Cloud Hosting

Malicious hackers are always on the lookout for opportunities to launch an attack, and the coronavirus pandemic has provided one.

According to cybersecurity agency Mimecast, transportation was one of the three most targeted sectors by cyberattackers during the first 100 days of the pandemic, and the firm said theres a greater than 95% chance that cyberattacks will increase after the event.

Cybersecurity was a topic of discussion Thursday during CCJs online Symposium, Upshift. Panelists for Breaches & Ransom! Why Hackers Think Fleets are Easy Targets included B-H Transfer Vice President of Administration John Wilson; Matt Cacace, Dasekes senior vice president of business systems; and Bob Verret, Chief Information Office for Dupr Logistics.

This is a very emotional time, Verret of the pandemic, and when youre emotional, you tend to be distracted.

Its a generally accepted concept that a companys greatest cyberthreats come from within, Cacace said.

You and I and others get several emails per day or per week that entice you to click on links to take you to websites where well just say bad things can happen, he said. Anyone with a network has a firewall that is probably attacked several times an hour with various bad actors trying to get into your system.

Wilsons Georgia-based company has been the target of attackers a few times, most recently in February, just as coronavirus made headlines but before anyone knew what lay ahead. The companys anti-virus platform diagnosed and shut down the malware attack before it was able to launch, but Wilson noted the initial attack turned out to only be the first wave.

They decided to wreak a little more havoc the only way they could, he said of the attacker. Somehow, they got into our backup on that one, deleted it, and on the way out turned on Microsofts BitLocker encryption.

In encrypting the carriers files, that effectively wiped the entire server out, Wilson said. We couldnt get on it, of course. We didnt have that 42-bit key. B-H Transfer was able to recover the files with minimal disruption to the operation, but it took almost two weeks to untangle the mess the frustrated hacker left behind.

Partnering with a third-party security provider, which B-H Transfer has done, can be helpful andVerret suggested a layered approach to security that includes monitoring and measuring protocols as things change very rapidly in the environment.

Keeping your own internal people well-educated on awareness that these things are out there and these things can happen and its only a point and click away, Cacace added.

Daseke uses quarterly training and Verret said the company is a firm believer in social engineering, a security layer in which the company sends controlled phony phishing emails that provide instant feedback on employees that need enhanced training.

We basically had a social engineering go out, pretty much, the day after we instituted our work-from-home policy, he said.

Verret said the first step in thwarting a cyberattack is to not click links embedded in emails if theres a reason to suspect the email itself isnt legitimate. Then, contact the IT department or service desk. Never reply to the email. Verret said if the recipient needs to verify the sender, they should call them directly.

A quick and easy-to-implement security layer, Cacace said, is to protect the companys email system via cloud-based service, which distributes a companys email over a number of cloud servers which have a high level of security around them, as opposed to have a server sitting in your own server room, he said.

A replay of the panel discussion, titled Breaches & Ransom! Why Fleets are Easy Targets for Hackers Right Now, will be available for download next week at the following link: http://www.ccjsymposium.com/downloads.

Here is the original post:
Increased cybersecurity for the transportation industry - Commercial Carrier Journal