The team at the National Motor Freight Traffic Association (NMFTA) sees a growing threat from cyberattackers and we’re working to prepare the trucking industry.
Digitization of the industry means that interactions between companies will move from on paper to online.
This is very efficient, and potentially very dangerous. It opens the possibility that, even if a company did everything right – used all the right cybersecurity methods, trained its employees and instituted all the right authentication requirements – it could still get hacked because a vendor or customer it interacts with failed to do the same, allowing hackers to get through the Application Programming Interface (API) that connects the companies.
APIs are the translators that make it possible for various digital platforms to communicate and interact with each other. And hackers know that.
Recently, Traceable and the Ponemon Institute collaborated on a research report that looked at the state of API security. They found that 60% of companies they interviewed had experienced data breaches, and of these, 74% had experienced at least three API-related breaches. Additionally, 40% had experienced five or more API-related breaches, and 11% had experienced seven or more API-related breaches.
In our recently issued 2024 Trucking Cybersecurity Trends Report, NMFTA shares emerging threats pertaining to the use of APIs, including the vulnerability of old, deprecated APIs known as Zombie APIs; denial-of-service attacks that can overwhelm a website, server, or network; APIs that make it too easy for hackers to bypass authentication requirements; accidental leakage of sensitive data, or exposure of stolen data; and undocumented back-door APIs known as Shadow APIs.
API attacks represent a lot of current threats to transportation companies, yet there is no question the industry needs to make use of APIs. In fact, to remain competitive in the economy, transportation companies must accelerate their adoption of APIs and other digital services. Any carrier who has struggled to get an invoice paid by a shipper will celebrate the ability of the shipper to simply log into the carrier’s system and pay that invoice. The industry needs more of this, not less. We must embrace APIs to digitize as much of the shipment process as possible.
