Ransomware and other cyberattacks go hand-in-hand with natural disasters and global health pandemics.
“Covid has been one big opportunity for fraud of all kinds. We were all distracted and dealing with things in our personal lives, at our companies, and with the election. It was a great time for someone to make a mistake and click on something.” Sharon Reynolds, CISO, Omnitracs
In the first half of 2020 alone, research found that ransomware incidents increased by 715% year-over-year. In May and June, an average of 60% of all received emails were fraudulent, according to the research from Bitdefender.
“Whether it was phishing scams exploiting the coronavirus, a fundraiser or a jaw-dropping offer you couldn’t resist, bad actors have pulled every trick of the trade to fool victims into providing sensitive information, installing malware, or falling prey to scams,” the report reads.
Cybercriminals are opportunists who prey on distraction, said Sharon Reynolds, chief information security officer at Omnitracs, and the transportation industry has not been immune.
Reynolds doesn’t see a concerted effort by cybercriminals to target transportation and logistics companies. Rather, the industry is “being attacked the same as others,” she said.
For trucking specifically, she notes that attacks have been on a massive rise since 2015, based on FBI reports.
The agency has not released its 2020 numbers yet, but Reynolds expects the number will have doubled, year-over-year. The top cybercrime by volume is phishing and smishing, each a social engineering activity.
In the case of phishing, victims are enticed to click on email links and provide sensitive data such as passwords and financial information. Smishing is the same thing, only with text messages.
The transportation industry is most vulnerable to cyberattacks on back-end systems that are exposed from inadequate security on the external perimeter of their computer networks, Reynolds said, such as having a remote desktop protocol open.
“I think security is kind of new to the industry. I think that is the issue,” she said.
[Related: Watch: How to survive a cyber attack]
Motor carriers who have done a cost-benefit analysis in the past for greater cybersecurity protection might have decided against hiring more IT workers, contracting with professional security firms, or buying new hardware and software, among other measures.
“It may not have seemed worth it before,” she said. With the events of the past year, the industry has “definitely hit an inflection point,” she added, and many criminal organizations have realized transportation may be a soft target needing improvement.
Another factor to consider is the cost of a data breech. A 2020 report by IBM puts the cost at $150 per record. This could be any record that contains sensitive, personally identifiable information such as a line item in a payroll record.
Many carriers have thousands of such records, and the same report pegs the average cost of data breech events to companies at $8.6 million last year.
Reynolds suggests that transportation and logistics companies have a cyberattack response plan since “at this point, it’s not a matter of if," she said, "but definitely when.” As part of that plan, she recommends companies look at paying incident retainers for security firms that can jump in to help quickly.
As part of preparing a plan, companies should conduct a “tabletop” or mock exercise of what would happen in the event of an attack, step-by-step, in order to make decisions beforehand about what to do and when to get a security firm involved.
Reynolds recommends downloading a free exercise from the National Motor Freight Traffic Association (NMFTA) to help prepare for a cyberattack. She also suggests having contacts ready for law enforcement and developing relationships with the FBI to avoid cold calls.
“We do fire drills,” she said. “We should be doing ransomware drills.”
Paying the ransom is a last resort and may actually be illegal, as some crime organizations are on the OFAC list of sanctioned companies. Even if a ransom were paid, the criminal will most likely have already stolen the data and the extortion would continue, she said.