Ransomware attacks remained among the top cybersecurity trends in trucking for 2024, but AI emerged as an increasing concern for 2025.
That’s according to comments from cybersecurity and trucking industry professionals who gathered in Cleveland, Ohio, this week at the annual National Motor Freight Traffic Association cybersecurity conference.
Carrie Yang, senior vice president of Marsh’s cyber practice, said AI will definitely increase the frequency of cyber incidents and cyber insurance claims.
“You probably can ask ChatGPT or an AI tool to write a ransomware code, so it makes it very easy and accessible for anybody to launch cyberattack if they want,” she said. “Because AI has made it so easy to do those kinds of things, the frequency will go up. But severity? The financial impact? How big, how bad it will be? That’s TBD.”
Peeyush Patel, global chief information security officer at XPO, agreed that the frequency will go up, adding that AI is making it harder for people to recognize phishing and business email compromise – two precursors to ransomware attacks – by enabling bad actors to enhance the appearance of legitimacy.
“Gone are the days when your users could kind of understand that there are grammar mistakes and not click on those emails. Very well-written emails, very well formatted,” he said. “Like everything else, when the technology is evolving, the bad actors probably utilize it much faster than the good actors, so AI is definitely an area we're checking out.”
But at the same time, AI can help combat these attacks.
Patel said XPO is working with a couple of vendors using AI to find the highest risk, highest impact vulnerabilities and patch those. He said the company is close to 700 billion security signals as of October, and it would be impossible to find those “needle-in-a-haystack” vulnerabilities without AI and machine learning.
“I understand there's a lot of risk associated with AI, but … I believe, actually, it will help us level the playing field to some degree,” he said.
The Cloud
Another top cybersecurity concern in the trucking industry comes as many legacy systems are being transitioned to the Cloud.
NMFTA COO Joe Ohr said the cloud can give companies a false sense of security because they think it manages security risks when the company is still responsible for what’s stored there.
[RELATED: Moving your data to the cloud? Lots of reasons to do it, but cybersecurity concerns remain]
Steve Hankel, vice president of IT at 3PL Johanson Transportation, said his company had a failure trying to move to the cloud early on by using its legacy vendor that was really good at buying hardware, putting servers together and configuring them within the company’s network. He said the vendor promised it had the proper expertise in the cloud when it didn’t.
He said companies need to also realize their vendors still have other clients and can’t provide 100% focus to you, and you are ultimately responsible for all of your systems.
That’s why, he said, it’s important to provide continuous and updated training to your team.
Patel said it’s important to upskill your talent when moving to the cloud because the skillset is different to on premise.
“It’s really important to make sure you have the right talent because cloud, while it has a lot of agility and advantages … use it with caution, because you actually now are still responsible for security and making sure that the right controls are put in place,” he said. “You need to really upskill your talent, because naturally, a lot of the first phase of breaches we've seen in the cloud have been misconfigurations.”
Cyber talent
Patel added that there is a lack of talent in the cybersecurity space. He said many people in the space, like him, just fell into it without directly considering it as a career.
He said universities, which have cybersecurity programs at the master’s and PHD levels, need to create programs at the ground level to entice people into the sector as it’s a growing field with many open roles. Higher education has invested in bachelor’s programs for data and AI but not so much in cyber, he said.
Ben Gardiner, senior cybersecurity research engineer at NMFTA, said even high schools should consider programs that endorse these skills.
“I've definitely seen progressively over the years that the hands-on keyboard skills for the students that we're obtaining are waning. There just isn't as much command-line scripting, or even command-line interaction, year over year,” Gardiner said, speaking to his students at CyberTruck Challenge.
But Ohr said there is a fear of job security among students who are considering entering the field. He said his son, who has a special interest in technology and cybersecurity, said it is rumored that AI is replacing those roles.
“I don't know if AI could truly replace good analyst,” Gardiner said.
