I’ve written fairly frequently on cybersecurity risks that face all aspects of all companies, including fleets. Combating these attackers is like trying to wrestle Jell-O; every time you think you have security in place, bad actors devise another way to breach your organization and wreak havoc. Now, they have AI to make detection even more difficult.
Early this year, the National Motor Freight Traffic Association published its 2025 Trucking Cybersecurity Trends Report, which indicated that cybersecurity would be among the biggest challenges for fleets in 2025. Fleets are such a tempting target for bad actors, not just for the stored data but also for the tangible products shipped, which can be subject to cargo theft. That attack on the supply chain ends up hurting everyone from manufacturers to shippers to fleets to retailers, right down to the consumer.
Social behavior makes companies vulnerable
The day when hackers had to be tech geniuses is over. Now, cybercriminals use psychology and social behavior as much as they use technology. When it comes to security, people get compacent because they are so attached to the Internet and their mobile devices, turning to them for information, news, shopping, and simply communicating with their friends and family.
Criminals can find all the information they need on social media sites such as LinkedIn and Facebook to track down employees they can target. Then, with the contact information they glean, they send a phishing email posing as a known vendor sending new banking info for payments, a publication asking for subscriber updates, or a company employee letting the colleague know about a great deal (with a damaging link, of course). These emails are designed to look legitimate, with the right logos in position and deceptive URLs, with perhaps only one character change. Employees may notice an obviously made-up URL but may be fooled by one that is slightly altered.
Whether it’s ransomware leading to money requested to unlock the site, malware resulting in significant data breaches, or just a move by an individual to trick AP into sending money to a specific account, all are damaging to a company’s bottom line, its sense of security, and its reputation. The only way to mitigate any damages is to provide ongoing cybersecurity training to all employees.. There are specific steps companies need to take.
See also: Wilkens: Be prepared: Strategy, risk, and incident response planning for fleets
Steps to mitigate damage
- Caveat emptor: Let the buyer beware should be replaced with let the employee beware. Make each employee’s role in keeping the company secure from a cyberthreat abundantly clear. Inform them how important it is that they report suspicious activities immediately. Teach them how to recognize phishing attempts and provide details on new ways cybercriminals are tricking employees so they will be on the lookout for such attempts. In addition, you might have your IT team send phishing emails to your employees to see which ones have paid attention to training and which need more work.
- Limit access: In too many companies, too many employees have access to sensitive and critical systems and data. Change that by only giving access to those whose roles make that necessary. Then, enhance identity verification with multi-factor authentication (MFA).
- Hope for the best, plan for the worst: No matter how hard you try, a successful attack will likely occur. However, you can mitigate the damage by having a crisis response team and a comprehensive plan if and when a breach occurs. Regularly test and update this plan since cybercriminals keep figuring out new ways to threaten your business.
Security begins at home (or at the office in this case)
In the ever-evolving landscape of cybersecurity, vigilance and preparedness must be top of mind. As cybercriminal tactics advance, from sophisticated phishing schemes to AI-driven attacks, the resilience of fleets and companies will depend on implementing proactive measures.
By prioritizing ongoing cybersecurity training, restricting access to sensitive systems, and maintaining robust crisis response plans, organizations can fortify their defenses against potential breaches. It’s a collective effort to safeguard not just data but also operational integrity and customer trust.
We must stay informed, prepared, and united against the pervasive threat of cybercrime as we navigate the complexity of cybersecurity in 2025 and beyond.
