We conducted a study of mid-sized companies analyzing their cybersecurity preparedness, as well as the volume and nature of cyber risks those companies faced in 2020 through today.
Of the six industries we studied – transportation, education, professional services, manufacturing, retail and healthcare – transportation saw the highest increase in cyberattacks, followed by healthcare, with transportation and logistics companies suffering a nearly threefold increase in cyberattacks beginning in 2020 – an increase of 198%.
It makes sense that trucking companies are targeted more than ever by cyber criminals. Transportation and logistics companies have been digitizing rapidly to increase efficiency, visibility and responsiveness. Operational technologies deployed in vehicles, with vehicle operators and workers – and even in the shipments themselves – improve the bottom line. The downside is that new technologies come with cybersecurity challenges. The complexity of protecting the attack surface and of configuring and operating the necessary cybersecurity solutions often outstrip the available skill and resources of IT teams.
With large, increasingly complicated IT operations, lean IT teams are often forced to make bets on what they will and will not protect in their organizations. For example, only 1% of mid-sized companies have email malware protection. Shockingly, of those few companies that have any malware protection at all, 88% of those solutions were misconfigured. IT teams just can’t keep up. What’s worse, hackers have sensed this vulnerability in the market and are trying to capitalize on it before IT teams regroup and figure out how to secure their organizations.
A single breach can paralyze a company for days or weeks, and the resulting reputational damage, lost profits, lawsuits and regulatory fines could put the company out of business. The NotPetya ransomware attack on Maersk in 2017 cost that company $200-$300 million dollars. More recently, a trucking company with 3000 refrigerated trucks had files and employee data stolen and held for ransom.
The marketplace has been of little help to mid-sized transportation companies during this crisis. Products have split into large, big-ticket enterprise solutions that require large teams to operate, or smaller solutions that will only patch one kind of vulnerability effectively. IT teams must either greatly increase their security spending or sew together multiple disparate solutions to protect their organizations and hope they didn’t overlook any glaring vulnerabilities.
There is hope for mid-sized companies seeking comprehensive solutions. AI systems and intelligent automation are solving the cybersecurity skills gap and resource challenges facing IT teams. AI and intelligent automation can be employed to watch a company’s IT systems, emails, cloud applications and endpoints for suspicious behavior.
