As Russia continues its invasion of Ukraine, cybersecurity experts are warning U.S. companies to be on high alert as cyberattack threats to their systems could increase in retaliation against U.S. sanctions on Russia.
With the trucking industry touching every aspect of America’s supply chain, it is more important than ever for fleets to protect their transportation management systems (TMS).
According to a report from transport and logistics industry software provider Magnus Technologies, it takes transportation companies 192 days on average to detect a breach and another 60 days to contain it. Magnus recommends companies move to a scalable cloud-based server as opposed to owning a local server to protect their systems.
Ben Wiesen, president of freight management software company Carrier Logistics Inc., said logistics and trucking companies are changing their philosophies on how they store data, and he has seen more opt for the cloud-based approach.
“There has been a dramatic shift,” he said. “If I were to relate that back to my own business of providing technology to LTL trucking companies, over the last five years I've only had one new client request that we do an on-premise deployment of the application. Every other new client has lucidly wanted a cloud-based deployment.”
Wiesen said companies can look at it two ways: the company itself can host the server in its own data center, which is more time consuming and expensive to build out the infrastructure and hire a team with expert knowledge in cybersecurity; or the company can choose to be added to a technology provider’s cloud that has the expertise to maintain the company’s data securely.
“It's a better option for multiple reasons,” Wiesen said. “Certainly, there is more control if you put a server in your own data center … There are trucking companies that are equipped to do that, but by and large, trucking companies are experts at trucking logistics, not hosting technology. Whereas the software providers are absolutely in the business of hosting, deploying and maintaining software applications and doing so securely … Most of the (trucking) market, that's not their expertise, and they don't have the infrastructure to install, support and maintain a secure environment to run their applications.”
A cyberattack could be as simple as a data breach in which a hacker obtains personnel files, driver records, medical insurance information and other information companies contain in their networks. It could mean privacy issues, loss of trust and a black eye to the brand in addition to the cost to clean it up and provide help to impacted employees.
Wiesen said the biggest threat to trucking companies right now – ransomware – could mean far worse.
“It would be absolutely devastating. I cannot emphasize enough how devastating it is to a trucking company because their business just grinds to a halt,” he said. “Computer systems today are so intrinsic in everything that a transportation (company) does to run its business that the business effectively cannot run without computers. They can't get a new load; they can't take an order from a shipper; they can't dispatch the orders they have; they can't invoice for anything. They simply cannot operate.”
Magnus partnered with Matthew Carpenter, senior technology strategist at cybersecurity firm Grimm, to hash through the differences between a client-server or local server model and a Software as a Subscription (SaaS) – or cloud-based – model. The firm ultimately concluded that the SaaS model is a safer route because of its scale and sophistication as the complexity of knowing where to make investments and manage new technologies is rapidly increasing.
Carpenter said when deciding between client-server and cloud-based TMS architecture — or any software platform — the most important factor is to determine if a cloud-based provider will do a better job of protecting data than the trucking company could.
It depends on the platform’s capabilities in four key areas: physical security, monitoring IP traffic, intrusion visibility and business continuity, he said.
Here’s what Magnus’s report determined in each area:
Physical security: Carpenter said the physical security layer of information systems is just as important as the virtual layer as it is much easier for people to access sensitive data and disrupt a business from within by having physical access to servers and other system components.
SaaS model: This model defers the risks of physical access to vendors who can do a better job of consistently maintaining and securing computer systems than a trucking company could.
Client-server model: This may be the preferred risk model for companies that want to maintain visibility and control over physical access. Some may feel more comfortable using their own electronic locks, cameras, card readers and hiring practices. Large businesses and government entities, for example, may want extremely valuable data – like nuclear launch codes – to stay on site, Carpenter said. Managing all the details of physical security at a high level adds monetary and complexity cost.
Monitoring IP traffic
Carpenter said most cybercrimes start with attacking a domain controller to access user accounts. By stealing user credentials, attackers can then login to a system and continue to penetrate additional security layers until they get what they want.
SaaS model: This model uses advanced protocols and encryption techniques to establish a secure channel of communications between the system and web browsers of authorized users. Secure protocols for accessing SaaS-based TMS systems include Transport Layer Security (https) and Secure Socket Layer (SSL). They are the same protocols that consumers and businesses use for online banking.
Client-server model: Companies with on-premise servers can keep a certain number of applications and data protected by firewalls and set up their servers to allow communications through a virtual private network (VPN) rather than connecting to devices over the open Internet. Problems with the speed or availability of a local internet service provider could disrupt remote VPN connections to on-premise servers. In addition, hackers can infiltrate personal devices of employees to gain access to their VPN and then find a route into their companies’ IT systems.
Carpenter said preventing physical intrusions is much easier than blocking virtual ones, so organizations need to maintain control and visibility of all IP traffic running on their networks and quickly identify and make sense of any exceptions that occur, which isn’t an easy task.
SaaS model: With this model, TMS providers can rapidly deploy security patches and updates to the software because customers are using the same version. TMS vendors that use cloud computing service providers can leverage technologies and expertise to limit post-breach access.
Client-server model: Companies that choose to run TMS platforms on their own servers must invest in their own network monitoring systems and have IT experts on staff who understand how to detect and resolve data security breaches and fix processes to prevent the same things happening again.
Business continuity: Carpenter said disaster recovery and business continuity are important factors to consider when evaluating TMS options as recovery speed is essential for a business to access critical IT systems and data in the event of a cyberattack or other major event.
SaaS model: This model’s cloud computing services typically include data backups as part of the subscription. This means data is backed up incrementally and can be switched to a different computing environment with full data recovery if an event occurs.
Client-server model: In this instance, this model costs more than using cloud services that operate at scale, and on-premise servers will not be available for remote access by workers if the local internet service is down or service is slow.