Cybersecurity breaches are an increasingly common threat to the trucking industry that cause devastating financial harm that is often hard to come back from.
“Almost all breaches end in a lawsuit. On average, those lawsuits are upwards of $10 million per company just to get back on your feet,” said Antwan Banks, director of enterprise security at the National Motor Freight Traffic Association (NMFTA), “not to mention how much business you may lose because of loss of brand recognition.”
The NMFTA is a nonprofit membership organization representing the interests of less-than-truckload carriers. It provides cybersecurity support for the industry as well as critical services like classification standards, identification codes and digital operation standards. The organization is committed to providing motor carriers with cybersecurity expertise and resources that the industry can use to protect from cyberattacks.
With such high stakes, motor carriers of all sizes must take action before breaches can occur.
Banks sat down with FreightWaves to discuss what carriers need to know about the differences between enterprise and asset networks and how they can improve their cybersecurity.
Enterprise vs. asset networks
Enterprise and asset (also referred to as vehicle or fleet) networks are made up of different devices and components.
Enterprise networks comprise a company’s back-office systems, like servers, laptops and desktops. Asset networks, also referred to as fleet or vehicle networks, include telematics systems, Controller Area Networks and connectors.
Banks said that they require two different kinds of skill sets as they each involve different equipment. However, due to the interconnectivity of asset and enterprise networks, companies should have strong enterprise security in order to protect their asset networks. If bad actors gain access to an enterprise network, they could use a tactic called pivoting to hop between networks.
“[Hackers] are gonna take advantage of that trust relationship to jump from the enterprise network over to the fleet network and that way … if they’re trying to encrypt ransomware, they can deliver the payload for the ransomware to the fleet side. If they’re trying to stop a truck, or slow down a truck, they can execute their malicious activities,” Banks said.
Email phishing is the most common way hackers gain network access. Other tactics like voice phishing, water holding and new AI voice impersonations all also pose major threats to enterprise systems.
How to protect against cyberthreats
The No. 1 thing Banks recommends companies do to protect against breaches is user awareness training.
“A company can spend tens of millions of dollars on the latest and greatest cybersecurity, but if their user is socially engineered and clicks on a phishing email, then they’re going to bypass all that security,” Banks said.
Patching vulnerabilities is also paramount because hackers are looking for weak points to exploit. Old and outdated systems that can’t be patched should be protected with compensating controls, Banks added.
Proactively monitoring your network to identify anything unusual is critical to get ahead of issues.
“The last way you want to find out that your network has been hacked is when it has been locked and encrypted,” Banks added.
To learn more about cybersecurity threats impacting the trucking industry, the public can attend the NMFTA’s Digital Solutions Conference in Houston from Oct. 22-25. The conference will focus on cybersecurity threats facing vehicle and enterprise networks within the trucking industry. Attendees will hear from experts in the field from organizations like the Cybersecurity & Infrastructure Security Agency, the Department of Homeland Security and the Transportation Security Administration.
Click here to learn more about the NMFTA.
The post How to protect your business from enterprise and vehicle network breaches appeared first on FreightWaves.