip #3: Prioritize ransomware protection
To no surprise, ransomware and double extortion are still the top threats to the transportation industry. The attacker comes in, takes a copy of all your data, and deploys ransomware across your company. The attacker then threatens to release your confidential information to the internet unless you pay exorbitant financial compensation to decrypt your data and have it returned to you.
Tip #4: If you're a fleet executive, identify cybersecurity as another top risk category for your business
Cybersecurity deals with highly technical terms and way too many acronyms, but it's all about business impact at the end of the day. Fleet professionals should ask questions like, "What's the impact on my business from an operational, financial, and reputational standpoint? If a fire started at the office, what would a successful company leader have in place to put the fire out and recover?" Cybersecurity should be viewed the same way.
Tip #5: Know the unique risks for your fleet size
I can't yet say if smaller or larger fleets are more at risk of cybersecurity attacks, but I can affirm that both fleet sizes carry unique risks. If it's a financially motivated cyber-attack, larger fleets may be at greater risk because the attackers may consider it financially rewarding to target a larger company. However, these fleets might have more IT and security resources and may not be quite as soft a target as smaller fleets.
Tip #6: When it comes to your applications, work with a company that prioritizes security infrastructure
Be it private or public cloud, it's most important to have a security program with defense in depth. At Omnitracs, we prioritize top-of-the-line security for our customers' infrastructure to ensure the confidentiality, integrity, and availability of our services.
Tip #7: Take pride in the resiliency of our industry
Ask any industry veteran, and they'll confirm that our industry and world have witnessed a fast-paced evolution of cybersecurity. Our industry is incredibly resilient. One of our top strengths has been our ability to evolve with the times. Many transportation pioneers will remind me of various events that have occurred in the sector, from rising gas prices to ever-changing regulations.
Historically, our industry's professionals have always found ways to address risks, work together, and overcome. Cybersecurity risk is in the same vein; there are things you didn't think you'd ever survive, and then you found a way.
Our industry is very aware and rapidly working toward solutions. Luckily, we are positioned to utilize best practices established by other sectors that have already gone through this lifecycle, like retail and banking. With every challenge that's come before transportation, we've found a way to overcome it by sheer will, determination, and a sprinkle of innovation. That deserves a pat on the back!
For more on how to protect your company in the cybersphere, read my blog article from Cybersecurity Awareness Month 2020. Be sure to visit the Omnitracs Road Ahead Blog during Cybersecurity Awareness Month this October, where I'll be sharing the latest and greatest in awareness and prevention efforts. See you then!