There are two types of companies out there—“Those that have been hacked and those that will be hacked.”
That’s the blunt point of view of Karen Painter Randall, chair of cybersecurity and data privacy practice at the Connell Foley Law Firm in Roseland, New Jersey, and the reason cybersecurity needs to be a part of every company’s business model.
The widespread interconnectivity of vehicles “gives bad actors opportunities to attack vulnerabilities.” There’s the potential for using transportation resources as tools for terrorism, she said, but “bad actors” also can hack business computers and hold company data for ransom, she said.
“There is a new world of technology out there and there is nothing we can do to reverse it. You have to have a strategy in place to deal with it.”
The U.S. Transportation Security Administration (TSA) warned in 2017 that commercial vehicle operators should be wary of terrorists seizing vehicles for ramming attacks, said Thomas D. DeMatteo, chief legal officer, general counsel and secretary of ABC Companies in Faribault, Minnesota.
Hackers have proven that vehicle electronics—such as telematics, Wi-Fi, engine control modules, cruise controls and anti-lock brakes—can be remotely subverted. “They could take over your bus— they could take over the brakes, the transmission. Hackers have proven their ability to take over a Jeep and drove it into a ditch.”
“Transformative technology is benefiting transportation efficiency but there are risks associated with these advances,” DeMatteo added. “In 2020 there will be 200 billion connected devices in the world. In 2021, 94 million connected cars will be shipped. It will affect all types of transportation.”
Randall and DeMatteo were speakers at Motorcoach EXPO in Fort Lauderdale.
Randall says… you need to make a decision on what (connected) devices you want to use, whether it is worth using them and what strategies are needed in order to reduce the risks, speakers noted.
Data mapping should also be part of a risk assessment, suggested DeMatteo.
“Where is your payroll information? Where is your health and benefit information? Is it on the cloud? Is it at a third-party vendor? What server is it on?
“Just about everybody has hundreds of apps on their phone. Are your folks using personal phones to access your servers? What they do on their personal device is potentially opening up your company server.”
Some data in the company’s computer network could be removed or placed behind higher security protections, he said. TSA has many resources, some posted online, to help businesses in transportation and other industries analyze their risks and erect safeguards.
Cyber safety is an on-going concern, Randall said, with no silver bullet except for continual employee training.
“Eighty percent of people who did not undergo security awareness training opened a suspicious email,” he said. “After training only 40 percent opened a suspicious email. Six months later it went back up to 80 percent of the people. Cybersecurity is a process, not a project.”