Protect Yourself from Cyberattacks: Hackers Never Went Away
A supply chain crisis. Driver and mechanic shortages. Inflation. Diesel prices.
There's a lot happening right now impacting your business and rattling its bottom line. Other threats are cyberattacks and ransomware especially for carriers and 3PLs.
Crime pays, but cybercrime, especially ransomware, pays very well. In its 2021 Cyber Front Lines Report, cybersecurity experts CrowdStrike said ransomware was used in 14% of the attacks they tracked.
Exploring Subscription Services
If your company depends on IT to keep it moving, now is a good time to consider using subscription services.
Subscription services have evolved to the stage where operations can simply “lift and shift” most of their IT to the cloud, and let teams of networks manage infrastructure and security while taking advantage of economies of scale to do so at lower costs. As more businesses migrate to the cloud, its cost benefits, along with its security and agility, become increasingly cost effective.
If it isn’t quite at the tipping point where it is guaranteed to be less expensive than managing an internal IT operation, it will be soon.
Trimble Transportation to the Rescue
From a security standpoint, that moment passed last year for more than a few transportation and logistics companies. In one instance, a long-time transportation company operated with a seven-year old version of software, refusing to update. The complacency of this strategy imploded when a solely trained, 25-year power-user employee left the company and a ransomware attack happened at the same time.
The company was taken down to its knees. It lost everything from its database to its customer files through the ransomware attack—one that was unique in that it was so hostile. The operations manager placed an urgent call to Trimble Transportation; the company was at a complete halt. It couldn’t run its business.
The team at Trimble assembled, planned, conducted a move to a SaaS platform and had the business up and running within 72 hours.
Colonial Pipeline experienced a ransomware incident. Gas stations across the Eastern Seaboard suddenly closed; hackers attacked the infrastructure that drove Colonial’s
billing process. The company bled product and money, forcing it to shut down the pipeline. Colonial paid $4.4 million to get its pipeline and its revenues moving again.
The 2020 SolarWinds breach also made headlines. This event wasn’t a ransomware attack, but it could have set the table for thousands of them, as hackers placed malware in a software update the company distributed to nearly 18,000 of its customers for downloading, including Fortune 500 members and government organizations around the globe. According to a case study by Ollis/Akers/Arney, recovery costs incurred by SolarWinds and its customers are estimated to be at least $90 million, plus impacts to the company’s reputation and subsequent legal issues.
In all incidents, the opportunity for the hackers to gain entry was the same—lax password protections and practices, a problem that has grown exponentially since 2020 as employees work from home, accessing workplace networks on personal devices that could be compromised in countless ways.
It might be tempting to say "That won’t happen to us—our people are careful. Besides, we’ve done everything we can to maintain our network’s security." Don’t be caught off guard.
Cybercrime is increasingly sophisticated, and if Russian hackers can breach the Pentagon and Microsoft, they can breach you, too. As for the best practices of your employees and the best intentions of your IT department, CrowdStrike noted in its report:
Buying technology alone is not enough—configuration, coverage and management matters. In at least 30% of incident-response engagements, CrowdStrike observed the organization’s antivirus solutions were either incorrectly configured with weak prevention settings or not fully deployed across the environment, which may have been a factor in the threat actor gaining and maintaining access.
Also concerning: the nature of attacks is changing from one-time intrusions to continuous incidents. CrowdStrike’s report noted 68% of organizations that experience an intrusion have another within 12 months.
So what’s the best way not to get hit?
This brings us back to subscription services on Azure’s best-in-class cloud infrastructure. Leveraging Azure places the security management for your network in the hands of experts employing the latest technology with the highest levels of cyber hygiene. It’s not what they do in order to support something else, it’s what they do 24/7/365.
Trimble products are integrated with Microsoft’s Azure cloud platform, which enables customers to seamlessly “lift and shift” their infrastructure to the cloud with minimal, if any, disruption to operations.
Consider your options if your company suffers a ransomware attack. Can you afford the downtime? Can you afford the ransom?
Partner with Trimble and make yourself harder to hit. Contact us today to get started.