Imagine a single breach of your computer system costing you more than $10 million. This is reality for today’s trucking industry, as hackers have shown a startling ability to take down fleets’ operational systems – either in the form of a ransomware attack or to cripple the assets themselves while stealing valuable data. All of this is not a matter of if, but when.
We’ve talked a great deal in this space about the steps companies need to take to protect themselves against such attacks. In a recent FreightWaves interview, the National Motor Freight Traffic Association’s (NMFTA) Director of Enterprise Security Antwan Banks urged trucking companies to prioritize both patching and training. The former plugs holes caused by frequent system updates. The latter addresses the weakest link, which is employees who inadvertently open phishing e-mails or otherwise make the hackers’ jobs easy for them.
Truck fleet managers can and should protect themselves against cyberattacks. Again: It is not a matter of if, but when these attacks will happen. Because they will happen. Here at NMFTA, we offer a wide array of tools and strategies to help with that, and we are confident our industry can beat back this threat.
But we also believe companies should have a hopeful vision for how to recover if they do get hit.
A cyberattack can be devastating, but it doesn’t have to be the end of the road for trucking companies. If you do get hit, there is a path to recovery. But the time to think about that is now – before the attack happens.
It starts with your backup procedures. If your backup lives solely on your system, that’s trouble. Once a ransomware attack is in your system, it will keep spreading and searching your system until it finds your backups and compromises them as well.
The only truly reliable backup is one that lives offline, with an absolutely immutable procedure. The old-fashioned way is to use tapes. The newfangled way is to back up to the cloud. Each one is good. Doing both is even better. When you mirror your strategy, it’s further protection against an attack.
If you have effectively backed up, now it’s time to start thinking about getting back to full operations. That starts with some important questions:
How long can you afford to be down? Let’s say you get hit on Tuesday and you need to run payroll on Thursday. In that case you need to be back up in two days, so you’d better make sure your backup strategy allows for that.
When you set a recovery point, you want to make sure you go back far enough that you can retrieve critical data. Do you need two weeks’ worth of invoices to be fully operational again? Or do you need two months’ worth?
Once you’re back up, you need to decide what you’re going to bring up first – and if you’ll need new computers because the ones that were attacked are irretrievably compromised.
You know your operation, so you can probably answer those questions. But you have to make sure to ask them, and to set your backup procedures accordingly.
Finally, if you’re fortunate enough to take comfort in the fact that you have cybersecurity insurance, you want to make sure you have enough – and that you’re doing what’s necessary to keep it available.
For example, did you know that many policies will be considered void if you’re not keeping up with patching? Read the fine print of your policy and talk to your insurer if you don’t understand something, so you can be sure the coverage will be there for you.
And of course, be sure your policy will cover what you need. What would it cost you if an attack knocked you out for a week? Maybe $1 million. Do you have that much coverage?
You can come back from a cyberattack. You can retrieve your records, restore what you’ve lost and get back to business. But you must prepare for it now.
The best preparation gives you a real shot at preventing an attack completely. Sometimes the hackers prevail, though, and it’s up to you to take steps to make sure, if they knock you down, you can get back up.
NMFTA has many useful resources to help you protect your fleet and enterprise against cyberattacks, so take a look through our webinars, blogs and videos. And of course, if you would like to attend NMFTA’s Digital Solutions Conference, you can register here.