I’ve noted before in this space and elsewhere that trucking is increasingly a business based on digital connections – whether we like that development or not. As such, the industry is open to all manner of cyber-attacks, as this story illustrates.
Yet in terms of developing defenses against hackers and other malicious cyber activity, trucking and the general U.S. business community as a whole still seem to be behind the proverbial eight ball.
A recent survey conducted by the Ponemon Institute and cyber defense firm Cyphort entitled The State of Malware Detection & Prevention illustrates some of those corporate cyber shortcomings – and it’s not pretty:
- According to the study, 34% of CEOs and other C-level executives are completely in the dark about cyber-attacks against their companies, despite the fact that 63% of the 597 information technology (IT) managers polled said that their companies had been the victims of one or more advanced attacks during the past 12 months.
- This lack of senior executive awareness parallels the fact that 39% of those IT security managers don’t believe their company has the necessary intelligence to make a convincing case to the C-suite about the threats facing their company.
The study results are fascinating because, despite such catastrophic data breaches as Target and Sony, cyber threats are not getting appropriate attention from senior leadership they deserve,” noted Larry Ponemon, chairman and founder of Ponemon Institute, within the report. “Companies are still struggling to have an effective strategy to prevent and detect malware and advanced threats.
Here are some of the survey’s other findings, which certainly don’t provide “happy dance” material:
- The Bad: Some 21% of respondents took anywhere from one to two-plus years to detect the attack, while 27% took anywhere from one to six months to contain the breach.
- The Good: Nearly 30% of companies were able to discover the attack against their company in anywhere from one to eight hours after it occurred and 28% of those companies polled were able to contain the breach in one to eight hours.
- Getting malware attacks under control continues to be a challenge for companies. Some 68% of respondents said their security operations team spends a significant amount of time chasing false positives.
- About 13% of those companies polled expect their 2016 security budget to decrease. The average 2016 cybersecurity budget is approximately $16 million and 34% will be allocated to incident response efforts, IT managers in the survey said. Some 50% noted that their budget will stay the same, while 37% expect their budget to increase in 2016.
- You Can’t Stop What You Can’t See. About 76% of the companies polled lack visibility of threat activity across the network, 63% lack the ability to prioritize threats, and 55% lack in-house expertise.
- Investigations of malware alerts often are false positives. On average, 29% of all malware alerts received by their security operations teams are investigated and an average of 40% are considered to be “false positives.”
It’s not fun to be thinking about all of this, especially when there is freight to haul trucks to keep up and running, and drivers to recruit and hopefully retain long term. But if a fleet’s digital supports are toppled, that might very well torpedo all of those efforts. Just something to keep in mind.