Why cyber criminals are targeting the transport industry
Cybercrime isn’t new, but it’s taking new forms. While financial institutions and other lucrative targets have tempted hackers for decades, sectors like transportation and trucking – where fresh technology has spurred new growth – are gaining more attention from data thieves looking for a big score.
New technology can lead to new vulnerabilities
Technology is a double-edged sword: it can raise your fortunes, but also pave the way for thieves to gain access to your business. In fact, there were 38% more cybersecurity incidents in 2015 than there were the previous year, and the average cost per data breach in 2016 was $4 million.
Cybercrime in the truck and transport industry generally targets centralized IT systems to isolate and take over cargo and equipment, which can also pose serious threats to employees and to public safety. Understanding your technological weak points is the first step towards a safer operation, and knowing how to protect your systems can reduce the risk of a serious cyber incident that harms your customers and your business.
How cybercrime targets cargo
Cargo theft is an ongoing problem for carriers, and technology provides new ways for thieves to make off with freight. One relatively new tactic is known as “fictitious pick-up”: thieves look up valuable loads on online loadboards, and using false credentials to pose as legitimate truckers (such as a defunct company’s DoT number), they get the contract, pull up their own truck to the point of collection and simply drive off before anyone realizes they weren’t who they said they were.
Another way to target cargo is to stop a truck in its tracks. Telematics systems take different forms, but one very popular class 8 truck system known as the SAE J1939 standard is more prone to hackers than it seems. In a recent report, researchers at the University of Michigan demonstrated how easy it was to remotely change the truck instrument panel, affect acceleration or disable brakes. In fact, they concluded that computer systems in trucks were easier to hack than those in cars.¹
Serious threats to safety
Of course, cargo isn’t the only asset at risk. Ransomware can be used to hijack a truck’s control system to suspend delivery and strand drivers until the victim pays the requested ransom. Such a situation could have grave consequences for the driver, and the criminals could make off with confidential fleet and customer information, too.
Privacy breaches can cost you a fortune and ruin your reputation. However, some experts expect that things are about to get worse, with threats of intellectual property theft, cyber extortion and the impact of business interruption following a cyber-attack raising the stakes.² The more machines exchanging data, the more chances for data theft.
Is your company at risk?
As technology advances, some businesses embrace interconnectivity by patching together a system of IT tools to improve different aspects of their operations. The problem is that these systems don’t always work together seamlessly: some are older than others, updates aren’t always carried out and they may not communicate effectively. If your company relies on a loose arrangement of different electronic tools for your daily operations, you need to take extra caution when it comes to staying up to date with software and securing lines of communication.
You don’t need to be a big, internationally-renowned company to attract cybercrime – small and medium-sized businesses are increasingly preyed upon. After all, smaller companies typically won’t have the same prevention training and security barriers to ward off cybercrime that a large company could afford to implement. In fact, there has been a steady increase in cyber-attacks on businesses with 250 employees or less.³
Stay one step ahead
The fact is that any transportation company could be at risk of cybercrime. Here are some of the ways you can protect your business from privacy breaches or ransomware (and their crippling consequences):
- Stay vigilant – and adaptive. Keep up-to-date with software and take time to make sure your lines of communication are secure. Use a tool that can provide compliance reporting, and run a centrally-managed antivirus program that updates signatures frequently.
- Plan well. With a solid incident response plan, disaster recovery plan and business continuity plan to back up your business, you stand a much better chance of recovering with your operations and your reputation intact.
- Train your staff. All your staff should understand relevant security concepts, and they should know how to properly run and inspect electronic systems. Of course, a dedicated and well-tuned IT division is always a good addition to the team.
As cybercrime changes, protection, prevention and insurance measures must adapt. It’s difficult to predict what the future holds as transportation becomes increasingly computerized, but it’s important to think about all aspects of your business, and with the help of your broker and insurer, try to account for the risks that could be waiting around the corner.
¹ Ontario Trucking Association, Researchers Conduct Truck Hacking Experiment http://ontruck.org/researchers-conduct-truck-hacking-experiment/ [Aug 16, 2015]
² Canadian Trucking Alliance, Cyber Risks on the Rise for Transportation, cantruck.ca/cyber-risks-on-the-rise-for-transportation/ [Sept 18, 2015]
³ Symantec, 2016 Internet Security Threat Report, page 44