Building a Modern-Day Fortress: Deploying Technology to Combat Ransomware Attacks and Put Cybersecurity First

April 15, 2022

Ransomware attacks have grown 57 times since 2015 to the point where they are now estimated to be taking place once every 11 seconds.

Between June of 2020 and June of 2021, according to CyberTalk, an executive-level, thought-leadership platform that provides cybersecurity resources, the transportation industry witnessed a 186% increase in weekly ransomware attacks.

The cost is climbing. Last year, the average cost of a ransomware attack rose to almost $2 million, up from $750,000 in 2020.

Ransomware exploits security flaws in unpatched systems, enters through exposed network ports or arrives in phishing scams via legitimate-looking emails. Hackers are even using text messages, which are not seen as threatening, to gain access to unsecured networks.

So, why are trucking, transportation and logistics operations such a tempting target? For one thing, the industry is increasingly more dependent on data and information technology. Also, the highly connected nature of the business presents multiple opportunities for infiltration.

Technology: Good and Bad

Technology is a double-edged sword, reported FreightWaves in an article on six lessons learned about cybersecurity and freight in 2021:

“The digital renaissance that has swept across transportation and logistics companies has been a good thing for the supply chain. Improvements in connectivity and visibility allow freight to move efficiently and reliably. But, companies can end up introducing vulnerabilities if they aren’t careful.”

“There are more doors open for bad actors who can find and exploit a weak link, encrypt data and demand payment for unlocking it,” said Trimble Transportation’s VP of Technology and Cloud Services, Keith Weitz.

“What many companies across the supply chain don’t realize is that these increasingly sophisticated attacks start with access through end-users. People don’t think that simply opening an email can have catastrophic effects, so they become the weakest link in the chain.”

Adding up the cost of these attacks in ransom payments, and system and data restoration is straightforward. But, there can also be expenses for cargo claims and higher insurance premiums when loads are compromised, especially high-value and time-sensitive goods. When an attack disrupts a shipper’s supply chain, the impact can include a long-lasting effect on customer satisfaction and a carrier’s reputation.

Ransomware Demands

When an attack takes place, Weitz noted, there is often immediate pressure to quickly pay the ransom and restore service. A better, long-term investment, however, is in prevention and defense strategies. As incidents of crippling ransomware attacks continue to grow, transportation companies have begun to see protecting their IT infrastructure with cloud technology as imperative.

“Then came COVID-19, and like so many other changes the pandemic brought, it soon provided the ultimate case for using the cloud,” Weitz stated. “As offices emptied out, remote workloads stressed in-house IT systems beyond having enough bandwidth to connect workers.”

Weitz explained not only how the cloud provided one Trimble customer with an environment that kept their business running, he also discussed an operation that was the victim of a ransomware attack. All their files had been encrypted and the entire infrastructure was completely shut down, but with the help of Trimble Transportation, that customer was able to locate an older backup and was up and running again in just days.

Shoring Up Cybersecurity

That experience showcases a comprehensive initiative at Trimble Transportation to combat ransomware across all of its product lines. At its core, Trimble offers a host of subscription services on the Azure platform in partnership with Microsoft.

Said Trimble SVP, Software Architecture & Strategy Prakash Iyer: “We wanted to partner with a company that has a similar approach to preserve our environment and a culture that we can relate to. We also wanted a partner that we can rely on to provide some of the scalable infrastructure pieces needed like the Azure cloud and IoT gateway. Third, when we looked at potential partners we finally chose Microsoft because we felt Microsoft as a company understands enterprise business and has a trusted relationship with enterprise users and executives."

How Does Azure Work?

The cloud-computing service allows Trimble to run and manage TMS products like TMWSuite, TruckMate and Innovative solutions.

Azure, Weitz explained, provides security, efficiencies and cost savings, including:

Extensive security protocols act as a backstop, so there is very little chance of ransomware appearing
Backup and recovery capabilities at data centers worldwide
Less capital cost for hardware or server rooms, cooling systems, space for server racks, and miscellaneous equipment required for an IT infrastructure
Lower costs for software licenses and IT personnel
Scalability for responsiveness and flexibility to business cycles, including the ability to scale servers up or down as needed to handle workload volumes
24/7 support from integrated solution and IaaS provider teams with expertise in the latest technologies

“The cost savings go beyond eliminating ransom payments,” Weitz stated. “By minimizing risk and disruptions to business operations, Azure-based systems keep freight moving and don’t negatively impact customer satisfaction. However, it does take a specialized skill set that you may not have in-house.”

That higher level of knowledge and advanced capabilities are why Trimble has partnered with Microsoft to facilitate the benefits of Azure and its security feature sets the customer would otherwise have to buy off the shelf. Along with anti-virus software Trimble provides the CrowdStrike service from Azure.

See How CrowdStrike Can Protect Your Business

CrowdStrike intrusion detection software alerts users when suspicious behavior is identified. The company’s Security Operations Center (SOC) then immediately notifies Trimble product and business line owners to investigate. If a legitimate threat is detected, the SOC gets involved in developing and implementing an incident management plan.

“We have an IaaS client who had overprovisioned rights to an end-user and that person’s access was compromised,” Weitz related. “CrowdStrike identified it and we were able to contain the problem in under an hour. That also speaks to the security awareness training we now provide all Trimble personnel.”

In a Transport Topics article, industry experts said cyberattacks are increasing in both frequency and complexity among freight transportation companies. It may not be possible to eliminate this threat entirely, they added, but with the right safeguards in place, trucking and logistics companies can reduce the risk of falling victim to a ransomware attack.

“We are a heavily targeted industry,” Cory Staheli, chief information officer at Trans-System Inc., told TT. The Cheney, WA-based corporation operates flatbed, refrigerated and bulk trucking companies.

“Cyberattacks increased three- to five-fold from the pre-COVID days,” Staheli related. “Before the pandemic, businesses primarily built their security measures around a firewall, but once people started working from home, they had to extend their defenses outside those secure walls.”

In addition to individual company and enterprise management system provider efforts, the industry as a whole is collaborating more extensively on cybersecurity. Through its Technology & Maintenance Council (TMC) and Transportation Security Council (TSC), American Trucking Associations (ATA) offers Fleet CyWatch.

A benefit to motor carriers belonging to ATA or its councils, the Fleet CyWatch program assists in reporting trucking-related internet crimes and cyberattacks. It shares information about threats that may impact transportation company operations.

Fleet CyWatch also coordinates with private and federal efforts to provide motor carriers with information and recommendations in cybersecurity awareness, prevention and mitigation methods. The program connects industry, federal enforcement associations and trade groups specializing in cybersecurity.

According to cybersecurity experts, ransomware attacks aren’t an inevitability and don’t have to become catastrophic events.

“Many attacks can be prevented, or at least minimized, by implementing security best practices,” Jérôme Segura, director of threat intelligence at Malwarebytes, told FreightWaves. “But, the day-to-day reality is that many organizations are not prepared and are not doing enough.”

“The steadily rising number of ransomware attacks show that hackers will continually and frequently try to exploit vulnerabilities in the systems that trucking, transportation and logistics companies rely on,” noted Weitz. Given the extensive nature of freight networks, companies need to take a multifaceted approach to mitigate those threats.

Enhance Your Cybersecurity with Trimble Technology

While no two transportation organizations are alike, the increasing need to defend against cybersecurity risks and ransomware attacks is universal. At Trimble, we are here to help.