The Alarming Rise in Cyber Risks in the Transportation IndustryCyber risks are no longer confined to computers – any smart device with an internet connection is vulnerable to cyberattacks. These days, this includes trucks equipped with electronic logging devices (ELDs). As technology advances, cyber risks in the transportation industry grow.
Hackers Are Targeting the Transportation Industry
Cybercriminals will go after any company if they think they can make money. The transportation industry is an attractive target because downtime causes significant disruption, which means victims may be eager to reach a resolution, even if it means paying a ransom. At the same time, increased reliance on technology gives hackers many points of entry. They can target computers in a home office, other companies in the supply chain, or even the vehicles themselves.
According to research from Colorado State University, the ELDs that are now required by U.S. regulations have become potential cybersecurity threat vectors. Hackers can use these devices to take control of vehicle systems via controller area network (CAN) messages or upload malicious firmware to manipulate vehicle operations and data. It’s also possible to launch truck-to-truck worms that take advantage of the way these devices are networked. A worm attack could cause widespread disruption to both operations and safety.
Attacks Are Already Causing Disruption
The Colorado State University research looked at potential vulnerabilities, but some transportation companies have already experienced real-life cyberattacks.
Bison Transport had to switch back to paper logbooks after a ransomware attack struck a vendor, according to Today’s Trucking. Approximately 100 trucks lost access to the ELD and fleet management software due to the attack. The FMCSA issued an exemption to allow for the use of paper logs until it company resolved the problem.
In another incident, FleetOwner says a carrier fell victim to a cyberattack after opening a document attached to a truck driver application. The document appeared blank, but it actually contained malware that changed all the server logins and demanded a ransom. Then, the cybercriminals used the stolen customer data to start booking loads and demanding cash advances.
In a Trimble survey, more than half of the freight carriers said they had either been impacted by a security issue directly or had seen their peers impacted. The problem is becoming worse – according to Today’s Trucking, experts say there was a 400% increase in reported automotive cyberattacks between 2017 and 2022.
The Fallout of a Cyberattack
Cyberattacks can target ELDs, vendors, or the computer systems used to manage operations. Regardless of the details, the fallout may be significant:
- Operations may stop. This strains business relationships and leads to lost revenue and other costs.
- Drivers may be at risk. If hackers are able to take control of a vehicle’s system – as CSU researchers warn – safety is a serious concern.
- Equipment may be compromised. The company’s computer systems and vehicle technology may be damaged in the attack.
- Sensitive data may be stolen. Targeted companies may need to provide timely notification and credit monitoring to individuals who were impacted, which may be expensive.
- Data may be lost. After a cyberattack, it is not always possible to recover all the data.
- Reputations may be damaged. Experiencing a data breach and disruption is bad enough, but it’s even worse if cybercriminals use the stolen information to scam a company’s customers – possibly while posing as that company.
All these consequences may occur even if the company agrees to pay a ransom to end the attack. According to the 2024 State of Ransomware report from Sophos, ransom payments have increased by 500% in the last year, with the average payment now at $2 million.
Is Your Company Prepared?
As the transportation industry embraces technology, it must also embrace cybersecurity.
- Are your systems secure? Cybersecurity applies to all internet-connected devices, including ELDs.
- Are your workers trained? Cybercriminals may target workers with phishing attacks and malicious attachments or links.
- Are your vendors practicing cybersecurity best practices? Vet your vendors and address cybersecurity liability issues in your contracts.
- Do you have a business continuity plan? Regular data backups and alternative, paper-based systems may make it possible to continue operations.
- Do you have appropriate insurance coverage? If you suffer a cyberattack, cyber insurance will help you control your losses.
Your other insurance policies may not provide adequate coverage for ransomware and other cyber risks in the transportation industry. Heffernan Insurance Brokers can help your transportation company obtain the cyber liability insurance you need to manage your cyber risks. Learn more.
