Cybersecurity & Emerging Threats
Author: Daniel Dennis
Cyberattacks on businesses have become common, hammering home the IT security mantra, “It’s not a question of if but when you’ll be attacked.” If you’re running a distribution or transportation business, it’s likely either you or someone you know will fall victim to a cyberattack. One possibility is the random defacing of your company’s webpage, costing you temporary embarrassment or reputational damage. A more meticulously planned attack could result in the theft of the company or employee credit card information. Either way, cyberattacks are a growing concern for businesses, and now’s a good time to take steps to prevent damage.
IT security professionals have struggled with selling IT-related security to upper management for years. Some managers view IT security as an unnecessary cost that doesn’t add value. However, recent news coverage of the Target, Home Depot and other security breaches has shed light on the importance of protecting proprietary and customer data.
There isn’t a single preventive solution for cyberattacks; IT security requires a layered approach to achieve maximum protection.
- Network security – This is an essential for any business, since firewalls are the most common frontline network defense. Networks requiring a more advanced level of protection can use intrusion detection systems and intrusion prevention systems (IPS) to actively monitor network traffic and alert administrators and security professionals to potential attacks or actively prevent them.
- Computer security – Network protection isn’t enough, so businesses must take additional measures to protect individual computers. Host-based intrusion detection systems can prevent attacks on PCs the same way an IPS defends the network. Attackers can use social engineering methods to gain direct access to individual computers. For example, executable files attached to emails or downloaded from external websites could open the door for an attack. Companies should install virus and malware scanners to detect the presence of such files. In addition, IT specialists can disable USB ports and optical drives to prevent external media from automatically executing files and giving an attacker access to the device.
- Physical security – Often overlooked, securing the physical premises is a must when considering IT security. Easily purchased devices such as Raspberry Pi can open your network to myriad issues. They go for just $35 and can be set up to grant remote access, siphon data or perform any number of malicious attacks. Other problematic software and devices include keyloggers that can record a user’s keystrokes, USB man-in-the-middle devices that can open remote shells and portable VPN devices that can appear as innocuous as a power adapter while establishing a VPN tunnel back to the attacker. These malicious devices and software have one thing in common—their installation requires physical access to the premises. Limiting physical access to the network is the best method of stopping attackers from deploying these devices.
- Employee training – People are the weakest link in the security chain. However, properly trained employees can be as valuable as any firewall, IPS or email spam filter. Training, like the approach to IT security in general, should be multifaceted. Concise and easy-to-digest periodic emails can be a quick way to remind employees of potential dangers. At the beginning of group meetings, consider including a short IT security discussion on topics such as:
- Methods of preventing spear-phishing, e.g., never clicking on suspicious links or downloading files from unconfirmed sources
- The dangers of plugging rogue devices into company computers, e.g., a simple USB drive uploading a malicious payload or acting as a man-in-the-middle device
- Encouraging open dialogue between IT and employees if they believe something doesn’t seem right
A CEO scam is another common attack for distribution and transportation companies. Criminals research high-level executives’ names, roles and responsibilities and then impersonate them, requesting a check or wire to a fraudulent account. A typical example is a CEO impersonator sending an urgent request to the chief financial officer or controller while the real CEO is traveling or on vacation.
Distribution and transportation companies also should consider enhancing their Incident Response (IR), Business Continuity (BC) or Disaster Recovery (DR) programs to cover their cybersecurity gaps. For example, a computer can get infected with cryptolocker malware from email or internet use, in some cases even from visiting legitimate websites. Once inside the transportation company’s network, the malware attacks the infected computer by encrypting files and generating a message urging the user to send a bitcoin payment in exchange for the encryption key that would prevent the loss of files. Transportation companies with well-thought-out IR, BC and DR programs are better prepared for such cyberthreats and can recover faster.
Employee awareness can’t be stressed enough. The industry is awash in examples of businesses that have become victims of email phishing attacks due to the lack of employee training. Some companies have experienced attempted wire transfer fraud, while others have lost tens of thousands of dollars over a simple but critical mistake. In some email phishing schemes, fraudsters compromise an email account and then ensure no messages can be received from it. The account holder then receives an email asking for a large sum of money to be wired. In cases like these, employee awareness is critical to detecting and preventing monetary loss.
Cybersecurity continues to be a hot-button topic for transportation and distribution companies. Understanding the threats is only half the battle—implementing prevention methods is the next necessary step. You can help prevent attackers from turning you into their next victim by working in a layered security approach that covers the network, individual devices, physical access and an in-depth security awareness program.