With so much of the trucking business relying on electronic data streams these days – for transferring freight manifest, recording driver hours of service (HOS) information, crafting load routes, etc. – concerns about cyber security are increasing as well.
It’s a subject I’ve touched on more than a few times in this space, but it’s one that only grows in importance as the weeks go by – and you need only look at the dust-up between China and the U.S. over the alleged hacking and theft of weapons secrets to see how serious the cyber security stakes are reaching.
The cyber risks to businesses are getting particularly scary, too. Consider for instance the results of this recent study sponsored by the Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, and the Ponemon Institute: Almost one-third of U.S. small businesses surveyed by had a cyber attack in the previous year, with nearly three-quarters of those businesses were not able to fully restore their company’s computer data.
“The Internet connects even the smallest businesses to data networks and computer systems around the world,” noted Timothy Zeilman, HSB’s vice president. “This access also exposes companies to hackers, viruses and other computer attacks that can corrupt critical data, shut down their operations and make them liable for compromised information.”
HSB’s study uncovered some scary factoids where cyber security is concerned:
- Some 29% of the small businesses surveyed experienced a computer-based attack
- The consequences of those attacks included managing potential damage to their reputations (59%), theft of business information (49%), the loss of angry or worried customers (48%,) and network and data center downtime (48%)
- The primary causes of cyber attacks on small businesses were computer viruses, worms and Trojans (61%) and unspecified malware (22%).
- Following the cyber attacks, 72% of those businesses were not able to fully restore their company’s data.
In a separate study on data breaches, the Ponemon Institute surveyed the same small businesses, health care providers and professionals around the U.S. and found that 53% had experienced a data breach and 55% of those businesses had multiple breaches – not stuff any business owner, trucking or otherwise, likes to hear.
Yet securing the electronic ramparts is proving to be more difficult than many might think. Take for example a study sponsored by cyber security firm Avecto and conducted by Infosecurity Europe, which surveyed more than 500 decision-making information technology (IT) security professionals.
Some 41% of those IT security experts surveyed cited “rogue employees” as the biggest threat to their organization, yet over 30% of respondents admit to having no policy in place for managing administrator access to the electronic networks underpinning their respective businesses.
Another 31% of respondents report malware exploits and targeted cyber-attacks as their top security threats, with an additional 8% deeming unauthorized software as an organizational danger – concerns exacerbated by statistics showing users with administrator rights are more likely to cause a network infection as a result of unauthorized applications being downloaded and introduced onto corporate systems.
In addition to malware threats, this can also lead to software licensing and compliance issues, and with the trend of increasingly sophisticated malware and advanced persistent threats that target privileged accounts, organizations who fail to remove administrator rights are particularly vulnerable to attack, said Mark Austin, co-founder and CEO of Avecto.
“In today’s increasingly-complex threat landscape, organizations are quickly learning that employees don’t have to be malicious to put a company at risk,” he stressed. “The most common threat comes from employees who download and install unauthorized software, without understanding the potential risks associated with their actions.”
Yet the best protection against this unauthorized activity is addressing a major pain point, Austin explained – users with excessive privileges.
“By granting privileges to applications, instead of users, companies can empower users to perform their role and vastly increase the security posture of the endpoints,” he said.
“Users logging on with full administrator rights will continue to put organizations at real risk of infection, as the sophistication of malware and targeted attacks continue to evolve. Unfortunately, organizations are still allowing administrator rights to go unmanaged, whether knowingly or unwittingly,” Austin added. “This is a significant problem, particularly as the current crop of anti-malware software is repeatedly proving to be deficient in the fight against cybercrime.”
And as trucking becomes more enmeshed in the electronic flow of data, such concerns will need tending to on a constant basis. Thus the daily trucking worry list keeps on growing, it seems.