A vulnerability management (VM) program is probably not the first thing most trucking companies think of when they set their priorities. They’re concerned with maintaining vehicles, retaining drivers, working well with shippers and 3PLs, and managing issues like fuel costs, routing, delivery schedules and so forth.
That’s understandable. But if these companies realized how vulnerable they are without a patching plan or VM program, they might add patching to the priority list without sacrificing the others.
My hope is that this column will make you fully aware and spur others to take that action.
VM is simply a program to apply, in a timely manner, security updates called patches to all Operating Systems (OSs) within an organization. It’s merely the ongoing commitment to cybersecurity updates. We call it patching because the nature of a digitized world requires so many system updates, and that requires constant actions to address security holes.
This is one of the most glaring vulnerabilities that hackers exploit. They know that every trucking company’s operating system requires frequent updates, which means old patches have to be replaced by new ones. Some use Linux. Some use Microsoft. Often, you’ll see a combination of the two since many trucking companies have multiple operating systems.
The designers of these operating systems come up with updates frequently. Once a month is not out of the question. Microsoft has Patch Tuesday where they push out patches the second Tuesday of each month.
The trouble is that applying the patches is more complicated than merely telling your computer, “Okay, fine. Run the update.” Indeed, patching can break things if it isn’t done correctly. The average person who starts recklessly patching everything in sight can produce more problems than solutions.
