Cybersecurity attacks cost the transportation industry nearly $4 million as cybercriminals preyed on businesses across the nation adjusting to remote work during the pandemic. Cybersecurity plans created before COVID-19 changed the world but might not be up to the challenges of 2021 and beyond, according to Joe Russo, Isaac Instruments IT director.
"It's a matter of when—not if—you have a security incident," Russo said during the transportation technology company's virtual user conference last week. "Security threats are not going away. The costs are significant."
This year, the average cybersecurity breach cost companies $4.2 million, with $1.07 million attributed to COVID-related remote work and companies accelerating their digital transformations, according to an IBM Security study conducted between May 2020 and March 2021. The same research pegged the transportation industry's average breach at $3.75 million. That includes trucking, airlines, railroad, and delivery companies.
See also: The next pandemic: Cybercrime
"Over the last year, technology sophistication, the proliferation of hacking techniques, and the expansion of hacking motivations due in part to COVID-19 and the enablement of the remote workforce have resulted in organizations having to review their security posture," Russo said.
While most companies have "some kind of information security program in place to protect their systems and assets," Russo said organizations should continually review those systems and look for ways to "ramp up those efforts." Unless they increase those efforts, corporate data and systems breaches will continue to rise, he warned.
Before the global pandemic, most companies "perceived their worst-case cybersecurity scenario as a computer virus that would shut down an organization's core business services," Russo explained. "COVID-19 forced entire workforces, making organizations more reliant than ever on their systems."
Back in March 2020, most businesses were forced to start looking at their digital systems differently. It also wasn't apparent 18 months ago how long working remotely would be needed. "Most found themselves having to accelerate their digital transformation efforts without having a complete plan in place—as a result, security was overlooked," Russo said. "The stakes for protecting your systems from a cyberattack cannot be higher."
The cost of being unprepared
Organizations with AI-powered cybersecurity systems fared better than those who weren't using AI or automation as part of their IT security, according to the IBM Securities study. Those using AI identified breaches in 184 days, on average, and contained them within 63: 247 days total. Those not relying on the latest cybersecurity technology took 239 days, on average, to find the breach and another 85 to contain it: 324 days total. That's a 27% difference.
IBM found that a data breach cost organizations without "mature use of AI platforms" $4.75 million on average; those with mature AI security lost $3.3 million.
For companies with at least 81% of their employees working remotely, the average breach cost $5.54 million, according to IBM. Conversely, those with fewer than 40% of their workforce remote lost $3.65 million to $4.21 million on average per breach.
Russo said that companies need to understand cybersecurity in a "present-day context." That includes assessing new potentially impactful security pressures, keeping up to date on "persistent threats and emerging trends" and identifying key elements to strengthen cybersecurity.
Since the pandemic began, cyberattacks increased three to five times, Russo said. "Phishing attempts have increased in both frequency and sophistication," he explained. "Eighty-one percent of organizations experienced an external threat in the last year; 62% of organizations were affected by ransomware attacks last year."
Trucking: The original remote workforce
Highlighting the threat on the transportation industry, mobile platforms are becoming a prime target of attacks, as 70% of online fraud is "accomplished through mobile platforms," Russo said, adding that IoT devices are seeing a big jump in cyberattacks since even before the pandemic.
He said that these statistics highlight the importance for fleets to increase their cybersecurity strategies. "Your security effort should include the impact of a remote workforce as well as managing and securing mobile devices," Russo said. He noted that users "are your last line of defense. Technology alone will not increase your security posture. Your users need to be part of the solution."
With the rise of IoT devices, particularly in the trucking and transportation worlds, fleets and related businesses are targets for cybercriminals. "Given that the transportation sector is considered mission-critical and seen as an essential service, preparation is key," Russo said.
Remote work appears likely to outlast COVID-19. Russo said to expect criminals to take advantage of the new way of work for offices and the world's original remote workers: truck drivers. "Organizations that don't adapt and ramp up their security efforts will be implicitly accepting a higher risk of a breach," he explained. "Between 2020 and 2021, there was a 10% increase in the average total cost of a breach--the most in seven years--due in part of COVID."
But companies with "more mature security" saw lower financial impacts from cybersecurity since the pandemic began, he said.
Russo noted that while an attacker "must succeed only once; you, the defender, needs to succeed all the time."