Organized criminal groups that target freight companies in the United States have found they can get a much better return on investment (ROI) by mastering the art of cybercrime.
And because of this, security experts are advising that cybercrime attacks will become increasingly problematic to deal with since the freight industry is relying heavily on digital connections and pathways to conduct its operations.
Rather than hijacking vehicles from lots, criminals now focus on creating false pickups to steal cargo as a means to escalate their ROI. By hacking into company systems to obtain shipment information and enabling a false pickup, these groups are reducing risks and increasing their potential ROI.
Having the ability to know where specific shipments are heading simplifies the theft process and makes the operation more profitable. Often times, cybercriminals target small- and medium-sized companies because they have less complex security systems and/or inexperienced supply chain partners.
In a recent report detailing the issue, Dylan Owen, cybersecurity manager for Cybersecurity and Special Missions at Raytheon, stresses that efforts to increase the capabilities that prepare for cyber threats in the business world must be driven through recognition among business communities that organizations need to undertake a wide-ranging accountability for protecting themselves and their business associates.
The report, “Taking Charge of Security in a Hyperconnected World,” distinguished there are several common problems that contribute to a large majority of cybersecurity breaches:
- Neglecting "security hygiene": In forensic evaluations following security attacks, missed software updates frequently surface as exploited vulnerabilities.
- Relying exclusively on traditional threat prevention and detection tools: Most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own, even though traditional firewalls, antivirus scanners and intrusion detection systems (IDS) cannot discover the truly serious problems.
- Mistaking compliance for good security: Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security.
- Inadequate user training: Many companies don't invest enough time and resources in user training, even though users today are the first line of defense against many cyberattacks.