Trucking cybersecurity unpacked

May 21, 2024

Trucks are computers on wheels, and they are becoming ever-smarter. So too are the criminals who seek to hack into them. Bearing this in mind, a new report into trucking cybersecurity makes for interesting reading.

Last year, at its Digital Solutions Conference in Houston, the US National Motor Freight Traffic Association (NMFTA) was able to demonstrate how a hacker could compromise a truck’s brakes by sending a message to its diagnostic system using a simple antenna. On-board diagnostics and other telematics systems, as well as sensors, can be used to wreak havoc if hackers manage to take control of them.

Bearing this in mind, the first edition of the association’s 2024 Trucking Cybersecurity Trends Report makes for interesting reading. As the trucking industry continues to experience evolving cybersecurity threats over time, the report helps the supply chain industry stay ahead of this disruption armed with industry knowledge, tools, and resources to become proactive against the next threat.

“Last year, the industry was directly faced with an aggressively evolving cybersecurity environment,” says Antwan Banks, director of enterprise security for NMFTA. “Industry leaders and newcomers alike were reminded of the very real possibility that the next cyberattack could be lurking behind their door.

“Trucking companies experienced attacks that disrupted their operations, but thanks to having the proper partnerships established to come in and handle such occurrences, they were able to rebound rather swiftly,” he continues. “We’ve found that this is not always the case with companies, which is why we urge the industry to take the matter seriously and establish the proper procedures in advance to be prepared for not if it happens, but rather when it happens.”

As technology continues to evolve across the supply chain landscape – improving the day-to-day work functions of industry professionals – so does the potential for these technological advancements to be compromised.

According to a Forrester report, as many as 60% of workers engage in bring-your-own-AI (BYOAI), as their employers likely lack the tools internally but still want employees to leverage them. This protocol alone has the potential to bring about serious security vulnerabilities. In fact, approximately 90% of hacks occur through phishing and misconfigured networks/devices. Hackers frequently use phishing scams to gain access to a carrier’s enterprise system, and once accessed, ransomware attacks are launched.

In its report, NMFTA also calls out several concerning application programming interface (API) security examples, such as the vulnerability of old, deprecated APIs known as Zombie APIs. The organisation will continue to focus on API security on both the host and mobile side. While almost all trucking companies have host-side integration – which is a critical part of the workflow plan – mobile-side integration and telematics providers also play a crucial role throughout the supply chain.

Another key focus for 2024 is a technique called vishing. Surprisingly, it is one of the very first forms of hacking, and is expected to increase as the year progresses. Vishing is when a scammer calls a person pretending to be a reputable company or organisation, or even a co-worker or boss. These situations usually involve the individual urging the recipient of the call to provide personal or sensitive data and, at times, a request to send money to a fraudulent account.

“While the world of cybersecurity can often feel overwhelming to many, the best form of preparation and defence against these attacks is for companies to thoroughly train their employees on how to spot each threat and securely configure both on-prem and cloud environments,” says Banks. “The most vital line of defence is a sense of awareness and then immediate action. As we move forward into this election year, cyberattacks globally will increase, and we provide insight into what type of attacks will emerge in the report. We want to be a source of empowerment for our peers, and this report is yet another step in that direction from our organisation.”