Industries like construction and logistics have been hardest hit by ransomware recently, as they historically have not had the same level of investment in cybersecurity as sectors like healthcare and finance. This often includes lots of business email compromises due to lack of training and awareness for all employees, but results in entire network compromises.
The supply chain has become increasingly important, which is why Trimble has continued investing in cyber security measures, and has stringent initiatives in programs in place to ensure the integrity of its code, conduct vendor security assessments, do due diligence around technology clients and much more.
Ryan Johnson, the director of cyber security at Trimble, recently shared about data security strategies at Trimble’s Insight 2022 Tech Conference + Expo in Orlando.
With a background in the Department of Defense, other military branches and private cybersecurity, Johnson has an extensive background of more than 20 years of experience in this space to help inform transportation and logistics providers of what they should be thinking through now, before there is an issue. Here is a recap some of his key takeaways.
Security needs to take priority outside of IT
Johnson explained that over the last 15 years, Verizon has done an annual data breach investigative report where they’ve looked at more than 23,000 security incidents. Out of those incidents, 5,000 were confirmed breaches. However, there are learnings from the data around existing trends and where companies should focus their resources.
While IT & cybersecurity functions are often wrapped together in one role, security best practices are not always the first thing in mind for IT. When IT gets pinched for funds, what typically gets cut first is the security budget. Johnson shared he’s seen a lot of success in organizations where security is being moved out of IT and instead reporting directly to an organization’s CEO or CFO to protect the integrity of a company’s data. This ensures security functions receive the high level of care and attention needed in order to allow the business to function.
Number one element of security breaches
It may come as no surprise that the number one element of security breaches is humans --whether due to poor software configuration and errors, clicking a bad link or being tricked via business email compromises. Unfortunately, there’s not many checks and balances in place at many organizations to prevent these errors, Johnson shared.
The other big concern is ransomware, Johnson explained. In the last five years, there’s been an increase in ransomware by 13%, and just in the last year it increased by 25%. He anticipates that trajectory to continue because it’s an easy scam to deploy since it’s just a simple numbers game with bad actors reaching large volumes of users.
Importance of backups
Johnson said he doesn’t mandate backups to customers, but believes they should know their environment best and what they can restore quickly and what they cannot. However, just for data, he recommends it’s critical to make sure that it’s backed up. If a customer were to fall victim to a ransomware attack, they would already have a backup and don’t have to pay the ransom, which he absolutely advises not to. In addition, Johnson shared that the FBI backs up this recommendation not to pay because it will only further incentivize criminals that ransomware scams are a good business model.
Data security strategies
Trimble has extremely strong cybersecurity policies in place, including the Trimble Secure Development Lifecycle policy, and Johnson recommends that all organizations have a similar governance or doctrine to point back to. This policy can be flexible enough to allow for agile development and not restrict the business.
Johnson suggests starting with vulnerability scanning, and scanning external environments and external web-facing assets. Then, layer in intrusion detection and end point detection responses tools. Trimble is currently moving from dynamic analysis to interactive analysis to provide more actionable vulnerabilities.
Lastly, Johnson recommends multifactor authentication (MFA) which can be a relatively inexpensive solution to layer on top of an organization’s strategy.
Johnson shared a few recommendations that he would suggest that every organization adopt or maintain:
- Having a doctrine and governance in place – something that you can point back to that outlines specific processes for protection.
- Testing – vulnerability scanning, intrusion detection, dynamic application security testing (DAST), interactive application security testing (IAST), static application security testing (SAST) and open-source vulnerability analysis.
- Tactical tooling – there are so many solutions out there for everything from MFA, invoice detection, role-based access control, etc.
He also suggested four tactical recommendations for security and IT experts to investigate immediately and ensure their organization is doing:
- Conduct penetration tasting – this gives you an idea of what the worst thing a hacker could do outside of your organization.
- Discuss phishing campaigns, raise awareness of the human factor through training exercises.
- Implement multifactor authentication, for so many different reasons. Having a policy requiring all administrative accounts to use MFA is critical to system vulnerability.
- And obtain cybersecurity insurance through a reputable source.
So much of cyber security boils down to training, Johnson said. It can be challenging to see tangible improvements from training exercises, but the repetition and awareness is key. A tool is only as good as it is implemented, so it is key to implement and train the entire organization well.