Why a cyber incident response plan is critical for fleets

by Abdul Latheef

TORONTO, Ont. – Amid a flurry of warnings, a Canadian cybersecurity expert is urging carriers to take proactive measures, and deploy a cyber incident response plan to avoid any costly surprises.

“If they prepare, they are going to be able to respond quicker and better, and they will have less of an impact on their business,” said Imran Ahmad, who practises cybersecurity law at Blake, Cassels and Graydon LLP in Toronto.

Photo: iStock

Ahmad’s advice came just days after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued separate warnings of possible attacks.

In an alert issued July 23 and aimed at all industries, CISA recommended immediate action to reduce exposure across operational technologies and control systems.

The FBI, meanwhile, warned trucking companies that cyber criminals could hack the electronic logging devices (See box).

The warning also comes at a time when many carriers are moving toward all-digital trucking.

Imran Ahmad
Imran Ahmad. Photo: Blake, Cassels and Graydon LLP .

There are mainly two types of online attacks: One is aimed at stealing data while the other is designed to disrupt operation, typically done with some kind of a ransomware attack, Ahmad said.

“What the hackers are trying to do is, they get into the systems, and deploy the ransomware so that all systems are paralyzed, or a big chunk of the most critical infrastructure is paralyzed. And, then they want a payment made very quickly,” Ahmad told Today’s Trucking.

He said trucking companies should have a good understanding of what their IT systems are, and what the impact would be if they were down.

Ransomware was the most common method of hacking in Canada last year, and Ontario bore the brunt of cybercrime with 36% of the incidents reported from the province, according to Blakes Canadian Cybersecurity Trends Study, released this year.

Cyber insurance

So, what carriers can do? How about “standalone” cyber insurance?

Fleets are already complaining about soaring insurance premiums, but that doesn’t stop Ahmad from advising carriers to get cyber insurance, which has been available in Canada for the past 10 years.

“It will cover legal costs, and it will cover forensics and system restoration which is the biggest chunk of money that you’re going to spend in any kind of cyber incident process.”

Ahmad said $1 million ransom is common these days, and a one-time payment might not stop the hacker from coming back because of the vulnerability of the backdoor.

“The first incident can hurt the organization, the second and third can actually be crippling,” warned Ahmad, who is also the author of Cybersecurity in Canada: A Guide to Best Practices, Planning, and Management.

“You are better off having the (cyber) insurance than not having it, in my view.”

‘Covid-19’ new phishing subject

Online driver training provider CarriersEdge has recently added Cybersecurity: Protecting Your Data to its list of courses, which it believes will help drivers and office staff better prepare for any attack.

CarriersEdge offers a course on cybersecurity. Photo: CarriersEdge

“We focus on how regular users of networked or interconnected systems can protect their carrier’s data by learning how to recognize the signs of phishing, baiting, impersonation and other social manipulation commonly used by cybercriminals,” said CEO Jane Jazrawy.

“The manipulation will be based on current events. Right now, ‘Covid-19’ and ‘PPE’ are common subjects of phishing email messages.”

Jazrawy said carriers have to think about two potential areas of weakness that cybercriminals will target: any connected systems for transferring information and the people who use those systems.

“The way cybercriminals are able to infiltrate companies has been primarily through human error and social manipulation using email or text.”

Have your say

This is a moderated forum. Comments will no longer be published unless they are accompanied by a first and last name and a verifiable email address. (Today's Trucking will not publish or share the email address.) Profane language and content deemed to be libelous, racist, or threatening in nature will not be published under any circumstances.