Fleets Must Act to Prevent Ransomware Attacks

Sep 7, 2022

Cybersecurity Priorities in the Pandemic Age

Ransomware and other cybersecurity threats show no sign of slowing down. In 2021, there was an 82% rise in ransomware-related data leaks, according to a CrowdStrike intelligence report.

Trucking companies already face plenty of challenges, such as driver retention and fuel costs. A ransomware attack that locks crucial systems behind encryption is a challenge that’s best avoided. Prevention is always the best cure for cyberattacks.

Part of the rise in ransomware can be attributed to disruptions created by the pandemic. Working from home and hybrid work models have become the de facto approach. IT teams quickly rose to the challenge of enabling remote work, and they must continue to adapt to secure systems.

The FBI reported a total of $6.9 billion in losses due to cybercrime in 2021—a 7% rise year-over-year. Fleets must understand the growing threat of cyberattacks and act now to prevent ransomware and other types of intrusions.

Webinar: Ramping up Your Cybersecurity Efforts

Ransomware declared a national security issue

In 2021, ransomware attacks that exploited flaws in widely used software from vendors such as Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups. This includes a $70 million ransom demand from the “REvil” gang that created a Ransomware-as-a-Service (RaaS) ring.

Attacks on U.S. infrastructure and government agencies prompted the White House to treat ransomware as a matter of national security. The U.S. government decided to establish new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and to consider the alternatives before paying a ransom.

A recent survey by UpCity revealed that 50% of small and midsize businesses have a cybersecurity plan. Fleets without an updated plan must act now to improve short-term and long-term cybersecurity.

How can trucking companies protect against ransomware?

A strong defense against cyberattacks requires a fleet-wide commitment to digital security. Some measures can be adopted quickly, while others require long-term planning and a greater investment in cybersecurity resources.

Deploy quick stopgap measures right now

Start with stopgap measures and quick wins that can be implemented immediately to improve security. Examples of easy-to-deploy security measures include:

  • Revise existing cyber risk guidelines and requirements.
  • Set up two-factor authentication and strong password policies.
  • Establish a security culture with regular training.
  • Control how employees access data and use the company network.
  • Govern how employees communicate over the company network.

Develop a comprehensive long-term cyber strategy

Start to review your current technology stack and security infrastructure as soon as possible. Some changes may take years to implement, while other improvements will be accomplished in a shorter timeframe.

Common improvements include investments in automation, advanced analytics, and other systems that improve the effectiveness of security processes. There should also be mechanisms developed that help measure how changes in your security program reduce risks after each initiative is rolled out.

These are some key questions that your long-term cybersecurity strategy should answer:

  • Does the security team have the expertise needed to tackle all technical challenges?
  • Is there a full understanding of vulnerabilities within core, critical business functions?
  • Have we invested enough to ensure that our cybersecurity provides sufficient protection?

Create an in-depth ransomware incident response plan

A ransomware incident response plan provides clear guidance on how to proceed if an attack occurs. This plan should begin by quantifying your ransomware risk, including potential attack vectors and key systems that should be prioritized. Many organizations already run tabletop exercises for business continuity planning (BCP). Adding ransomware plans to your BCP framework is a natural extension of preparing for all potential business disruptions.

Reduce your exposure to ransomware

People are the last line of defense against ransomware. Improve awareness of phishing by training people to recognize attacks and how to avoid them. Strengthen front-line defenses by deploying AI tools that help to flag attacks automatically. Evaluate a zero-trust approach for your security framework and review your use of remote desktop protocol (RDP), secure shell protocol (SSH), and virtual private networks (VPN). Don’t forget to implement multi-factor authentication.

Reduce work-from-home risks

If your remote workforce uses their own personal computers and devices to access your company’s applications and data, securing those endpoints must be a top priority. Devices that haven’t been fully secured provide a location that’s easier to attack. Embrace technologies that help reduce the attack surface of unmanaged devices, such as:

  • Mobile Device Management (MDM)
  • Mobile application management (MAM)
  • Network access control (NAC)
  • Browser isolation solutions

Step up cyber training and exercises

Regularly review, recalibrate, and readjust cyber awareness programs to measure, track, and improve the cyber risk culture of your organisation. This includes timely communication and briefings about new threats, security policies, and systems implemented to reduce risk.

Include security in vendor contracts

Security must be built into vendor contracts to reduce the risks of partnerships that involve shared data and systems. Fleets should be specific about expected security obligations, procedures, and how security regulations will be enforced. Contracts can also extend to any third parties that your vendor works with, even if you don’t have direct interactions with the third party.

Cybersecurity must be a business-wide concern

ISAAC recently completed an 18-month process to become fully certified for ISO 27001 standards—one of the most stringent security standards available for organizations. This shows our commitment to cybersecurity for our clients, partners, and ourselves. We know that keeping ourselves safe improves security for everyone we collaborate with, including fleets.

Learn how the ISAAC solution helps to simplify trucking while maintaining a secure digital ecosystem.

About the author

Joe Russo, Vice President IT & security

Joe Russo, VP IT & Security at ISAAC, is an IT Executive with over 20 years’ experience leading IT teams in multinational environments and various sectors: banking, pharma, transportation and technology services. He has held senior leadership roles in Switzerland at Morgan Stanley and the Bank for International Settlements, and then in Montreal at McKesson Canada, Syntax and CN Rail. His experience in aligning IT strategy with corporate strategy makes him a strong transformational leader who excels at overcoming technical, cross-cultural and organizational challenges to solve business challenges. Joe holds a MSc in Information Technology & Management from Sheffield University, completed the Mini-MBA program at McGill University and holds the CISSP certification.

Time to move forward with managed technology

Recent blog articles

Choosing a truly cost-effective in-cab device for your drivers

by | Mar 1, 2024 | Cost savings | 0 Comments

Discover why rugged tablets outshine consumer-grade devices for trucking technology solutions for fleet management.
ISAAC Instruments advanced fleet-management technology in action, showcasing a modern semi-truck on the move, representing streamlined operations and driver safety.

Shaping the Future of Trucking with ISAAC’s Latest Innovations

by | Feb 28, 2024 | New features | 0 Comments

Discover our latest innovations to advance trucking technology for better safety, compliance, and driver happiness.

Enhancing Road Safety Through Eco-Driving with the ISAAC Coach

by | Feb 9, 2024 | Safety | 0 Comments

Discover how the ISAAC Coach enhances road safety through eco-driving, reducing accidents and boosting efficiency in trucking.

4 Benefits of Truck Dash Cams for Drivers and Carriers

by | Jan 10, 2024 | Safety | 0 Comments

Explore the top advantages of dash cams for trucks: speeding up claims, protecting drivers, enhancing safety, and informing fleet management.

Overcoming Critical Challenges in Trucking Operations with ISAAC

by | Nov 21, 2023 | Industry | 0 Comments

Experts shared trucking's "Critical Issues" list and strategies for improvement. Discover how our ISAAC solution can help fleets tackle these challenges.

Enhance safety, fuel economy and driver happiness with the ISAAC Coach

by | Nov 6, 2023 | Cost savings,Safety | 0 Comments

Enhance safety, fuel economy, and driver happiness with the ISAAC Coach. This innovative in-cab coaching solution provides real-time feedback to drivers.

Required Documents During Roadside Inspections

by | Oct 2, 2023 | Compliance | 0 Comments

Know which documents truck drivers need to have onboard to ensure quicker, easier, and more successful roadside inspections.

Technology for a More Effective Truck Driver Safety Program

by | Sep 28, 2023 | Safety | 0 Comments

Fleet safety plays an enormous role in the success of trucking operations. Learn how technology and training can be central to any truck driver safety program.

How ISAAC integrates with McLeod Software to Optimize Fleet Management

by | Aug 16, 2023 | Best practices,Cost savings | 0 Comments

ISAAC is the first telematics provider to integrate with the McLeod TMS, helping fleets to automate tasks and realize efficiency gains.