The trucking industry was ranked fifth among all sectors at being a high risk of cybersecurity attacks, given that the number of possible security threats in the transportation sector grew more than 100 percent in only four years.
Alabama-based J&M Tank Lines is a case in point on how cyber attacks can be damaging. The company, after all, suffered a cyber attack not once but twice in 2019, which its Chief Executive Officer, Harold Sumerford described as a "storm" that blew the company "out of the water."
The ransomware attack in April 2019 of the J&M Tank Lines computer system left the company unable to pay its drivers accurately and process invoices. It took four days for the firm to regain control of their systems. Another attack happened in June, but fortunately, the carrier was more prepared and was able to go back to normal operations within seven hours.
The growing appetite of trucking industry players for technological tools to help them run their businesses should be matched with the steps necessary for building a better protection from hackers. More so, since logistics and transportation firms are currently among the most highly targeted industries by hackers. It also does not help that a survey conducted by Ernst and Young said that 89 percent of organizations in various industries said that they do not believe their systems can withstand cyber attacks.
How To Protect Your Systems from Hackers
A panel consisting of company executives from the trucking industry in a conference said that there are ways to help prevent cyberattacks as well as mitigate their consequences. Here are the panel's key recommendations on cybersecurity preparedness.
Conducting an Assessment
There are various assessments available for trucking firms that can be used as a framework for evaluating the vulnerabilities of a company's system. Companies can either conduct these assessments internally or hire a third-party to do it. It's recommended that the assessment be done at least once a year.
Conducting a Penetration Test
A penetration test involves an outsider referred to as a "white hat hacker" that will test and probe company systems in search of vulnerabilities. Employees shouldn't know about this test beforehand, as it could end with skewed results. The penetration test is on top of the self-assessment as it can provide more discoveries not found during the self-assessment. This test is best performed every year or two.
Prioritizing the Risks
The results of the tests should be used in a risk assessment where executives will plot the risks according to the significance of their impact and identify the most critical risks they have identified.
Applying Software Patches
Software patches are like hand washing or hand sanitizing. Think about it, hand washing can fend off viruses and bacteria, but only if it is done consistently. The software patches will act as a disinfectant, which is only effective if its part of the regular maintenance and operation of the system.
Consider Getting in Cyber Insurance
J&M Tank Lines bought a cyber insurance plan shortly after the attack on its system as part of its deeper cybersecurity action plan. Getting insured is critical these days as cyber attacks are a business risk. However, insurance firms will only grant insurance to companies with a robust cybersecurity program, and after they've been vetted.
Creating an Incident Response Plan
Chance favors the prepared. In that line of thinking, there should be a protocol in place on how to respond to cyber threats. Some of the items that the company needs to include in their incident response plan are:
- The person-in-charge
- The person who should be notified
- The forensics team- Companies need to have a business relationship with a forensics company on retainer
- Federal Bureau of Investigation (FBI) and or Department of Homeland Security(DHS) contacts
- Specific rules for when to, or not to pay the ransom
The above guidelines are good to have, but companies should remember that they are only short-term solutions. In the long-term, the industry as a whole must come together to establish more robust security standards and agree to continue raising the bar to keep the hackers out.