Fleetowner 3640 Fence
Fleetowner 3640 Fence
Fleetowner 3640 Fence
Fleetowner 3640 Fence
Fleetowner 3640 Fence

ROI becoming the focus for cyber criminals

Nov. 1, 2013

As the U.S. freight industry relies more and more on digital connections and pathways to conduct business, security experts warn that “cybercrime” will become an increasingly difficult issue to deal with as more organized criminal groups seek to drive better return on investment (ROI) calculations for their illegal activity.

“Back 10 or 15 years ago, a lot of ‘hacking’ into electronic networks occurred simply for the sake of curiosity. Today though it’s being driven by highly organized criminals seeking to gain significant ROI for their efforts,” Jarad Carleton, principal consultant for the information and communication technology practice at Frost & Sullivan, told Fleet Owner.

“In particular, cyber criminals are targeting small and medium-sized businesses because they are the ones most likely to have cash in the bank,” he explained. “Because smaller firms don’t have the same kinds of credit lines big companies do, they tend to rely more on cash reserves. That’s why you see a lot of focus on them.”

In trucking, the move to creating false pickups to steal cargo is part of this “ROI” focus on the part of criminals, as hacking into networks to acquire shipment information in order to facilitate a false pickup entails a far lower risk project than hijacking a tractor-trailer outright.

“The ability to know where a specific shipment is – especially for high value goods like electronics – makes it easier to steal and more profitable to steal than randomly taking a tractor-trailer on the street,” Carleton noted. “You really have to think about cybercrime as a business now: they want to maximize ROI and minimize risk for their activities.”

"Attackers look for the easiest means of compromise. That's why attacks are moving from more security-mature organizations down to less mature, typically smaller, partners,” noted Dylan Owen, cybersecurity manager for Cybersecurity and Special Missions at Raytheon. “Attackers can exploit the trust relationships between companies to infiltrate well-protected targets through supply chain partners with less security experience."

Owen recently helped author a new report on this issue – entitled Taking Charge of Security in a Hyperconnected World and published by RSA, the security division of EMC – that asserts efforts to improve readiness and response capabilities to cyber threats in the business world must be driven by growing recognition among today's interconnected business communities that organizations must assume broader responsibility for protecting themselves and their business partners.

"We believe organizations are taking a stronger interest in improving security not only to protect their information assets but also their business relationships,” noted report co-author Art Coviello, who serves as RSA’s executive chairman and executive vice president at EMC. “As more organizations take a broader community-minded view of their risks and security practices, information security will improve for all of us."

RSA’s report discerned several “common problems” contribute to the majority of cybersecurity breaches, including:

  • Neglecting "security hygiene"– In forensic evaluations following security attacks, missed software updates frequently surface as exploited vulnerabilities.
  • Relying exclusively on traditional threat prevention and detection tools– Most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own, even though traditional firewalls, antivirus scanners and intrusion detection systems (IDS) cannot discover the truly serious problems.
  • Mistaking compliance for good security– Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security.
  • Inadequate user training– Many companies don't invest enough time and resources in user training, even though users today are the first line of defense against many cyberattacks.

Yet Don Hsieh, director of commercial and industrial marketing for Tyco Integrated Security, stressed there’s another component not to be overlooked when strengthening cybersecurity: limiting the physical access to computers and other sensitive data centers.

“Who has physical access to the data is critical to assess,” he told Fleet Owner. “It starts with determining who needs the data to perform their job, and then establishing policies to ensure only those specific positions can gain access to such information.”

He added that “tagging” certain job titles to specific “zones” such as dispatch, operations, warehouses and loading docks, is another step towards improving the physical security of  trucking operations, which in turn can aid in cybersecurity efforts as well.

“Most cargo thefts don’t just ‘happen’ anymore; thieves are now often targeting specific loads based on specific information they steal or have stolen for them,” Hsieh explained. “That’s why there’s a physical component to cybersecurity now.” 

About the Author

Sean Kilcarr | Editor in Chief

Sean reports and comments on trends affecting the many different strata of the trucking industry -- light and medium duty fleets up through over-the-road truckload, less-than-truckload, and private fleet operations Also be sure to visit Sean's blog Trucks at Work where he offers analysis on a variety of different topics inside the trucking industry.

Sponsored Recommendations

Tackling the Tech Shortage: Lessons in Recruiting Talent and Reducing Turnover

Discover innovative strategies for recruiting and retaining tech talent in the trucking industry at our April 16th webinar, where experts will share insights on competitive pay...

Stop Sweating Temperature Excursions

Advanced chemical indicators give you the peace of mind that comes from reliable insights into your supply chains. Compromised shipments can be identified the moment they arrive...

Stop Sweating Temperature Excursions

Advanced chemical indicators give you the peace of mind that comes from reliable insights into your supply chains. Compromised shipments can be identified the moment they arrive...

How Electric Vehicles Help You Prolong the Life of Your Fleet

Before adopting electric vehicles for commercial/government fleets, prioritize cost inquiries. Maintenance is essential; understand the upkeep of EV fleets. Here’s what you need...

Voice your opinion!

To join the conversation, and become an exclusive member of FleetOwner, create an account today!