This May a NY Times headline exclaimed, “Cyberattack Forces a Shutdown of a Top U.S. Pipeline”. It was the Colonial Pipeline, (which carries 45% of East Coast fuel) who were hit by a ransomware attack. Colonial acknowledged that its corporate computer networks had been hit by a ransomware attack. World oil prices soared overnight.
We became witness that a single “cyberattack” could easily bring a large corporation and potentially (when a precious commodity such as oil is involved) a country to its knees. Such attacks are on the rise and every business is at risk.
As humanity grappled with 2020’s pandemic attack, the corporate world was combating increasing numbers of cyberattacks. Forbes magazine says that 2020 broke all records of data lost in breaches and sheer numbers of cyberattacks on companies, governments, and individuals.
According to CNBC, 43% of online attacks are on small businesses, a favourite target of high-tech villains, yet only 14% prepared to defend themselves. Network security leaders believe business owners need to start making high-tech security a top priority.
Cybersecurity is a concern for all. Our personal computers have been subject to various viruses, adware, malware, spyware, cookies, and various forms of phishing, corrupting our files and shutting down our computers. Businesses computers are now under attack by cybercrimminals.
Global losses from cybercrime now total over $1 trillion, a more than 50 percent increase from 2018 according to computer security firm McAfee.
The pandemic which sent many office workers home to work remotely, opened doorways to “cybercriminals”, allowing them easier access to business computer systems.
The Insurance Board of Canada says that “Thanks to an almost overnight increase in the number of Canadians working from home, and a dramatic surge in the volume of online business, organizations are contending with a highly elevated risk of cyber attack. Criminals are attempting to take advantage of the pandemic and are aggressively targeting commercial enterprises.”
Canada’s trucking industry is not immune to these cyberattacks.
Jesse Rothstein, CTO of online security provider ExtraHop says “that large or small, virtually every modern organization’s high-tech perimeters will eventually be breached. For small business owners, it’s no longer a matter of considering if security threats will arise, but rather thinking in terms of when.”
These cyberattacks cost businesses of all sizes an average of $200,000 according to insurance carrier Hiscox. Potentially the kiss of death for smaller businesses.
According to Deloitte, ” increased numbers of employees are working from home, and even staying at home. As a consequence, technology has become even more important in both our working and personal lives. Despite this rise of technology need, it is noticeable that many organizations still do not provide a cyber-safe remote-working environment. The increase in remote working calls for a greater focus on cybersecurity, because of the greater exposure to cyber risk. As an example, 47% of individuals fall for a phishing scam while working at home. Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home.”.
A potential attack might look like this, hackers digitally breaking into a company’s IT infrastructure and encrypt — or lock up — selected files or the entire system. They then threaten to steal, delete or disseminate the company’s data unless they receive a ransom.
Such a scenario for a transportation industry like trucking might be a total nightmare. Several airlines have been the target of cyberattacks, which seized reservation systems or disabled flight operations and scheduling for hours upon hours.
Such ransomware breaches are becoming increasingly common and are not 100% preventable.
Attacks on truck fleets and 3PLs are particularly dangerous because they can compromise not just the victim’s information, but also that of clients and business partners.
The corporate mindset is to procure business and clientel. Cybersecurity unfortunately is not usually a part of that equation.
One might best imagine cybersecurity like preventative maintenance on a vehicle. Do you wait for a mechanical failure to remove equipment from service, perhaps at a critical time, or do you conduct a scheduled maintenance program to lessen and even prevent equipment failures? Similarly do you have a corporate cybersecurity plan in place or do you wait to fall victim to cyberattack?
Many companies believe it won’t happen to them and only take the threat seriously after they a ransomeware attack.
As threats continue to grow, more businesses are investing in cybersecurity insurance. Some fleets avoid this insurance because of the cost, which is rising as the number of ransomware attacks increases. We must remember that nsurance does not protect from attack.
Both protection and provention start with a cybersecurity plan. This may involve identifying key or valuable assets, where in the system they live and entry points into the system. Once you know what needs to be protected, it is easier to protect it. This may entail installing firewalls, antivirus software or enlisting third-party cybersecurity services.
Fleet managers may cringe at the thought of spending tens of thousands of dollars on cybersecurity infrastructure. But just one ransomware incident could easily cost more than that, not just in payment to hackers, but also with remediation and the potential loss of customers and proprietary information.
Basic prevention does not have to cost a lot.
All employees should be aware of the importance of cybersecurity and the role they play in it. Training sessions for all employees ensure there are no weak links in the company.
Phishing has become a significant vulnerability point, spotting and avoiding these emails is now a leading ransomware prevention strategy. Regularly updating computer operating systems and installing software patches also closes security gaps where intruders could gain entry.
For businesses like the trucking industry, your best asset may well be having a capable cybersecurity firm as part of your team. Having no security plan is simply not the answer. Benjamin Franklin once said, “If you fail to plan, you are planning to fail.”
In this era of increased cybercrime and cyberattacks, a good cybersecurity plan is a prudent place to start.