The team at the National Motor Freight Traffic Association (NMFTA) sees a growing threat from cyberattackers and we’re working to prepare the trucking industry.
Digitization of the industry means that interactions between companies will move from on paper to online.
This is very efficient, and potentially very dangerous. It opens the possibility that, even if a company did everything right – used all the right cybersecurity methods, trained its employees and instituted all the right authentication requirements – it could still get hacked because a vendor or customer it interacts with failed to do the same, allowing hackers to get through the Application Programming Interface (API) that connects the companies.
APIs are the translators that make it possible for various digital platforms to communicate and interact with each other. And hackers know that.
Recently, Traceable and the Ponemon Institute collaborated on a research report that looked at the state of API security. They found that 60% of companies they interviewed had experienced data breaches, and of these, 74% had experienced at least three API-related breaches. Additionally, 40% had experienced five or more API-related breaches, and 11% had experienced seven or more API-related breaches.
In our recently issued 2024 Trucking Cybersecurity Trends Report, NMFTA shares emerging threats pertaining to the use of APIs, including the vulnerability of old, deprecated APIs known as Zombie APIs; denial-of-service attacks that can overwhelm a website, server, or network; APIs that make it too easy for hackers to bypass authentication requirements; accidental leakage of sensitive data, or exposure of stolen data; and undocumented back-door APIs known as Shadow APIs.
API attacks represent a lot of current threats to transportation companies, yet there is no question the industry needs to make use of APIs. In fact, to remain competitive in the economy, transportation companies must accelerate their adoption of APIs and other digital services. Any carrier who has struggled to get an invoice paid by a shipper will celebrate the ability of the shipper to simply log into the carrier’s system and pay that invoice. The industry needs more of this, not less. We must embrace APIs to digitize as much of the shipment process as possible.
But we also must do it safely.
NMFTA’s Digital LTL Council is working to make this happen by developing a series of APIs that will digitize every step in the LTL shipment process.
It’s an ambitious project that, when complete, will provide the industry with API standards that will allow the industry to digitize nine specific functions, including:
Operational APIs:
· Rate quotes
· Electronic bills of lading (eBOLs)
· Pickup requests and pickup visibility
· In-transit visibility
· Preliminary rate charges
· Financial rate disputes
· Cargo loss and damage claims
Administrative APIs:
· Document retrieval
· Carrier route guides
This follows the Digital LTL Council’s successful rollout and implementation of industrywide standards for eBOLs. That was a critical step, but only a first step, in digitizing the industry efficiently and securely.
Because we always involve our team of cybersecurity experts in critical initiatives like these, we will be able to offer APIs to the industry that include the highest caliber of security measures built in.
Raising awareness about API security is crucial. Businesses must understand the potential consequences of a breach. A recent report from FreightWaves indicated that only 40 percent of companies in the industry are very familiar with APIs, despite the fact that 75 percent of respondents reported using them in their businesses. And 30 percent of shipper respondents shared that they have one to four APIs in place with outside vendors. Some said they have as many as 10.
This reinforces the reasoning for why our Digital LTL Council is taking the lead and developing critical (and secure) APIs, but everyone needs to get involved. We urge you to start by downloading our 2024 Trucking Cybersecurity Trends Report and getting up to speed on the threats – not only concerning APIs but to the industry as a whole.
We need APIs and we need digitization. Let's take charge of our digital security. By working together to set up sensible API protocols from the start, we can keep transportation companies focused on moving freight rather than battling cyber threats.
