Executive Summary
- Ransomware attacks targeting the transportation sector have surged by 66% since 2022, according to an NCC Group report.
- Industry leaders are implementing comprehensive incident response and business continuity plans to mitigate the impact of cyberattacks.
- Key strategies include regular drills, such as switching between redundant data centers, and conducting “tabletop exercises” to simulate real-world attack scenarios.
- Continuous employee education, particularly on identifying phishing attempts, is identified as a critical component of a strong cybersecurity posture.
The U.S. trucking industry is intensifying its efforts to combat a dramatic rise in cyberattacks by developing robust incident response and business continuity plans. Citing a recent report from the NCC Group that found ransomware attacks on transportation organizations have jumped 66% since 2022, industry leaders are stressing the importance of preparation, regular drills, and employee education to maintain operations during security breaches.
The need for a formal plan was highlighted by Jack Smith, a cybersecurity solutions architect at Hirschbach. Smith recounted facing a major cyberattack just three days into his job, which shut down all company information systems. Without a pre-existing plan, the immediate response was to shut everything down, nearly forcing the company back to paper-based operations. The system was restored in under 24 hours, but the incident underscored the vulnerability of unprepared companies.
Steve Hankel, vice president of information technology at Johanson Transportation, emphasized the value of proactive drills. Speaking at the National Motor Freight Traffic Association’s cybersecurity conference, Hankel explained that his company maintains separate East and West Coast data environments and practices switching between them twice a year. “Just in the last month, our entire system went down,” Hankel said. “We were able to move from the East Coast back to the West Coast in about two and a half hours.”
Werner Enterprises utilizes a different training method known as tabletop exercises. Ronnie Thomas, the company’s vice president of technology solutions, said these sessions bring together stakeholders to walk through a simulated attack scenario hour-by-hour. “We know that the threat actors are at the top of their game, and so we want to continue to practice and make sure we’re able to respond quickly,” Thomas stated. Werner also educates its workforce by using vendors to simulate phishing attacks, which are the most common delivery method for ransomware.
Developing a Response Strategy
According to the NCC Group, attackers target transportation companies of all sizes because service disruptions can be exploited for financial blackmail. Experts advise that the first step for any company is to document all major business processes and their dependencies, including technology, key personnel, and vendors. “Have something documented so that you’re not trying to start from scratch in the middle of a heated event,” Hankel advised. A clear, pre-written plan allows teams to respond calmly and effectively, minimizing the damage caused by an attack.