Fleets Must Act to Prevent Ransomware Attacks

Sep 7, 2022

Share

Cybersecurity Priorities in the Pandemic Age

Ransomware and other cybersecurity threats show no sign of slowing down. In 2021, there was an 82% rise in ransomware-related data leaks, according to a CrowdStrike intelligence report.

Trucking companies already face plenty of challenges, such as driver retention and fuel costs. A ransomware attack that locks crucial systems behind encryption is a challenge that’s best avoided. Prevention is always the best cure for cyberattacks.

Part of the rise in ransomware can be attributed to disruptions created by the pandemic. Working from home and hybrid work models have become the de facto approach. IT teams quickly rose to the challenge of enabling remote work, and they must continue to adapt to secure systems.

The FBI reported a total of $6.9 billion in losses due to cybercrime in 2021—a 7% rise year-over-year. Fleets must understand the growing threat of cyberattacks and act now to prevent ransomware and other types of intrusions.

Webinar: Ramping up Your Cybersecurity Efforts

Ransomware declared a national security issue

In 2021, ransomware attacks that exploited flaws in widely used software from vendors such as Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups. This includes a $70 million ransom demand from the “REvil” gang that created a Ransomware-as-a-Service (RaaS) ring.

Attacks on U.S. infrastructure and government agencies prompted the White House to treat ransomware as a matter of national security. The U.S. government decided to establish new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and to consider the alternatives before paying a ransom.

A recent survey by UpCity revealed that 50% of small and midsize businesses have a cybersecurity plan. Fleets without an updated plan must act now to improve short-term and long-term cybersecurity.

How can trucking companies protect against ransomware?

A strong defense against cyberattacks requires a fleet-wide commitment to digital security. Some measures can be adopted quickly, while others require long-term planning and a greater investment in cybersecurity resources.

Deploy quick stopgap measures right now

Start with stopgap measures and quick wins that can be implemented immediately to improve security. Examples of easy-to-deploy security measures include:

  • Revise existing cyber risk guidelines and requirements.
  • Set up two-factor authentication and strong password policies.
  • Establish a security culture with regular training.
  • Control how employees access data and use the company network.
  • Govern how employees communicate over the company network.

Develop a comprehensive long-term cyber strategy

Start to review your current technology stack and security infrastructure as soon as possible. Some changes may take years to implement, while other improvements will be accomplished in a shorter timeframe.

Common improvements include investments in automation, advanced analytics, and other systems that improve the effectiveness of security processes. There should also be mechanisms developed that help measure how changes in your security program reduce risks after each initiative is rolled out.

These are some key questions that your long-term cybersecurity strategy should answer:

  • Does the security team have the expertise needed to tackle all technical challenges?
  • Is there a full understanding of vulnerabilities within core, critical business functions?
  • Have we invested enough to ensure that our cybersecurity provides sufficient protection?

Create an in-depth ransomware incident response plan

A ransomware incident response plan provides clear guidance on how to proceed if an attack occurs. This plan should begin by quantifying your ransomware risk, including potential attack vectors and key systems that should be prioritized. Many organizations already run tabletop exercises for business continuity planning (BCP). Adding ransomware plans to your BCP framework is a natural extension of preparing for all potential business disruptions.

Reduce your exposure to ransomware

People are the last line of defense against ransomware. Improve awareness of phishing by training people to recognize attacks and how to avoid them. Strengthen front-line defenses by deploying AI tools that help to flag attacks automatically. Evaluate a zero-trust approach for your security framework and review your use of remote desktop protocol (RDP), secure shell protocol (SSH), and virtual private networks (VPN). Don’t forget to implement multi-factor authentication.

Reduce work-from-home risks

If your remote workforce uses their own personal computers and devices to access your company’s applications and data, securing those endpoints must be a top priority. Devices that haven’t been fully secured provide a location that’s easier to attack. Embrace technologies that help reduce the attack surface of unmanaged devices, such as:

  • Mobile Device Management (MDM)
  • Mobile application management (MAM)
  • Network access control (NAC)
  • Browser isolation solutions

Step up cyber training and exercises

Regularly review, recalibrate, and readjust cyber awareness programs to measure, track, and improve the cyber risk culture of your organisation. This includes timely communication and briefings about new threats, security policies, and systems implemented to reduce risk.

Include security in vendor contracts

Security must be built into vendor contracts to reduce the risks of partnerships that involve shared data and systems. Fleets should be specific about expected security obligations, procedures, and how security regulations will be enforced. Contracts can also extend to any third parties that your vendor works with, even if you don’t have direct interactions with the third party.

Cybersecurity must be a business-wide concern

ISAAC recently completed an 18-month process to become fully certified for ISO 27001 standards—one of the most stringent security standards available for organizations. This shows our commitment to cybersecurity for our clients, partners, and ourselves. We know that keeping ourselves safe improves security for everyone we collaborate with, including fleets.

Learn how the ISAAC solution helps to simplify trucking while maintaining a secure digital ecosystem.

About the author

Joe Russo, Vice President IT & security

Joe Russo, VP IT & Security at ISAAC, is an IT Executive with over 20 years’ experience leading IT teams in multinational environments and various sectors: banking, pharma, transportation and technology services. He has held senior leadership roles in Switzerland at Morgan Stanley and the Bank for International Settlements, and then in Montreal at McKesson Canada, Syntax and CN Rail. His experience in aligning IT strategy with corporate strategy makes him a strong transformational leader who excels at overcoming technical, cross-cultural and organizational challenges to solve business challenges. Joe holds a MSc in Information Technology & Management from Sheffield University, completed the Mini-MBA program at McGill University and holds the CISSP certification.

Time to move forward with managed technology

Recent blog articles

Fuel Efficiency Programs Can Improve Driver Retention

by | Sep 29, 2022 | Best practices,Industry | 0 Comments

Driver retention and fuel costs are two main issues that fleets face. Fuel efficiency initiatives can support improvements for both issues at once.

A Summer of Accomplishments for ISAAC

by | Sep 22, 2022 | President’s blog | 0 Comments

As the summer of 2022 comes to a close, I find myself looking back at some of our most recent accomplishments.

Fleets Must Act to Prevent Ransomware Attacks

by | Sep 7, 2022 | Best practices,Industry | 0 Comments

Ransomware is on the rise. Fleets must protect themselves against ransomware with a strong cybersecurity plan.

What Happens at a Roadside Inspection and How to Prepare

by | Sep 7, 2022 | Compliance and regulations,Road safety | 0 Comments

Fleets and drivers undergo multiple types of roadside inspections. Focus on safety, training, and driver support to ensure compliance.

How a Lack of Safe Truck Parking Hurts Drivers and Fleets

by | Aug 10, 2022 | Compliance and regulations,Road safety | 0 Comments

A lack of safe truck parking spots has been a serious industry issue for more than a decade, making life difficult for drivers and fleets.

How to Improve Your Fleet’s Fuel Efficiency

by | Aug 9, 2022 | Best practices | 0 Comments

In the last few years, the average fuel efficiency of fleets has increased thanks to various eco-driving technologies. Find out if your fleet has implemented any of the five common fuel efficiency tactics: mechanical upgrades, aerodynamics, power sources, operational improvements, driver training.

Drivers and Fleets Benefit from Reducing Fuel Use with ISAAC Coach

by | Jul 28, 2022 | Best practices | 0 Comments

ISAAC Coach helps to reduce fuel costs and improves driving efficiency for transport truck fleets.

How Truck Fleets Can Prevent Nuclear Verdicts

by | Jul 20, 2022 | Road safety | 0 Comments

Prevent nuclear verdicts with a strong fleet safety culture. Dashcams and truck telemetry also reduce the risk of large jury rewards against trucking companies.

Latest Features Overview

by | Jul 11, 2022 | New features | 0 Comments

ISAAC’s latest features allow to perform preventive maintenance, manage personal views on assets, use hours of service information to improve other processes, and optimize truck loads.

See the ISAAC solution in action

We’ll help you bring out the best in your team.