Category: Blog

For several years now, cyber attacks have been on the rise within the trucking, transportation, and logistics industries. The issue has drawn so much attention that the National Motor Freight Traffic Association (NMFTA) made cybersecurity one of their main areas of focus during their 2023 Digital Solutions Conference, sharing insights from the United States Secret Service (USSS) to help safeguard the sector against future cybersecurity breaches.

If history has taught us anything, it’s that no company is immune to these threats. From small outfits to global businesses, trucking and logistics companies of all scope and size are at risk. The good news: With the right tools and techniques, you can significantly reduce your risk and strengthen your cyber security posture.

Here, we share a closer look into the most recent cyber attacks in transportation — and what these events mean for the industry as a whole.

Which Trucking Companies Have Sustained Cyber Attacks?

The transportation sector may still only account for a small share of cyber attacks compared to industries like finance, healthcare, and government. But when we consider the 400% increase in reported cyberattacks that has occurred within the industry between 2017 and 2022, there’s little room for peace of mind. In fact, it’s now more important than ever to take a more defensive approach against cybercrime.

1. Freight shipping giant Estes Express Lines experienced a ransomware attack in the fall of 2023 which compromised more than 21,000 individuals’ personal data. Names and social security numbers were among the personally identifiable information (PII) exposed.
2. Also in fall of 2023, trucking and fleet management solutions provider ORBCOMM sustained a ransomware attack that led to service outages, preventing trucking companies from using their tool to log hours and manage their fleets. The US Federal Motor Carrier Safety Administration issued a waiver allowing drivers to use paper logs until the affected devices were restored, but the outage affected some of the nation’s largest freight companies.
3. In 2020, trucking and freight logistics company Forward Air was hit by a ransomware attack orchestrated by the cybercrime gang Hades. While the company promptly engaged third-party experts, they had to take their systems offline to prevent the attack’s spread, resulting in business disruptions and service delays for many of their customers.
4. Less-than-truckload carrier Central Freight Lines (CFL) was a victim of a cyberattack in 2020 which caused outages for their call center and operating systems. They too engaged third-party professionals and restored their systems in less than a week. Yet, the 95-year-old company had already been facing financial woes. The cyberattack undoubtedly contributed to their downfall, and CFL shuttered their operations the very next year.
5. Another 2020 event, the malware attack on CMA CGM resulted in a release of the company’s private data. External access to their applications was interrupted to prevent the malware from spreading after the attack initially affected its peripheral services.
6. In 2019, hackers disrupted the communication network of A. Duie Pyle, a transportation and logistics provider for the Northeast. The ransomware attack shut down the company’s website and disrupted their ability to interface with shippers.
7. In 2018, COSCO Shipping Lines, headquartered in Shanghai, sustained a cyber attack that affected its internet connection in the US.
8. In 2017, Maersk experienced a disastrous cyberattack that affect its port, deport, and terminal operations. The event is estimated to have cost the company $300M.

Like most large industries, trucking is an attractive target for hackers. Many companies have high-value assets and sensitive data that would be a boon for cybercriminals to attain. But beyond the expected consequences like financial losses, fines, and irreparable reputation damage, cyberattacks can have uniquely catastrophic implications when carried successfully against trucking and logistics.

Countless goods are transported daily by our trucking companies. From items that are important to national security to the commodities we rely on—

including food and medicine — the vitality of our transportation sector is critical not only for comfort and convenience, but our safety and wellbeing.

While the staggering costs of cybercrime in trucking and logistics paints a grim picture, there’s a silver lining: the events that have come before can serve as a learning experience. Now is the time to implement security measures to prevent ransomware and other cyberattacks.

Because no two trucking companies is exactly the same, each cybersecurity solution may look different. For many, legacy APIs pose a specific threat, but there are also other vulnerabilities to consider. Some companies don’t have cybersecurity or cyber insurance at all, making themselves easy targets for even novice cybercriminals.

What does the right cybersecurity solution for your company entail? Don’t wait to be a victim of cybercrime to find out. Contact our cybersecurity experts here to begin safeguarding your company against threats.

Download our latest cybersecurity in transportation whitepaper that takes a closer look at recent attacks and what we have learned.

According to the FTC, the Safeguard Rule’s clear purpose “is to strengthen the data security safeguards that covered companies must put in place to protect customers’ personal information.” The change is in line with the global regulatory emphasis on how companies handle personally identifiable information (PII), and is the latest effort in a series of attempts to prevent issues like data breaches.

The Rule applies to financial organizations within the FTC’s jurisdiction under section 505 of the Gramm-Leach-Bliley Act. The FTC website provides a comprehensive list of covered businesses, but it’s important to bear in mind that their definition of financial institutions isn’t limited to traditional banks alone. Mortgage lenders of all sizes are likely to be affected, so be sure to consult the official document if you’re unsure whether the Rule applies to your business.

• Ensure the security and confidentiality of customer data
• Protect against likely threats or hazards to the integrity or security of private data
• Protect against unauthorized access to information which could harm or inconvenience customers

Companies covered by the Rule will need to develop and roll out a comprehensive information security program — and quickly. There are nine core elements of the program, as indicated by the FTC:

• Designate a Qualified Individual to oversee the program.
• Perform a risk assessment to determine internal and external risks and threats to the confidentiality and integrity of customer data.
• Develop and implement safeguards to mitigate identified risks. (Note that this step is broken down further into a separate eight-step process, including data encryption, multi-factor authentication, and the secure disposal of customer data.)
• Consistently monitor and test the effectiveness of safeguards.
• Educate staff with security awareness training and perform routine follow-up training.
• Monitor any service providers and ensure they also have appropriate safeguards in place.
• Keep your information security program up-to-date.
• Create a written incident response plan unique to your business’s specific needs. (This plan is further broken down into seven elements, outlined under Section 314.4(h) of the Safeguards Rule.)
• Have your Qualified Individual report to the Board of Directors and provide annual written reports, which must include an overall assessment of the company’s compliance with the information security program.

If your mortgage company hasn’t already put efforts in place to comply with the FTC Safeguards Rule, it’s not too late to prepare. Here are five steps to consider as you develop your plan for compliance.

As mentioned above, the FTC Safeguards Rule requires a Qualified Individual who will oversee the development and maintenance of your business’s customer information security program. While there may be someone within your organization who fits this role, it’s also possible to appoint an outsourced service provider. The core requirement for the title is experience in managing security operations.

Before you can determine whether you have the appropriate data safeguards in place, you must first identify all internal and external assets with access to customer information. Known as digital footprint mapping, this can be a drawn-out process and may require cross-functional collaboration. Be sure to include previous third-party vendors.

Aside from simply knowing which assets hold customer data, you’ll also need to evaluate how data flows throughout your organization. Consider the lifecycle of customer data from the very first encounter, and identify points of collection, transmission, storage, and destruction. While the FTC Rule mostly pertains to sensitive financial data, such as credit card numbers and Social Security numbers, it’s also advisable to incorporate basic contact information, as these details could be used for phishing scams or other types of cybercrime. As you perform this data mapping exercise, consider apps, systems, devices, departments, and cloud solutions that may collect, process, or store data.

The next step is to review your data security policies and practices and compare them against the updated FTC Safeguards Rule through a comprehensive risk assessment. If you spot gaps or vulnerabilities, don’t panic. Identifying these issues now still gives you time to implement safeguards before the compliance date takes effect. Yet, you don’t want to wait too long — even if the compliance date isn’t until June, waiting to act still leaves your company vulnerable to cyber threats which could have devastating consequences.

Unfortunately, most traditional data security risk assessments are too broad to identify weak points through the lens of FTC compliance. You should therefore implement the help of a specialty cybersecurity firm, who will not only uncover vulnerabilities, but implement effective solutions to safeguard your data for both compliance and overall business protection. If your mortgage company needs assistance FTC Safeguards Rule compliance, contact IT ArchiTeks for customized solutions or book your FTC Safeguards Strategy Session today!

As a business owner, you most likely know the importance of being able to set your company apart from the competition when it comes to your marketing plans. Whether it’s by strategic marketing tactics, a viral/word-of-mouth campaign, or tried-and-true advertising techniques, factoring in the various ways to market your business as efficiently and cost-effectively as possible is always at the forefront of your thinking.

What might not always be considered is the cost and effort to manage and deliver your IT services. IT infrastructure plays a major role in ensuring your business is efficient and productive. However, as many business owners can attest, simply just setting up an IT environment is not enough to make the most of the technology to make your business successful.

Over the past few years, many companies have come to realize the enormous cost of building and maintaining their IT infrastructure, and that they do not have the resources, know-how or people to run it.

That is where a Managed Service Provider, or MSP, comes in. Increasingly acknowledged as a strategic outsourcing partner that can remotely manage a company’s IT services, this valuable resource is becoming a more viable option for the talent and technology knowledge that many businesses simply lack.

You and your staff should be focused on the daily tasks that drive profits and grow your business. Partnering with a knowledgeable managed service provider can act as an extension of your existing team, providing great value and helping your business succeed.

A managed service provider (MSP) delivers a variety of IT-related services through ongoing active support on customers’ premises, in their MSP’s data center (hosting), or via a third-party data center. MSPs assist organizations by providing necessary technical services and active monitoring that keep your day-to-day operations running.

Managed service providers come in a variety of sizes and service capabilities. Some may have thousands of clients and an extensive supply of tools available to support a business globally, while others may specialize in a specific network system and are better suited to support smaller or more local organizations. But no matter the size or scope, your selected MSP must be able to allocate their resources, knowledge, time, and employees toward serving their customers and their unique needs.

There is no one-size-fits-all solution when it comes to IT. Your MSP should understand the needs of both your industry and your organization as well as any specialized software and regulatory compliance that may apply.

An MSP can take on a wide variety of tasks that are imperative to the success of a business but are not necessarily consumer facing. Many companies decide to enlist an MSP to outsource these technical or operational processes due to a lack of expertise or to make processes more efficient so they can focus more on the everyday tasks for the company.

The services provided by an MSP can be offered at a client’s place of business or fully remote. The first step to deciphering the type of services your MSP will provide is to determine what technologies and services are specifically needed for the business.

• Data center management
• Network management and monitoring
• Mobile Device Management
• Infrastructure management
• Backup and Disaster Recovery
• Communication management
• Security management
• Hardware maintenance
• Cybersecurity
• IT training for staff

The use of MSPs and other outsourced IT providers offer a cost-effective way to access needed technology experience and resources that a company may not have in-house, producing desired results for a fraction of the costs versus permanent in-house personnel.

However, unlike many traditional IT providers, an MSP is comprised of a specialized team of professionals who understand your specific needs, creating custom solutions and processes designed to boost efficiency and productivity versus traditional IT outsourcing which serves as an IT department, fulfilling multiple needs at once. Many MSPs work via a contract or agreement that is more suited to fit both your company’s technological needs and budget. Your selected MSP should primarily be focused on the end result for the service/services that you have retained them for.

At the end of the day, when it comes to your selected MSP, you want to be sure it’s managed in the most effective way to ensure you are receiving a high ROI. It’s critical that your MSP provides the appropriate technical personnel who can handle the numerous tasks related to your specific IT needs and the infrastructure is a proven asset to your business.

According to NTT’s 2021 global managed services survey, there are many benefits associated with the use of a managed services provider. Some of these benefits include reduced costs, access to top technical and industry expertise, and valuable insight as to how your business is run.

1. Cost savings.
   Outsourcing with a managed service provider allows business owners to reduce the cost of dedicated employees working in-house as well as the technology, tools, and other resources required to handle any number of IT-related tasks. An MSP can also offer variable billing models which offer businesses flexibility and scalability.
2. Experience and knowledge.
   MSPs have the experience, expertise, and knowledge in the targeted services being provided that allow for greater accuracy and a reduction of risk. Ensure that your selected MSP is fully compliant with government regulations and industry standards.
3. Best-in-class tools, technology, and resources.
   The knowledge and experience supplied by your MSP will help in streamlining a number of processes and procedures. MSPs are accustomed to investing in the latest technologies and have extensive expertise in ways that individual companies may not, often resulting in greater efficiency and performance.
4. Valuable business insight.
   As a business owner, you may gain greater visibility and more insight into how your business is run and the IT services you require from your MSP. This in turn can lead to better and more strategic decision making based on real-time information and analyses.

When you outsource your managed services, you can set your focus more on your business rather than the IT services behind the scenes. The additional benefits gained from partnering with a managed service provider will help you oversee your business to the best of your ability.

IT ArchiTeks is your one stop solution for managed IT services. One of the leading IT service providers in Dallas, Plano, McKinney, Irving and Frisco, Texas, we successfully take care of the IT management, monitoring and maintenance needs of your business.

Click here for more information about our managed services plan and get in touch with IT ArchiTeks today to enjoy the benefits of IT without worrying about the crucial backend tasks.