Digital security remains a top concern for the trucking industry, as highlighted by a recent string of cyberattacks on trucking companies.
Cross-border trade in particular has been targeted in the past few months, with almost a dozen cyberattacks on the international supply chain industry. Alaster Love, Chief Technology Officer at Panacea Strategy, explained that the industry is highly vulnerable due to its reliance on the digital transfer of funds and data.
In September, hackers targeted Manitoulin Transport, a Canadian trucking company, and CMA CGM, a French shipping container company. Then, in October, Daniel B. Hastings and Daseke Inc., two Texas-based firms, were attacked. Daniel B. Hastings, a customs broker and freight forwarder, was the victim of a ransomware attack, with hackers posting the company’s files – including U.S. Customs and Border Protection (CBP) documents for shipments – on the dark web. Hackers also exposed Daseke’s sensitive data on the dark web, including drivers’ personal information.
Cyber attacks are nothing new for the logistics industry; trucking companies have been contending with the threat since the onset of digitalization. According to Mark Murrell, co-owner of online truck driver training provider CarriersEdge, trucking is an optimal target for hackers due to it being a “high dollar business.”
“That means companies have relatively large amounts of cash or credit available, and they’re used to paying pretty big bills,” said Murrell. “If you successfully execute a ransomware attack, you can extract a higher payment than you’d get targeting small and midsize companies in other, lower dollar industries.”
Such attacks can result in a loss of money, sensitive data and potentially future revenues due to a damaged reputation, according to Love.
“Around 60% of the people that pay ransomware still do not receive all of the data that was compromised, so there’s loss of data,” Love said. “Most importantly, I think it’s a loss of reputation. Customs brokers are entrusted with protecting their data and their customers’ data.”
Last year, CBP updated the minimum security requirements for its Customs Trade Partnership Against Terrorism (CTPAT) program, which includes an updated cybersecurity policy. The CTPAT program allows supply chain companies with documented risk alleviation procedures to benefit from accelerated processing of cargo.
The new requirements state that all CTPAT members “must have comprehensive written cybersecurity policies and/or procedures to protect information technology (IT) systems. The written IT policy, at a minimum, must cover all of the individual cybersecurity criteria.”
While such policies are helping to combat cyber attacks in cross-border trade, the COVID-19 crisis remains a hurdle for the trucking industry, with hackers playing on the distraction and shift in priorities amidst the pandemic, as well as an increase in remote operations.
Said Jane Jazrawy, co-founder and CEO of CarriersEdge, “With COVID-19 and back-office staff working from home, all of those security precautions that you may or may not have had at the office are gone. You are logging in from your possibly unprotected router, so there is a higher risk since you are not in an office where things are locked down by a central IT department.”
Jazrawy urges companies to remain vigilant to protect sensitive company information and the personal information of their drivers from cyberattack