Cybersecurity preparation is crucial for carriers to help prevent costly and debilitating hacks like those that hit Ward Transport & Logistics and Estes Express Lines in recent years, according to experts.
Fast-acting attacks can quickly freeze trucking companies’ ability to haul freight, Ward’s VP of Technology Mike Zupon told Trucking Dive last month.
“That's all they need is an hour and boom — or less than that,” Zupon said, adding that cyberattackers can disrupt operations with as little as a routine email phishing scheme.
Relationships with vendors and federal agencies can be lifelines when an attack occurs, said Zupon and others who spoke at the National Motor Freight Traffic Association’s Cybersecurity Conference in Cleveland in the fall.
“Critical infrastructure and businesses across all sectors continue to face increased threats from nation-state actors and transnational organized criminals using ransomware, exfiltrating data or burrowing deep into an enterprise,” Cybersecurity & Infrastructure Security Agency’s Sandra Radesky, associate director of vulnerability management, said in a November email.
Take advantage of free resources
For carriers, it’s not a matter of whether a cyberattack will occur, but when, industry leaders said.
CISA works with transportation businesses to ensure they understand the risks and are aware of resources available to strengthen those defenses, Radesky noted.
“Organizations can work with CISA by signing up for timely and actionable cyber advisories, requesting free cyber hygiene services, and implementing the cross-sector cybersecurity performance goals,” she said.
The resources are free, and they include things like documentation to help run a tabletop exercise, where a business can simulate multiple times a year how they would respond in the event of an emergency.
At least one of those drills can include board members and legal representation. That’s because defenses can be helped or hindered by board-level support and prep, speakers said.
The preventative efforts and tools can make a difference. Cyber hygiene program participants have decreased vulnerability exposure by an average of 40% in the first year of enrollment, Radesky said.
Most of CISA’s work happens before a breach, and that’s why connecting with the agency prior to an emergency is important, NMFTA Director of Cybersecurity Artie Crawford said in an email.
“When making contact for a local carrier, it would be best to reach out to the Local CISA Rep,” he noted. Each state has a cyber security coordinator who is also connected with all the CISA reps in a region.
By connecting with the right people, CISA services can be used to hopefully prevent a breach, Crawford said. But CISA reps also have connections with the U.S. Secret Service and FBI.
Follow best practices — and beware of email threats
Zupon spoke with peers during a closed-press session at the NMFTA conference in October, following cyberattacks his company experienced in 2024.
In an interview with with Trucking Dive afterward, he noted private resources, such as KnowBe4, CrowdStrike and NMFTA, are also particularly helpful after an attack.
Carriers can always be investing more into cybersecurity, but Ward leadership was understanding of the circumstances, given other cyberattacks in the industry, Zupon said.
For other trucking firms, the technology VP’s advice includes:
- keeping an active directory clean from stray accounts
- having cyber insurance for firms without a lot of extra cash on hand
- maintaining good relationships with vendors
- establishing backup data measures
Other lessons learned include ensuring remote access is not compromised and updating software, he said.
But training employees and management to recognize phishing emails, and avoid clicking links or opening attachments, is perhaps the most critical step to protecting carriers.
“The largest threat to all of us? Email,” Zupon said. “You can open them, but if you don't recognize it, delete it.”
