As application programming interfaces (APIs) empower the digital progress of the trucking industry – connecting various digital platforms and programs to interact with each other – they also represent a vulnerable target for cyberattackers. In a recent global survey of more than 1,000 companies, nearly half said they have experienced not one, not two but at least three breaches in which the hackers had taken advantage of API vulnerabilities to get in.
Consider a logistics company that has digitized its operations for dispatch, fleet management, warehouse operations, finances and personnel. Not only does the company need all these programs to interact with each other but the shippers, 3PLs, and vendors with which it does business also need to ensure that their own digital systems can interact with the carrier’s platforms.
APIs make that possible.
APIs allow, for example, a shipper to log into a carrier’s system and–using his or her own payment platform–pay the carrier’s invoice. APIs make it possible for the entire industry to be digitally connected in every way. This is exactly why the NMFTA’s Digital LTL Council is working on a series of APIs that will digitize every step in the LTL shipment process, taking into account the vulnerabilities that we all face.
The use of APIs in trucking is still limited but growing quickly. A recent report from FreightWaves illustrated the point. In a survey of major players in the trucking industry, FreightWaves found:
The conclusion is clear. The trucking industry is quickly recognizing the importance of APIs to the larger digitization of the industry. A year from now, these numbers will show the growth has accelerated.
But a recent report from Traceable, titled Traceable’s Global State of API Security, presents a troubling picture of the damage hackers have already done through API-based attacks.
Traceable and the Ponemon Institute surveyed more than 1,600 companies in 100 different countries for the report. Among the critical findings:
API security is one of the critical issues we deal with in our 2024 Trucking Cybersecurity Trends Report (downloadable here).
During our October 2023 Digital Solutions Conference on Cybersecurity in Houston, TX, we offered an eye-opening presentation on API security from Kleinschmidt’s Dan Heinen, Transcard’s David Samples, and Global CISO’s Michael Oberlaender.
The panelists all urged trucking companies to take two critical steps:
When hackers succeed at committing a cybersecurity attack, their targets pay the price in the form of financial losses, disrupted operations and, frequently, damage to their reputations. Remember, the interconnectivity of the trucking industry means it’s not just your company that will be impacted when you’re hit with an API attack. Your customers and your vendors will likely be impacted as well–and the last thing you want is for your company to be the reason that happened.
We cannot have the trucking industry faced with this volume of attacks on a constant basis. As the sprawl of digitization continues, breaches at this level would have the capacity to cripple our entire industry – with serious implications for the national economy.
NMFTA has tremendous resources to help in this fight. We encourage everyone in the industry to attend our annual cybersecurity conference, which will be held this year in Cleveland, OH October 27-29. We offer frequent blogs and reports on API security based on a recent API security webinar.
The one action you can take right now to become more informed about API Security, is to download our 2024 Trucking Cybersecurity Trends Report. For cyber and IT professionals, it will give you a heads-up on the issues to be working on, and will also give you the opportunity to get support from upper management for preventive measures.
The report also contains the latest on phishing attacks, the growing cyberthreat from AI and a variety of other developing trends throughout the world.
The trucking industry must be resolved and united on this point: We are not going to allow cyberattackers to cripple us, rob us or disrupt our operations. Too much is at stake, and we have worked too hard to build the enterprises that are delivering for our customers and for the nation every day.