We conducted a study of mid-sized companies analyzing their cybersecurity preparedness, as well as the volume and nature of cyber risks those companies faced in 2020 through today.
Of the six industries we studied – transportation, education, professional services, manufacturing, retail and healthcare – transportation saw the highest increase in cyberattacks, followed by healthcare, with transportation and logistics companies suffering a nearly threefold increase in cyberattacks beginning in 2020 – an increase of 198%.
It makes sense that trucking companies are targeted more than ever by cyber criminals. Transportation and logistics companies have been digitizing rapidly to increase efficiency, visibility and responsiveness. Operational technologies deployed in vehicles, with vehicle operators and workers – and even in the shipments themselves – improve the bottom line. The downside is that new technologies come with cybersecurity challenges. The complexity of protecting the attack surface and of configuring and operating the necessary cybersecurity solutions often outstrip the available skill and resources of IT teams.
With large, increasingly complicated IT operations, lean IT teams are often forced to make bets on what they will and will not protect in their organizations. For example, only 1% of mid-sized companies have email malware protection. Shockingly, of those few companies that have any malware protection at all, 88% of those solutions were misconfigured. IT teams just can’t keep up. What’s worse, hackers have sensed this vulnerability in the market and are trying to capitalize on it before IT teams regroup and figure out how to secure their organizations.
A single breach can paralyze a company for days or weeks, and the resulting reputational damage, lost profits, lawsuits and regulatory fines could put the company out of business. The NotPetya ransomware attack on Maersk in 2017 cost that company $200-$300 million dollars. More recently, a trucking company with 3000 refrigerated trucks had files and employee data stolen and held for ransom.
The marketplace has been of little help to mid-sized transportation companies during this crisis. Products have split into large, big-ticket enterprise solutions that require large teams to operate, or smaller solutions that will only patch one kind of vulnerability effectively. IT teams must either greatly increase their security spending or sew together multiple disparate solutions to protect their organizations and hope they didn’t overlook any glaring vulnerabilities.
There is hope for mid-sized companies seeking comprehensive solutions. AI systems and intelligent automation are solving the cybersecurity skills gap and resource challenges facing IT teams. AI and intelligent automation can be employed to watch a company’s IT systems, emails, cloud applications and endpoints for suspicious behavior.
AI can detect when files are about to be exfiltrated, when possible malware is being forwarded in email and when endpoints or cloud applications might be compromised and then notify administrators or lock systems down automatically without human intervention. For the small percentage of issues that AI and intelligent automation can’t resolve, these solutions send a concise and clear notification to administrators who then quickly resolve the issue in moments.
Our research shows that cyberattacks against mid-sized trucking companies are escalating in volume and sophistication. It’s never been more important for transportation companies to prioritize cybersecurity. Fortunately, advances in AI and automation make easy-to-implement and highly-effective cyber protection more accessible to mid-sized trucking companies than ever.
Growing transportation companies must embrace AI-enabled cybersecurity to give their lean, busy IT teams much needed support and peace of mind so they can focus on running successful businesses and best serving their customers.
Guy Moskowitz is the CEO of Coro, the all-in-one cybersecurity platform designed for small and mid-sized organizations, growing businesses and lean IT teams.
