Trucking Experts Link Cybersecurity to Company Culture
[Stay on top of transportation news: Get TTNews in your inbox.]
LAS VEGAS — In a constantly shifting cybersecurity landscape, trucking and logistics businesses can better protect themselves from breaches by building a company culture that prioritizes security while also developing closer relationships with key stakeholders.
Transportation industry leaders shared that advice and discussed emerging cyberthreats during a Feb. 10 panel discussion here at the 2025 Manifest supply chain and logistics technology conference.
Todd Florence, chief information officer at Estes Express Lines, said a successful cybersecurity program is based on culture and continuous improvement.
“You’ve got to build an organization that’s able to adapt and learn,” he said.
IT and cybersecurity leaders within an organization should build close working relationships with the company’s top executives so they are prepared to collaborate in a crisis, Florence said. Relationships with outside business partners are crucial as well.
(Seth Clevenger/Transport Topics)
That type of teamwork paid dividends for Estes during the less-than-truckload carrier’s response to an October 2023 cyberattack that temporarily disabled its information technology systems.
Florence said Estes was able to recover from that incident “really well” because the company already had those key relationships in place and was transparent with its partners.
“That made our recovery so much less stressful for us,” he said.
Outside technology suppliers represent another significant element of a company’s cybersecurity posture. Those vendor relationships are important, particularly during an attack.
“It becomes pretty evident who is a partner and who is a vendor very quickly in those scenarios,” Florence said.
Estes, based in Richmond, Va., ranks No. 11 on the Transport Topics Top 100 list of the largest for-hire carriers in North America.
Transportation companies can learn from each other’s experiences with cyberattacks.
Host Seth Clevenger and TT's Connor Wolf discuss CES 2025 and the emerging technologies that could push the trucking industry forward. Tune in above or by going to RoadSigns.ttnews.com.
“Consult with people who have been through it and formulate a plan with them,” said Mike Zupon, vice president of technology at Ward Transport & Logistics Corp., an Altoona, Pa.-based LTL hauler and logistics provider.
Zupon said his business has benefitted from its cyber insurance policy, another key consideration for companies as they evaluate their cybersecurity strategies.
While each business must make its own decision on whether to invest in cyber insurance, and at what level, companies can begin by estimating the potential cost of a security incident, said Joe Ohr, chief operating officer at the National Motor Freight Traffic Association.
“Do the math and calculate what that would cost,” he said. “That’s a start.”
Artie Crawford, NMFTA’s director of cybersecurity, said the transportation industry is facing increasingly sophisticated extortion schemes.
This includes the rise of “ransomware as a service” developers that sell their software to criminals who use it to access and encrypt a company’s data and systems, then demand payment for unlocking them.
These hackers typically set the ransom based on the size of the business they are attacking.
Want more news? Listen to today's daily briefing above or go here for more info
“Nobody is too big or too small,” Crawford said. “They don’t want to put you out of business. They want you to pay.”
Crawford said the most common attack vector for hackers remains phishing scams, which typically involve emails or other messages designed to trick users into revealing sensitive data or installing malware.
Moving forward, advances in artificial intelligence could make these phishing attempts more convincing — and more effective — than ever, particularly for non-English speaking cybercriminals.
“The use of generative AI and large language models has really made it easy for the bad guys to generate these emails and these phishing attempts,” Crawford said.
Ohr said generative AI can even make it possible to create false video messages from company executives based on existing clips of them speaking.
“As AI get more developed, it’s great for us, but the bad actors can also do a lot more,” Ohr said. “They become more sophisticated, and they can do it on a much broader scale.”
(Transport Topics via YouTube)
As businesses take steps to enhance cybersecurity, they can assess the effectiveness of their efforts through penetration testing, which simulates cyberattacks to uncover vulnerabilities.
Zupon urged businesses to immediately patch any weaknesses discovered.
“The pen test is only as good as your response to it,” he said.
Other key security measures discussed during the session include developing an instant response plan and a business continuity plan to follow in the event of a cybersecurity incident, along with backing up critical IT systems and data.
Crawford mentioned a “3-2-1” rule for backups: three copies using two modalities, including one stored off site.
NMFTA is in the process of releasing a three-part cybersecurity guidebook for trucking businesses of all sizes. In January, the association issued the first installment — a guide for owner-operators and small fleets.
