3PL Perspectives
OCTOBER IS CYBERSECURITY Awareness Month, which has never been more applicable to the transportation industry than it is today.
The digital world hasn’t been as kind to every industry. There was never an invitation for the transportation industry to join, though it was pushed in this direction as transportation technology players continued to emerge. A historically manual industry took rapid steps towards modernization. The speed at which Transportation Management System (TMS), load board, Electronic Logging Device (ELD), visibility, and other necessary tools became common in the hands of transportation companies only made sense. There is a clear shift from the manual systems which built the 3PL’s role in the supply chain to the rise of the modern 3PL that may operate more efficiently.
Trade-off: Efficiency Over Manual Processes
Every piece of a freight broker’s supply chain management can now be done remotely, and there has been a huge expansion of remote sales offices as 3PLs capitalize on the work-from-anywhere movement. With this digital shift, there is also a huge opportunity for certain tech-savvy businesses to expand their income, but not how one might think. The supply chain is more vulnerable than ever to cyberattacks, having quickly pivoted to the digital model without consideration of how exposed new systems and technologies leave them.
In 2020, one of the Top 20 3PLs in the world was hit twice in the same year by an incredibly sophisticated ransomware attack. In 2017, the largest shipping line in the world was shut down temporarily by a cyberattack. A trucking fleet of 400 power units was hit by a ransomware attack in 2018 and again in 2021. Also in 2021, two of the largest freight forwarders in the U.S. were hit with cyberattacks.
But attacks are not limited to major organizations. Small-scale shippers, motor carriers, and freight brokers are being targeted in what has been a lush freight market over the past year and a half. With more money flowing through the supply chain, even the modest 3PL is being targeted—some have even paid ransoms in order to get their businesses back online.
What are the most common forms of cyberattacks that are occurring in the transportation industry?
Phishing scams have greatly increased as an age-diverse workforce opens emails and clicks links without checking who the sender is, if the email is loaded with misspellings and grammatical errors, and other common-sense indicators one may use to detect fraud. Phishing occurs when a malicious outside party sends an email to an employee at a company that has a clickable link embedded and when clicked, may download malware, or lock the employee out of their computer giving the outside party control.
This can lead to a ransomware attack. Some hackers will enter a freight broker’s system and stay dormant for weeks before a ransom request is made. A ransom request happens when the outside party makes a demand such as paying $1 million immediately or they will lock the 3PL out of all their systems and effectively halt the business. The terms of each attack may vary, but a crucial note on this is that historically, even if the first request is paid, hackers have no obligation to delete their malware from the system and will typically make second and third demands of the 3PL.
With malware, it is necessary to immediately get a professional consultant involved to run diagnostics on the internal systems and try to diagnose if data has been corrupted as well as evaluate if the intruders can even be expelled from the digital inner workings of a modern 3PL. Some cybersecurity firms will even admit that after a thorough diagnostic examination during a cyber event that they can’t always say with 100% certainty that the intruders can be completely expelled from the system.
What Is the Real Risk in a Cybersecurity Event?
Much more than just a delay in business. A 3PL’s shipper clients, vendors, contracted motor carriers, and employees may be directly impacted. Depending on how information is stored, sensitive documents could be compromised, and a 3PL may be faced with having to pay a cyber attacker to prevent them from selling any sensitive shipper/carrier information online or permanently deleting crucial information not backed up elsewhere.
How does a freight broker stop these things from happening or mitigating what could be a multi-day/week ransom event? The obvious answer is implementing some basic procedures proactively, though in an actual ransomware attack, a company will need to already have a technology partner on their side that can combat an attack on their behalf.
Cyber liability insurance doesn’t function the same way other 3PL coverages do. When a policy is written, the insured will have a contact at the cyber security insurance market who can immediately get to work during an attack. Speed is absolutely key in reporting a cyber claim as even a few minutes of delay in getting an investigative team working may make a meaningful difference in the severity of the attack. Once notified, cyber investigators can immediately get to work to set a path forward on how to respond and assess potential damages.
Cyber liability coverage for freight brokers is often written at the $1 million limit, but there is a wide variety of markets comfortable writing limits closer to $30 million for the modern 3PL or freight tech company. Some companies that have suffered through a cyber event understand the futile negotiations with a hacker who has no intention of honoring their word and advocate for their peers establishing a cyber liability policy. These policies for freight brokers can protect against things like data corruption, business interruption, help pay out on some ransom requests, and help to make whole third-party vendors and clients whose information was corrupted/stolen.
A few years ago, Cyber liability coverage wasn’t a consideration for freight brokers, but attackers have eyed a sector which jumped quickly into many technologies without assessing if there were risks involved. Some attackers may view the transportation sector as underserved and unprotected technologically, making it an easy target for attacks. Think of a small trucking company that went digital over the past 10 years—there is no protection whatsoever when an employee opens a malicious email.
How can the modern 3PL avoid getting into a consequential ransomware debacle?
There are a few proactive measures that should be taken by companies of any size that can’t afford to have their businesses halted by a single fraudulent email:
- Businesses should institute Multi-Factor Authentication (MFA). This is a login protocol that allows employees to login to their various systems by getting a confirmation sent directly to an app on their phone. This is one of the best ways to eliminate the possibility of their email accounts getting directly hacked.
- Have an endpoint detection and response protocol in place (EDR). This is a software which monitors the inbound/outbound information in your systems and may more quickly detect malicious changes.
- Store files in a secure location and consider keeping physical backups of crucial information.
- Have employees take online ransomware/phishing training. There are dozens of low-cost programs that help employees understand what to watch for in regard to suspicious emails and security threats.
Solutions like the above aren’t a large financial lift to the 3PL. These are becoming more standardized as crucial components to a company’s risk management spend. Many cyber security insurance markets won’t even consider writing coverage without a few of the above protocols in place.
During Cybersecurity Awareness Month, Reliance Partners urges freight brokers of all sizes to consider a Cyber Liability insurance policy as well as basic cyber defense in the form of MFA, EDR, and cyber security training. In the event of a cyberattack, when a company doesn’t have a trusted insurance partner in place to help them navigate, the implications could be damaging. Talk with your insurance partner or reach out to the Reliance team to discuss how to protect your business with this necessary coverage.
