Every month, we discuss steps trucking companies can take to protect themselves against cyberattacks. From employee training to regular software patches to multi-factor authentication (MFA) and table-top exercises to test their systems, the National Motor Freight Traffic Association (NMFTA) offers many action steps. We know the companies who follow this advice are much more likely to avoid breaches and we have seen trucking companies improve in these areas.
The various players in the trucking industry are more interconnected than ever. Carriers rely on a variety of different vendors to keep their business running. Because the industry has become increasingly digitized, carriers and their vendors are almost certainly going to be digitally connected via application programming interfaces (API) and other methods.
A carrier can do all the right things, but if a key vendor fails to be vigilant about its own cybersecurity, the carrier can still fall victim to a breach that jeopardizes everything from its data to its financial security and its reputation. Even the ability to operate its trucks may be at risk if hackers can manipulate the vehicles’ telematics systems, or its sensors, or its onboard diagnostic systems.
The solution here is for every carrier to have a robust third-party risk management (TPRM) program.
This is an issue NMFTA recently highlighted in a webinar, and will also feature prominently at this year’s NMFTA Cybersecurity Conference from October 27-29 in Cleveland, Ohio.
The recent webinar featured Dr. Erika Voss, vice president of information security at DAT Freight & Analytics. Voss presented a detailed look at how trucking/supply chain companies can design and implement a TPRM program that works for them.
Voss urged carriers to be vigilant in monitoring their interactions both with contractual and non-contractual third parties. It starts with understanding how much of your data each external party has access to, but it also involves knowing the relative health of each third party.
