Haulage firms are attractive targets for cyber crime

The motor transport and logistics industry ticks all the boxes that a cyber criminal looks for:

• They hold and process a large amount of business-critical and sensitive data.
• Logistics firms work to strict time constraints and cannot afford delays. Time is literally money.
• There are multiple connected systems, ranging from vehicle telemetry to inventory software in use. As technology advances, haulage firms incorporate it more and become ever reliant upon it.
• Haulage firms often don’t give any consideration to cyber security or have any interest in it.
• Often, logistics firms are part of a supply chain with interconnected digital systems, making them a great foothold into further targets and businesses. This can make haulage firms an easy stepping stone into larger corporations and helps an attacker to spread the damage.

Attacks range from defacement of websites to more serious and sophisticated incidents such as ransomware, whereby the business has its data encrypted by the malicious party. This leaves the business helpless and unable to operate, with the data only being released once a hefty ransom has been paid to the criminals.

Often the data is never fully recovered, even after paying the ransom. To add insult to injury, GDPR fines for losing customer data can be even higher than the ransom itself. Bad press, damage to reputation and a loss of customer trust perhaps has a longer, more painful effect than any monetary payment and can take longer to rebuild.

So what can you do to protect your business, livelihood and reputation?

Here are five quick tips from Mongoose Cyber Security that can help to bolster your firm’s protection against ransomware and hackers.

Minimise Your Attack Surface

The more you expose publicly, the more there is to attack. Make yourself as small a target as possible. To do this, you need to know what systems, software and devices are in use within your network. Understand which devices are “public-facing”, that is, devices that speak to the outside world or that can be reached remotely. A web server or mail server is a good example of this. Disable or get rid of any public-facing systems that are not necessary or being used. In addition to this, segment your networks. Separate public networks from your internal ones to stop an attacker hopping from one to another.

Work With What You’ve Got

Chances are you’ve got a firewall (you may not know it, but even your home router has a built-in firewall) that audits and inspects traffic going in and out of your network. Make sure it’s set up correctly. Limit traffic in and out to the bare minimum and deny access to IPs originating from places that you don’t do business with and that are known to support malicious traffic such as North Korea or Russia.

Furthermore, ensure that you change the default passwords of all connected devices. Many routers, web servers, and even firewalls come with generic, default passwords from the manufacturer and can be easily found or guessed by a hacker.

Update all of your software to the latest versions. This is one of the most important steps to protecting yourself against cyber threats.

Think Like an Attacker

Penetration Testing, more commonly known as Ethical Hacking, is the process of simulating a real-world attack against your company’s network and systems. The best defence is a good offence, and the only real way to see how secure your networks are is to attack them meticulously and thoroughly, using the latest techniques, tools and procedures. Penetration Testing is the best way to do this.

When you know where your weaknesses are and what they look like, you can then fix and patch them so that attackers cannot exploit them in the real world. To provide the best possible security audit, a thorough Penetration Test should include your networks, website, and even Wi-Fi.

Protect What You Can’t Change

Sometimes it’s not possible to fix a vulnerable system or remove it from use. There could be a number of reasons for this, ranging from cost to loss of interoperability. If you can’t change or remove the problem, then protect it as best you can. We recommend that next-generation firewalls are used where possible, as these are the most advanced and best performing firewalls on the market. Install good, enterprise level antivirus software on all devices including mobiles. Not all antivirus software is created equal, with the best variants responding in realtime to threats and updated regularly by the provider. Multi Factor Authentication (MFA) is another easy way to greatly improve your security, implement it where possible.

Maintain Awareness

Phishing is a fraudulent attempt to obtain sensitive information like usernames, passwords, credit card details, or other personal data by impersonating a trustworthy entity using email. Phishing is one of the most common and effective attacks we see. It’s all too easy for a busy employee to click a link and download something malicious or enter their credentials into a website that looks and acts just like the real thing, only to find that their account is now compromised. The best defence against phishing is to train your employees to be aware of such attacks and to spot the signs of a phish.

Keep Your Wheels Turning

Doing the basics well will help to make your transport firm a harder target for cyber criminals. Realising that cyber security is a necessity rather than a luxury is the first step towards protecting your haulage firm. Being aware, vigilant, and seeking the advice of a trusted cyber security provider are fantastic ways to improve your cyber security and help to maintain business continuity. For further advice, reach out to myself or the Mongoose Cyber Security team for more information on how to help protect your road transport firm.

Alistair Wesson

Founder, Mongoose Cyber Security