It was once again another rough year for cybersecurity and freight. The main reason: ransomware attacks, in which criminals encrypt data and demand payment, sometimes in the millions of dollars, in exchange for unlocking it. Even though the U.S. government has been taking an increasingly aggressive approach to fighting ransomware, the attacks have continued. They hit companies across the supply chain, including trucking, logistics, freight factoring, freight forwarding — and even fuel bunkering. Here’s what we learned along the way.
Big carriers are still in the crosshairs: The cyberattack on Wisconsin-based Marten Transport in October showed yet again that major carriers continue to be vulnerable. Marten never officially described the incident as a ransomware attack. But the company’s description of it in an SEC filing and the appearance of stolen data on a ransomware gang’s leak site suggest one may have occurred.
Ransomware remains the No. 1 threat, regardless of how small you are: Ransomware attacks remain the single biggest cyber threat to transportation and logistics companies. While high-profile incidents like the attacks on Colonial Pipeline and JBS Foods grabbed headlines and the attention of the U.S. government, hackers go after companies of all sizes.
Technology is a double-edged sword: The digital renaissance that has swept across transportation and logistics companies has been a good thing for the supply chain. Improvements in connectivity and visibility allow freight to move efficiently and reliability. But companies can end up introducing vulnerabilities if they aren’t careful.
A ransomware attack doesn’t have to be catastrophic: When ransomware attacks are successful, they can bring down a company’s entire IT infrastructure. That downtime can be extremely costly for trucking and logistics providers, so much so that some firms find it cheaper to pay the criminals. According to cybersecurity experts, these kinds of catastrophic attacks aren’t an inevitability.
Get hacked? Call a lawyer: Cybercriminals also commonly access and steal data from their victims to gain additional leverage in ransomware attacks. As a result, companies face a minefield of state data disclosure laws and the risk of costly litigation. That’s why companies or their insurers waste little time to call lawyers who specialize in cyber incident responses.
Cybercriminals with values? After truck maker Navistar fell victim to a cyberattack, stolen data from the company appeared on a dark web marketplace called Marketo. In an interview with FreightWaves, the operators of the site sought to distinguish themselves from the cybercriminals who engage in ransomware attacks.