Consider this: You’re a legitimate carrier and you’re scheduled to pick up a load. But, because of a recent cyber breach – unbeknownst to you – cargo thieves beat you to the pickup location and take off with that load.
This is known as a fictitious pickup. And the frauds involved here have done their research. They’ve learned who picks up where, where the best cargo is, and how to conduct a cyber breach, which could mean manipulating your SAFER MCS-150 form (the FMCSA’s Safety and Fitness Electronic Records System) and posing as you, a professional carrier.
“Sometimes you don’t know [cargo’s] being stolen until it’s halfway through the process of the event because you think you’ve made a deal with a legitimate person,” noted Scott Cornell, second vice president at Travelers Inland Marine (better known as Travelers Insurance).
This type of situation is among some of the cargo theft trends that have become even more advanced lately. These trends, as well as tips to mitigate them, were discussed during a Feb. 22 webinar – sponsored by Telogis – called Cyber threats: Is your fleet vulnerable?
According to Warren Westrup, director of IoT Engineering/Architecture at Verizon Wireless, who spoke during the webinar, Verizon conducts an investigative report every year that analyzes more than 2,000 confirmed data breaches and looks at global contributors. According to Verizon’s Data Breach Investigations Report, more than 90% of breaches fit into nine incident classification patterns. The top pattern is web attacks, such as hacking, which comprise 40% of reported breaches, and point of sale intrusions, which make up 23% of breaches.
Noting that threats and security challenges go hand-in-hand with IoT devices, Westrup suggested businesses ensure network security by verifying that their encryption process is secure, determine whether their application is vulnerable, and confirm they can access data securely.
“When it comes to security, the more layers you put on, the more protected you are,” Westrup said. “We do a penetration test and see if we could actually penetrate your system, then put safeguards and securities in place.”
Travelers’ Cornell and Keith Lewis, vice president of operations at CargoNet, noted some different types of cargo theft trends that fleets should watch out for. These include misdirected loads, identity theft, straight theft, fictitious pickups, broker scams, use of legitimate companies unbeknownst to the victim, cyber methods, and fraudulent carriers.
According to Lewis, CargoNet received 931 reports of cargo theft in the U.S. and Canada in 2014. And by 2015, those reports increased by 0.8% to 939. However, he did note that between 2015 and 2016, cargo theft events dropped 8.5% year over year.
“Most cargo theft reporting is done on a voluntary basis,” Cornell mentioned. “That should always be considered when you look at the numbers. There could be an increase, but there could be an increase in reporting. There could be a decrease, but there also could be a decrease in reporting. But they still give a good projection of what we see and where we are heading down the road.”
By month, cargo theft is reportedly highest in October and in the third quarter when there is an influx of goods on the road for the holidays. Theft most commonly occurs on Fridays when cargo is often left unattended in a truck over the weekend and returned to on Monday.
Food and beverage remained the most stolen commodity, Lewis noted. And the top eight states for cargo theft in 2016 were California, Texas, Florida, New Jersey, Georgia, Illinois, Tennessee, and Ontario, Canada. According to Lewis, Georgia experienced the largest decline in incidents – 61% year over year from 2015-2016 – because of new regulations put in place.
One thing Lewis said to watch out for is fraudulent carriers manipulating the SAFER MCS-150 form by changing carriers’ profiles. “We believe suspects are mailing in the MCS-150 forms and successfully getting FMCSA to change carrier information without verification,” he said.
When it comes to staying protected, here are some tips Westrup offers fleets:
- Be vigilant. Be proactive when it comes to security.
- Make people your first line of defense – training is important. Learn how to spot an attack and what to do.
- Only keep data on a “need-to-know” basis – limit access to data.
- Patch promptly. Make sure your IT systems are up-to-date with antivirus firmware.
- Encrypt sensitive data
- Use two-factor authentication
- Don’t forget physical security
In case you missed it, the full, archived webinar is now available.