An FBI cyber intelligence analyst is warning that transport companies need to be vigilant when it comes to digital security and are at risk of cyber-attacks as much as anyone else.
Speaking at the National Motor Freight Traffic Association’s (NMFTA) Digital Solutions Conference in Houston, Texas, Trina Martin stressed the importance of protecting the supply chain and those who are in it. Her message to companies is to report everything, even if a cyber attack fails.
Along with speakers from the FBI, the event also attracted representation from the US Secret Service, Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency, all who spoke on the most common cybersecurity threats of 2023 and the prevention and reaction methods to help fleets mitigate and recover from those attacks.
According to the NMFTA, cyberthreats against mid-sized companies have increased by 150 per cent.
“Approximately 90 per cent of hacks occur through phishing and misconfigured networks and devices,” said the Director of Enterprise Security for NMFTA, Antwan Banks. “Because of recent geopolitical events, attacks have become more aggressive and skilled. As a result, companies need to prioritise cybersecurity internally to be proactive before a threat occurs.”
According to a recent survey for the 2023 Travellers Risk Index, 55 per cent of transportation leaders in the United States were worried about cyber risks. A third-party logistics study this year showed that 87 per cent of shippers and 94 per cent of third-party logistics providers agree that adopting emerging technologies is vital to future supply chain growth.
“As technology continues to evolve, hackers are going to continue to enhance their strategy as it pertains to infiltrating the networks of companies across various industries.” Banks said.
Among the risks operators need to consider are:
- BEC attacks – short for business email compromise, this is when legitimate email accounts are compromised and used to initiate unauthorised transfers of funds.
- Ransomware – when a cybercriminal steals or encrypts data to compel an organisation to pay and ransom to get it back.
- Phishing – the use of unsolicited electronic messages that appear to come from a legitimate company requesting personal, financial or login information.
- Smishing – a social attack that uses fake mobile text messages to trick people into downloading malware.
- Pig butchering – a rapidly growing investment scam that focuses on fake cryptocurrency.
