The Ransomware Wasn’t the Problem. Trusting the Wrong People With the Wrong Job Was.

Most of the trucking companies we help recover after a ransomware attack weren’t careless. They had people handling cybersecurity. They had systems in place. They thought they were covered.

They weren’t.

Not because they failed to act. Because the people they trusted to act weren’t equipped for the job.

There’s a critical difference between IT and cybersecurity. Between a Managed Service Provider who keeps your systems running and a cybersecurity partner who keeps your systems protected. Most trucking companies have the first. Almost none have the second.

---

The NMFTA Built a Roadmap. Most Fleets Don’t Know It Exists.

The NMFTA Cybersecurity Best Practices Guidebook for Mid-Sized Fleets lays out four tiers of cybersecurity maturity. Tier One isn’t advanced. It isn’t optional. The guidebook calls it prerequisites — the foundational controls every fleet must have before anything else is built on top.

Tier One includes tested backups, MFA on every account, updated software, endpoint detection, secured wireless networks, and least privilege access. That’s the starting line. Not the finish line.

When we conduct a comprehensive fleet security audit, we look for everything — basic through advanced. And what we find, almost every single time, is that the starting line controls — the ones that should’ve been locked in years ago — have gaps nobody knew were there.

---

How It Happens to Smart, Well-Run Companies

A trucking company hires an IT team or contracts with an MSP. Those people are good at what they do. They keep the network running, manage updates when they can, and handle day-to-day technical issues. Leadership trusts them. Why wouldn’t they?

But IT isn’t cybersecurity. An MSP focused on uptime and helpdesk tickets isn’t a cybersecurity partner. The skill sets are related — but they’re not the same.

Cybersecurity requires a threat-first mindset. Someone who thinks like an attacker, not just like an administrator. Most IT teams and generalist MSPs were never trained that way — and were never hired to think that way.

So the backups get configured. But nobody tests whether they can actually be restored under pressure. MFA gets turned on for some accounts. But not all of them. Software updates get applied when convenient. But the end-of-life systems that haven’t been touched in years? Those sit quietly in the corner — and criminals find them before anyone else does.

Nobody skipped anything on purpose. The fundamentals just never got done properly because the people doing them didn’t know what properly looked like from a security standpoint.

---

The Three Tier One Failures We Find Most Often

01 · Backups That Have Never Been Tested

The NMFTA guidebook is explicit: testing backups is an equally important and often overlooked requirement. Not just running them — testing them. Restoring from them. Timing the process. Confirming the data is complete, uncorrupted, and accessible when everything else has gone dark.

We’ve helped companies recover after an attack only to discover the backup existed but couldn’t be used — corrupted files, incomplete data, backups stored on the same network ransomware just encrypted, companies that couldn’t locate their own decryption key.

Think of it like a spare tire. Owning one isn’t enough. You need to know it’s inflated, you can get to it, and someone on your team has actually changed a tire before.

02 · MFA That Isn’t Everywhere

Multi-Factor Authentication is one of the most effective and affordable controls available. The NMFTA lists it as a Tier One prerequisite. Yet we consistently find it turned on for some systems and completely absent from others — email accounts, remote access, administrative accounts.

Criminals don’t hack into networks. They log in. A stolen password with no MFA behind it is an open door.

03 · Unpatched and End-of-Life Systems

Running unpatched software is like driving on bald tires. Trucking operations run specialized software that doesn’t always get updated — maintenance diagnostic tools, TMS platforms, legacy systems running since before anyone thought to ask whether they were still supported.

Criminals scan the internet for these vulnerabilities the way a predator scans for the weakest animal in the herd. If you’re behind on patches, you’re the easy target.

---

The Conversation Nobody Prepares You For

When we sit down with a company and walk through what we found, the reaction varies. Some leaders lean in immediately. They want to know everything. They’re relieved someone finally looked closely enough to find it. Healthy teams with healthy cultures respond that way.

But sometimes there’s defensiveness. If your IT person has been managing cybersecurity for years, our findings can feel like a grade on their work. That’s a hard thing to receive in front of leadership, and we respect that.

We’re not here to replace your IT team or expose them. We’re here to fill the gaps they were never trained or hired to fill. Our goal is to be their security extension — to stand them up and make them look like heroes.

Cybersecurity is a specialty. Expecting a generalist IT team to cover it completely is like expecting your dispatcher to also handle your DOT compliance audits. Related world. Different expertise.

---

This Is a Leadership Conversation, Not an IT Conversation

Cybersecurity isn’t an IT problem you can hand off and stop thinking about. It’s a business risk that requires leadership to ask hard questions, demand proof not assumptions, and understand the difference between a team that keeps the lights on and a team that keeps the criminals out.

The question worth sitting with isn’t whether you have someone handling cybersecurity. It’s whether you’ve ever asked them to prove it.

---

Three Questions Worth Asking

1. When did we last restore from backup under realistic conditions — and how long did it take?
2. Which accounts in our organization don’t have MFA enabled right now?
3. What systems are we running that are no longer supported by the manufacturer?

If those questions get answered quickly with documented proof, that’s a good sign. If they’re met with hesitation or vague reassurances — you now know where to focus.

---

Contact us at ITArchiTeks.com to start the conversation.

---

Written by Melanie Padron

Vice President of Strategic Growth · IT ArchiTeks
Risk Strategist · National Cybersecurity Speaker

Melanie Padron brings nearly three decades of risk management experience, spanning insurance and cybersecurity, to help trucking and logistics leaders validate security posture, strengthen resilience, and protect revenue before pressure reveals what preparation concealed.

She’s a nationally recognized cybersecurity keynote speaker and the creator of two acclaimed talks:

• Surviving a Cyber Crisis: Real Stories. Real Lessons. Real Money.
• Proof to Profit: How Leaders Protect Revenue in the Age of Ransomware and AI

To bring either conversation to your conference, association, or leadership team — visit ITArchiTeks.com or connect with Melanie directly on LinkedIn.