May 26, 2022
Keep watch for cyberattacks this Memorial Day weekend
Be wary of emails asking to click a link or provide sensitive information
Keep an eye out for cyber abnormalities through Memorial Day weekend. Such attacks are known to strike during holidays.
Graham Gonzales, Director of Strategic Accounts at Reliance Partners, joined WHAT THE TRUCK?!? to encourage all members of the supply chain to ramp up their security efforts as pulling off a cyberattack is easier than you may think during a holiday weekend.
“Now’s a great time for a cyberattack to happen, unfortunately, because there’s less staff and fewer systems that can report that something is happening until let’s say the Tuesday after,” Gonzales said.
Cyberattacks are implemented in many ways. One method is through phishing. That bogus but legitimate-looking email could be sent to employees in an attempt to trick at least one person into opening it.
The reason why employees fall for phishing scams is because the messages are often crafted to look as if it’s from somebody they know, such as from their boss. The message will either ask employees to disclose sensitive information or to click a link that contains ransomware, introducing it onto the company’s system.
“Someone will click on a link that will download a phishing software and then receive an email or a phone call in a couple of days that says something to the effect of: ‘We want a million dollars in bitcoin from you. Otherwise, we’re gonna mess up your stuff,’” Gonzales said.
Who is most affected by cyberattacks in the supply chain?
Gonzales spoke of a case in which an email containing ransomware was opened by a freight broker, compromising the company for eight days. He said its cyber coverage paid out $500,000 to $750,000 initially in damages and that their insurance forensics team had to carry out a full cyber sweep of its customer network to see if any carriers or customers were affected. Ultimately, this cyber insurance market paid out close to $2MM in damages on this claim.
“At that point, they had to let every motor carrier who works for that piece of the supply chain know their information was leaked,” Gonzales said.
Cyberattacks on the supply chain have become more prevalent in recent years. Gonzales explained that such attacks weren’t as common in the past but with security minimal, he said the logistics industry has become a ripe market for ransomware attacks.
“It’s been an underserved and underprotected industry … so that’s why we’re recommending every piece of the supply chain — shippers, motor carriers, freight brokers and manufacturers — have some kind of cyber policy in place to defend against these attacks,” Gonzales said.
Gonzales urges companies to consider cyber liability insurance, but remember that proactive measures are the most effective in mitigating the risk of an attack. For starters, teach your employees how to discern whether an email is legitimate or not. This could be letting them know that you personally would never ask for sensitive information via email and advising them to check the actual address of such messages to align with your company email address.
It also helps to have multifactor authentication for employees and an end point detection and response protocol (EDR), which issues automatic alerts of system changes when malware has been installed.
Gonzales said that not having such measures as multifactor authentication is not only a security risk but limits the insurance markets who would consider writing your coverage from 30-plus providers to maybe four, explaining that it’s a red flag to insurers when a company is not taking the easy steps to protect itself.
“Having those two pieces in place isn’t going to break the bank on a monthly basis, but they may greatly curb the risk of a cyberattack from happening,” Gonzales said.