Webinar Report: What’s Ahead for Cybersecurity in 2025

Joe Ohr - December 2, 2024

During a recent webinar, National Motor Freight Traffic Association, Inc.’s (NMFTA) cybersecurity team looked at trends surrounding trucking and cybersecurity in 2025.

Taking part in the discussion were members of NMFTA’s cybersecurity team: Joe Ohr, chief operating officer; Artie Crawford, director of cybersecurity; Ben Wilkens, cybersecurity principal engineer; and Anne Zachos, cybersecurity research engineer.

The discussion covered a variety of cybersecurity-related topics, and the team offered well-informed insight about what is happening and what is likely to happen in each area, including:

Phishing

In addition to traditional phishing scams, which are basically social engineering designed to trick people into opening the door for malware, the industry is also seeing the emergence of two new forms. One is artificial intelligence (AI)-enhanced, which cleans up much of the writing, context, and terminology that used to help companies spot phishing scams by watching for poor grammar and so forth. This makes it even more critical that employees are trained and know what to look for to confirm the authenticity of anything that comes across their desks. The other is delayed phishing scams, which get around secure e-mail gateways by including links that are not yet malicious when they enter a system but are replaced with malicious content after they get through the e-mail gateway.

AI and Machine Learning

AI can be a two-edged sword when it comes to cybersecurity. It can help companies take a more advanced approach to threat detection by looking for certain patterns and constantly learning. But it can also help bad actors to be more sophisticated in their approaches, including the generation of content that appears to be genuine, and even from a trusted source. Team members are encouraged to always check directly with a real in-person source before they take any significant action requested through a digital communication, especially if it seems even a little out of the ordinary (especially sending money or entering credentials).

Zero-Trust Architecture

While many companies abandoned their pursuit of Zero-Trust in recent years, the team expects Zero-Trust to get a new look in the coming year as the industry sees the wisdom of a system that verifies everything—every device, every network, every person—and does not extend trust to anyone or anything. This will mean more authentication steps for users, but it will also mean more secure enterprises and assets.

API Security

As we see more connectivity within trucks, and more companies moving toward paperless operations, there will be a growing emphasis on how to secure application programming interfaces (APIs)—including public APIs and partner APIs. Critical to this effort will be steps such as role-based access control, enforcement of encryption, securing keys and tokens, control of input and utilization, and input validation.

Cyber-Enabled Cargo Theft

This is an entirely different kind of cargo theft. It’s not local and it’s usually not traceable. Often, it’s highly organized and has the fingerprints of nation-states on it. Those who perpetrate it are growing increasingly sophisticated in terms of where they attack.

But ultimately this remains a social engineering challenge, as the thieves must convince people to take actions they wouldn’t normally take—such as divulging information or entering log-in credentials on a fake load board or answering questions from someone who appears to be a broker but is really a fraud.

Training everyone from professional truck drivers to dispatch and back-office personnel is the key here, so they can ask the right questions and spot the imposters or refrain from entering the data or providing the requested information.

Threats to Assets and Internet of Things

As trucks become more connected, the key to asset security will be in how these risks are proactively managed. We will see a growing emphasis on secure-by-design technology, which will come to be seen as an expected good practice both on the enterprise and asset sides. This reflects a shift in the world of industrial control systems, where purchasing products with robust cybersecurity features built in is part of how companies are taking ownership of operational cybersecurity.

Privacy Regulations

Many states are looking at new privacy laws that have the potential to impact certain cybersecurity measures. For example, laws concerning the protection of sensitive data could impact the ability of trucking companies to use video surveillance as a security measure, since the laws could put restrictions on who can see the footage, or how it is stored, or who has access to it. At least eight states are currently considering such laws and more may follow.

NMFTA will keep a close watch on these issues and ensure wherever possible that the cybersecurity needs of the trucking industry are given strong consideration.

Also, mark your calendars for NMFTA’s Cybersecurity Conference in 2025: October 26-28 in Austin, TX.

Joe Ohr
Joe Ohr

Joe is the chief operating officer at the NMFTA. He brings to the organization over 20 years of experience in engineering product software, gained from roles at Omnitracs, Qualcomm, and Eaton. Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers.