As October begins, so does Cybersecurity Awareness Month with its new theme Secure Our World. Unfortunately, the freight industry already has a real-world reminder of the dangers it faces, as LTL carrier Estes Express has confirmed a cyber attack. In an announcement on social media, Estes said that an IT infrastructure outage "appears to be the result of a cyberattack."
The company did not share further specifics about the nature of the attack or what was affected, but similar scenarios often involve ransomware - a type of hack in which systems are locked down and encrypted, with a ransom payment demanded to unlock them. The good news in this case is Estes says its terminals and drivers "are effectively picking up and delivering freight," suggesting the company - which is among the largest LTL carriers in the U.S. - has a reliable backup plan in place.
The Estes Cyber Attack and Implications
The first outward indication of a problem with Estes' systems occurred Monday, Oct. 2, when it shared a notice of an IT outage:
The Monday timing suggests the attack occurred over the weekend, a common tactic by hackers due to companies having typically lighter IT staffing for time off, and one that often leads to more costly damages.
Tuesday followed with the aforementioned acknowledgement that the outage was because of an attack:
Estes says it's working on the issues caused by the attack with the hope to restore business as usual "as quickly as possible." The company website remains largely down, as it has been since the attack was first noted. But it has created a landing page saying "We Are Open for Business," featuring the same social media announcement as well as a form for customers and stakeholders to contact the company.
Other reports say the Estes phone system is down as well. In addition to the landing page form, the company is also encouraging contact via its social media channels. The company is also telling customers about other system effects, including communicating that its track and trace is unavailable. The effects on the LTL marketplace, which also just lost Yellow, are yet to be seen
Tips to Protect Businesses from Cyberattack
The freight and logistics industry seems especially susceptible to cyber attack, and with so many small businesses, that also means the danger of closure due to a successful one is very real. To combat the threats, the Cybersecurity & Infrastructure Security Agency (CISA) has four tips, during Cybersecurity Awareness Month and beyond, to help protect businesses from cyberattack, including:
Train Staff to Avoid Phishing - Cyberattacks and malware often come via email, whether it be messages that trick employees into action or those that include malicious links & attachments. Ensure they are ready to make email a tougher target.
Require Strong Passwords - Weak passwords are easy to hack, yet it's also easy to create more complex passwords to make that hacking much less easy.
Require Multifactor Authentication (MFA) - Many apps and services already require this, so why shouldn't your business? MFA simply means adding a secondary (or tertiary) method beyond a password - like a texted code, fingerprint, access card or authenticator app - to confirm the identity of the account owner.
Update Software - Another simple action often requires no action - that is, keeping software up to date. Updates often include security patches to address vulnerabilities, keeping software as safe as possible from attack. Without updates, those vulnerabilities remain. The simple part of this equation is, you can often set software to update automatically.
These steps should be part of a clear commitment by the company to being cyber safe, with clear strategies, the right tools and investment to back them up.
Need help dealing with the latest LTL challenges, or just general help with your shipping needs? Fill out our brief form and we'll be happy to get in touch. For more information about InTek, or logistics and supply chain issues in general, check out our Freight Guides.