In one fell swoop, cyberattacks could wreak havoc in the Lehigh Valley and Berks County by targeting transportation and logistics companies.
Criminals could try to infiltrate electronic devices in trucks, worm their way into computers at a company through fake emails, texts and phone calls, and even gain access to information through Wi-Fi at truck stops.
Are companies prepared?
“Transportation and logistics companies are showing up late to the party. They are not keeping drivers informed or staffing the proper IT professionals,” said Richard Stoneberg, chief information security officer at Netizen Corp. in South Whitehall Township. “The bad guys are not targeting the big companies with large resources. The bad guys are going after the suppliers. Their thinking is, ‘I disrupt your materials (in route). I shut down your operations for the day with ransomware, and you will pay up.’”
The transportation industry runs on thin profit margins and time restrictions, so any kind of disruption could cripple daily operations in the supply chain, Stoneberg said. Transportation and logistics firms must prioritize cybersecurity, understand that the economy has changed and recognize that “there is an IT system rolling down the highway.”
Stoneberg describes three types of cybercriminals:
< Low-level, unsophisticated hackers who just attack and disrupt for fun or to advance a political agenda.
< “Scary hackers” who disrupt to put money in their pockets.
< State-sponsored criminals: people with bases in other countries like China and Russia, that are focused on attacking the U.S. economy.
In order to combat cyberattacks, the right IT professionals have to be hired, he said. A large company should have a solid team to take care of its IT needs and train staff on the latest cyberattacks. Those teams can be internal or an outside company.
A Cumru Township, Berks County truck leasing company has both internal and external security service. Internally, Penske Truck Leasing has a team of nine people in its IT department, said Scott Bortzel, vice president of Penkse’s IT delivery services.
The company considers its associates to be its first line of defense.
“Cybersecurity is a major issue for everybody. Attackers focus on disrupting society and are looking for income,” Bortzel said. “We take cybersecurity very seriously and have a professional firm (to handle potential attacks) as well as an internal team.”
The Penske official said that the company realizes the importance of communicating to employees about phishing emails to look out for, the latest scams and the greatest threats. The IT team regularly educates employees and holds a safety awareness week once a year. Also, there is 24/7 security in place to perform monitoring and put up firewalls.
Penske Truck Leasing also has a subsidiary, Penske Logistics, and both are headquartered in the Reading area. The company uses cautionary measures when it comes to the vendors and third-party firms that it depends on for its daily operations.
“We utilize cloud-based vendors, and we have a whole process for vetting these organizations,” Bortzel said.
Scranton-based Kane Is Able Inc., a third-party logistics and transportation provider, has a couple of distribution buildings in Upper Macungie Township, said Alex Stark, senior director of marketing.
The company stores product for its customers, including retailers like Wal-Mart and Amazon.
Kane has “a robust IT group” that hosts what Stark refers to as routine stand-up meetings to go over the latest cybersecurity threats with office associates and people in the transportation department. IT employees work in the office and in the field.
“Cybersecurity is absolutely an issue in transportation and logistics. Anything can be hacked. They seriously lock down everything, making it hard to get online,” he said. “You cannot sleep on this matter.”
Many in the industry are not as up-to-date on cybersecurity and the level of threat it poses to transportation and logistics services.
In Bethlehem Township, Tom Fiorini, president at Westgate Global Logistics, acknowledged that he is not as knowledgeable as he could be about cybersecurity in transportation and logistics but is somewhat leery of cloud-service providers. He noted that his company does offer security training with regard to shipment of hazardous materials.
“I do know cybersecurity is a big issue,” Fiorini said. “People are scrambling to figure out what to do.”