Of the many posts I’ve placed in this space regarding the trucking industry’s need to keep an eye on cyber security issues (go here and here for just two examples), they’ve never touched on the potential for loss of human life from such nefarious electronic activity.
I mean, sure, hacking into computer networks to steal data or crash critical communications systems can cause plenty of damage and monetary losses for any company – trucking-related or not.
But can people be killed directly via cyberattacks?
Apparently so – and, if the results of a new global survey of information technology (IT) executives is to be believed, such an attack is likely sooner than you might think.
That survey - entitled Holding the Line Against Cyber Threats: Critical Infrastructure Readiness Survey and compiled The Aspen Institute and Intel Security – also finds that while critical IT infrastructure providers say they are “pleased” with efforts to improve cybersecurity over the last three years, some 72% of the 625 IT executives polled from across France, Germany, the United Kingdom and the U.S. believe the threat level of attacks is escalating, requiring much more public-private sector cooperative work.
Here’s the kicker: some 48% those polled believe it is likely that a cyberattack that can take down critical infrastructure and lead to potential loss of life will occur within the next three years.
And although there were no additional survey questions to determine the circumstances under which respondents believed the loss of life could occur, more U.S. respondents thought this scenario was “extremely likely” to occur than did their European counterparts – by a rate of 18% versus 2% in Germany and 3% in the U.K.
Talk about a sobering thought.
Here are some other findings from the Aspen/Intel survey:
- Some 86% of the IT executives polled see a need for public-private threat intelligence sharing partnerships to keep pace with escalating cybersecurity threats.
- Another 76% believe a “national defense force” should respond when a cyberattack damages a critical infrastructure company within national borders.
- That being said, those responding to the survey think their own vulnerability to cyberattacks has decreased over the last three years. When asked to evaluate their security posture in retrospect, 50% reported that they would have considered their organizations “very or extremely” vulnerable three years ago; by comparison, only 27% believe that their organizations are currently “very or extremely” vulnerable.
- While private industry is often hesitant when it comes to government’s involvement, some 86% of respondents believe that cooperation between the public and private sectors on infrastructure protection is critical to successful cyber defense.
- Another 64% believe a cyberattack resulting in fatalities has not happened yet because good IT security is already in place. Correspondingly, more than four in five are satisfied or extremely satisfied with the performance of their own security tools such as endpoint protection (84%), network firewalls (84%), and secure web gateways (85%).
- However, over 70% of respondents think the cybersecurity threat level in their organization is escalating. Around nine in ten (89%) respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years, with a median of close to 20 attacks per year. And 59% of respondents stated that at least one of these attacks resulted in physical damage.
- Respondents believe user error is the greatest cause of successful attacks on critical infrastructure. Organizations may strengthen their security postures, but individual employees can still fall victim to phishing emails, social engineering and drive-by browser downloads that successfully infect their organizations’ networks.
There’s no doubt cybersecurity is going to be a long-term issue faced by trucking companies large and small, much less the business community as a whole.
The trick will be to be finding ways not just to make cyber defenses more secure but to minimize the damage from cyberattacks that are successful.