Massachusetts Transportation Industry Under Attack by Ransomware
Many businesses still think they can’t be targeted by cybercriminals because of their size or industry. Companies feel that if they aren’t handling millions of dollars, they have nothing to worry about. As ransomware attacks continue, cybercriminals are turning their attention to the transportation industry.
Why is the Trucking Industry Being Targeted by Ransomware?
As noted on the Mass.gov Cybersecurity News and Events webpage, Massachusetts’ trucking and transportation industry join other industries as targets of ransomware attacks. We need to make clear that trucking companies aren’t being targeted because the industry itself has weak cybersecurity practices; it’s because, like other industries such as hospitals and healthcare, they offer a critical service.
It is easy to see how valuable the transportation industry is. Food needs to find its way to the plate, products need to arrive on doorsteps, and vaccines are being shipped across the nation. It also isn’t hard to see how much pressure a trucking company would be under to pay a ransom. If a cybercriminal could gain control of their supply chain network and disrupt it, it could be a critical blow to many trucking businesses.
The majority of organizations continue to be affected by the current crisis, and unfortunately, when companies are under pressure, they are prone to make mistakes that expose them to cyberattacks. While these mistakes can fall into a wide range of categories, the overwhelming theme will be a lack of following best practices, most notably password management.
Phishing Emails are the Main Culprit
When examining how cyberattacks continue to gain a foothold, the most common cause is due to phishing. Phishing is when a cybercriminal uses some form of unsolicited communication (email, texting, phone calls) in an attempt to gain sensitive information or access to data. This sensitive information can include usernames, passwords, or other critical information.
Previously, the goal of phishing attempts was to gain sensitive personal information such as credit cards, social security numbers, and similar information. This information would then be sold on the dark web or used for identity theft. However, today’s cybercriminals have changed their tactics, and instead of the previous “smash and grab” of data for a quick buck, this generation of cybercriminals are more nuanced and deliberate.
Instead of trying to shop stolen data around, their goal is to guarantee they can receive payment for their ill-gotten gains. The most effective way to achieve this is by choosing targets who can’t afford to lose control of their data and threatening to either destroy it or expose it unless they receive payment.
All phishing attacks use social engineering to engage potential targets on your team and convince them to share sensitive information. Some phishing tactics used are:
- Posing as an authority figure or team member who is allowed to have access to the information
- Pretending to be someone who needs access to the information to prevent a bad situation
- Making an enticing offer with promises of reward
- Using urgency to cause the user to panic and act without thinking
You Must Train Your Team to Withstand a Ransomware Attack
Technology will only go so far in protecting your data because the weakest defense of your business will be the users themselves. Whether it’s responding to online orders, setting up schedules, working with vendors, or even answering the phone, your team will be using technology. If they aren’t trained to recognize or, more importantly, given permission to contact your IT team to report suspicious emails or other issues, you are placing your transportation business at risk by placing your data at risk.
Southern New England Transportation Companies; It’s Time To Protect Your Data
Like all modern industries, the transportation industry has come to rely on its technology to be productive and competitive. Cybercriminals target any industries critical to reducing and fighting the pandemic's effects, knowing these institutions can't afford to lose access to their data. Bad actors know this and use pressure to provide needed services to coerce essential businesses into paying the ransom. As noted, the need to deliver time-sensitive materials marks the transportation industry as a primary target for cyberattacks.
If you're a trucking company or any other type of transportation business and aren't sure if you've invested the resources to protect your data, now is the time to call the Southern New England cybersecurity expert. Datalyst has the expertise to ensure your data is secured by employing best practices, such as spam protection, backup, and recovery, as well as 24/7 monitoring and maintenance.
Finally, if you haven't upgraded or updated your systems, Datalyst can perform a technology audit to ensure your technology isn't a bottleneck to your business growth. One thing to keep in mind is that outdated technology can expose your system to cyberattacks, putting you on the wrong side of Massachusetts’ Data Protection Law. Call (774) 213-9701 today to schedule a consultation.