Marten Transport (CCJ Top 250, No. 40) filed paperwork with the Securities and Exchange Commission (SEC) Wednesday confirming that it had been the victim of a cyberattack earlier this month.
The more than 3,000-truck refrigerated carrier said it detected a cyber breach Oct. 3 that accessed and encrypted files on servers, and that the attack also included the download of certain data files. Based on a preliminary assessment, Marten said it does not believe the incident will have a material impact on its business, operations or financial results. However, the investigation indicates that some employee data may have been put at risk during the event. Out of an abundance of caution, Marten said it is offering its employees credit monitoring and identity restoration services at no cost for two years.
[Related: 5 signs you've been hacked, and what trucking CIOs can do next]
Upon discovery of the incident, Marten told the SEC it launched an investigation and engaged legal counsel alongside "industry-leading incident response professionals," and notified law enforcement.
While the investigation of the incident is ongoing, Marten said it has implemented a series of containment and remediation measures to address the situation "and reinforce the security of its information technology systems," the company wrote in its filing. "As a result, the company was able to restore full functionality to its information technology systems quickly with minimal disruptions to its operations."
According to encrypted cloud service provider NordLocker, logistics and transportation is the seventh most targeted industry for ransomware, a specific type of cyberattack.
“It is surprising how many companies still take cybersecurity for granted, ‘inviting’ hackers to exploit their vulnerabilities,” said Oliver Noble, a cybersecurity expert at NordLocker. “When successfully attacked, companies get all their employee data, customer details, client agreements, patents, and other valuable business information inaccessible and threatened to be stolen, leaked or destroyed for good. To avoid the doomsday – i.e. having business operations put to a standstill, damaged reputation, loss of clients, tiresome legal battles and huge fines – some organizations are left with no choice but to pay ransom to get the decryption key.”
Cyberattacks evolve practically daily, but NordLocker recommends a few easy-to-implement security tactics in business-defense:
- Make sure all employees use strong and unique passwords to connect to business systems. Better yet, implement multi-factor authentication.
- Secure email by training staff to identify signs of phishing, especially when an email contains attachments and links.
- Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
- Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.
