API Security: A Mission-Critical Call to Download Our 2024 Trucking Cybersecurity Trends Report

NMFTA - February 9, 2024

As application programming interfaces (APIs) empower the digital progress of the trucking industry – connecting various digital platforms and programs to interact with each other – they also represent a vulnerable target for cyberattackers. In a recent global survey of more than 1,000 companies, nearly half said they have experienced not one, not two but at least three breaches in which the hackers had taken advantage of API vulnerabilities to get in.

Consider a logistics company that has digitized its operations for dispatch, fleet management, warehouse operations, finances and personnel. Not only does the company need all these programs to interact with each other but the shippers, 3PLs, and vendors with which it does business also need to ensure that their own digital systems can interact with the carrier’s platforms.

APIs make that possible.

APIs allow, for example, a shipper to log into a carrier’s system and–using his or her own payment platform–pay the carrier’s invoice. APIs make it possible for the entire industry to be digitally connected in every way. This is exactly why the NMFTA’s Digital LTL Council is working on a series of APIs that will digitize every step in the LTL shipment process, taking into account the vulnerabilities that we all face.

The use of APIs in trucking is still limited but growing quickly. A recent report from FreightWaves illustrated the point. In a survey of major players in the trucking industry, FreightWaves found:

  • Only about 40 percent of respondents reported being “very familiar” with APIs, and the remaining respondents were either not familiar with APIs or had not heard of them at all before completing the survey.
  • Even though most survey respondents reported being only somewhat familiar with APIs, about 75 percent of respondents reported using them in their businesses.
  • About 30 percent of shipper respondents said their business currently has one to four APIs in place with outside vendors. Over 20 percent of respondents said their business has five to nine APIs, and approximately 23 percent reported having 10 or more APIs with outside vendors.
  • Only 25 percent of respondents reported having no APIs with outside vendors at the time of the survey. These results suggest that not all shippers using APIs are familiar enough with the tools to utilize them effectively.

The conclusion is clear. The trucking industry is quickly recognizing the importance of APIs to the larger digitization of the industry. A year from now, these numbers will show the growth has accelerated.

But a recent report from Traceable, titled Traceable’s Global State of API Security, presents a troubling picture of the damage hackers have already done through API-based attacks.

Traceable and the Ponemon Institute surveyed more than 1,600 companies in 100 different countries for the report. Among the critical findings:

  • A troubling 48 percent of organizations say API sprawl is their top security challenge.
  • A full 60 percent of the companies surveyed had experienced data breaches, and of these, 74 percent had experienced at least three API-related breaches. What’s more, 40 percent had experienced five or more API-related breaches, and 11 percent had experienced seven or more API-related breaches.
  • A significant 58 percent of respondents agree that APIs expand the surface cyber hackers can use to launch attacks. What’s more, a similar number agree that traditional security solutions are not effective in distinguishing legitimate functions from fraudulent activity at the API layer.
  • Only 59 percent of organizations have the capacity to discover all APIs in use, which is troubling because an undiscovered API is an unmonitored one. That’s an inviting potential gateway for cyber threats.
  • Only 38 percent of organizations are able to understand the context between API activities, user behaviors, data streams and code execution. That understanding is critical to recognizing a breach attempt.

API security is one of the critical issues we deal with in our 2024 Trucking Cybersecurity Trends Report (downloadable here).

During our October 2023 Digital Solutions Conference on Cybersecurity in Houston, TX, we offered an eye-opening presentation on API security from Kleinschmidt’s Dan Heinen, Transcard’s David Samples, and Global CISO’s Michael Oberlaender.

The panelists all urged trucking companies to take two critical steps:

  1. Adopt a no-trust environment when it comes to both enterprise and assets, meaning neither people nor other applications should be able to access an application without going through multi-factor authentication (MFA).
  2. Train people not to bypass security measures, and not to give others the opportunity to do the same.

When hackers succeed at committing a cybersecurity attack, their targets pay the price in the form of financial losses, disrupted operations and, frequently, damage to their reputations. Remember, the interconnectivity of the trucking industry means it’s not just your company that will be impacted when you’re hit with an API attack. Your customers and your vendors will likely be impacted as well–and the last thing you want is for your company to be the reason that happened.

We cannot have the trucking industry faced with this volume of attacks on a constant basis. As the sprawl of digitization continues, breaches at this level would have the capacity to cripple our entire industry – with serious implications for the national economy.

NMFTA has tremendous resources to help in this fight. We encourage everyone in the industry to attend our annual cybersecurity conference, which will be held this year in Cleveland, OH October 27-29. We offer frequent blogs and reports on API security based on a recent API security webinar.

The one action you can take right now to become more informed about API Security, is to download our 2024 Trucking Cybersecurity Trends Report. For cyber and IT professionals, it will give you a heads-up on the issues to be working on, and will also give you the opportunity to get support from upper management for preventive measures.

The report also contains the latest on phishing attacks, the growing cyberthreat from AI and a variety of other developing trends throughout the world.

The trucking industry must be resolved and united on this point: We are not going to allow cyberattackers to cripple us, rob us or disrupt our operations. Too much is at stake, and we have worked too hard to build the enterprises that are delivering for our customers and for the nation every day.

NMFTA
NMFTA

The National Motor Freight Traffic Association promotes, advances, and improves the welfare and interests of the motor carrier industry and less than truckload carriers operating in commerce, both domestically and/or internationally.