CCJ Upshift: Emotional events like COVID expose security weaknesses

Malicious hackers are always on the lookout for opportunities to launch an attack, and the coronavirus pandemic has provided one.

According to cybersecurity agency Mimecast, transportation was one of the three most targeted sectors by cyberattackers during the first 100 days of the pandemic, and the firm said there’s a greater than 95% chance that cyberattacks will increase after the event.

Cybersecurity was a topic of discussion Thursday during CCJ‘s online Symposium, Upshift. Panelists for “Breaches & Ransom! Why Hackers Think Fleets are Easy Targets” included B-H Transfer Vice President of Administration John Wilson; Matt Cacace, Daseke’s senior vice president of business systems; and Bob Verret, Chief Information Office for Dupré Logistics.

“This is a very emotional time,” Verret of the pandemic, “and when you’re emotional, you tend to be distracted.”

It’s a generally accepted concept that a company’s greatest cyberthreats come from within, Cacace said.

“You and I and others get several emails per day or per week that entice you to click on links to take you to websites where we’ll just say bad things can happen,” he said. “Anyone with a network has a firewall that is probably attacked several times an hour with various bad actors trying to get into your system.”

Wilson’s Georgia-based company has been the target of attackers a few times, most recently in February, just as coronavirus made headlines but before anyone knew what lay ahead. The company’s anti-virus platform diagnosed and shut down the malware attack before it was able to launch, but Wilson noted the initial attack turned out to only be the first wave.

“They decided to wreak a little more havoc the only way they could,” he said of the attacker. “Somehow, they got into our backup on that one, deleted it, and on the way out turned on Microsoft’s BitLocker encryption.”

In encrypting the carrier’s files, “that effectively wiped the entire server out,” Wilson said. “We couldn’t get on it, of course. We didn’t have that 42-bit key.” B-H Transfer was able to recover the files with minimal disruption to the operation, but it took almost two weeks to untangle the mess the frustrated hacker left behind.

Partnering with a third-party security provider, which B-H Transfer has done, can be helpful and Verret suggested a layered approach to security that includes monitoring and measuring protocols “as things change very rapidly in the environment.”

“Keeping your own internal people well-educated on awareness that these things are out there and these things can happen and it’s only a point and click away,” Cacace added.

Daseke uses quarterly training and Verret said the company is a firm believer in “social engineering,” a security layer in which the company sends controlled phony phishing emails that provide instant feedback on employees that need enhanced training.

“We basically had a social engineering go out, pretty much, the day after we instituted our work-from-home policy,” he said.

Verret said the first step in thwarting a cyberattack is to not click links embedded in emails if there’s a reason to suspect the email itself isn’t legitimate. Then, contact the IT department or service desk. Never reply to the email. Verret said if the recipient needs to verify the sender, they should call them directly.

A quick and easy-to-implement security layer, Cacace said, is to protect the company’s email system via cloud-based service, which distributes a company’s email over a number of cloud servers “which have a high level of security around them, as opposed to have a server sitting in your own server room,” he said.

A replay of the panel discussion, titled “Breaches & Ransom! Why Fleets are Easy Targets for Hackers Right Now,” will be available for download next week at the following link: www.ccjsymposium.com/downloads.