Bill Holmberg directs IT for Wayne Transports, a Minnesota-based trucking and shipping company, with over 800 drivers and 150 employees who are back at the office, that is “swimming in email”: invoices, proofs of deliveries, and even a phishing test or two from Holmberg himself.
The anti-phishing practices are especially important, given the trucking sector’s increased targeting by cyberattackers—threat actors ready to manipulate less tech-savvy users.
“Your average transportation company is going to hire drivers that can’t drive anymore for a variety of reasons, to come in and be dispatchers. These guys have been 20-plus years in a truck, and now you put a computer in front of them, with zero experience other than possibly playing Candy Crush on their granddaughter’s iPad,” Holmberg told IT Brew.
Email security provider Abnormal Security in a Sept. 12 report revealed a 175% year over year increase in transportation-targeting phishing attacks—from just over 250 attacks per 1,000 inboxes in July 2023, to just over 750 per 1,000 one year later.
Abnormal cited a 2023 cyberattack against trucking company Estes, which led to an IT infrastructure outage and extraction of some data, according to a security breach notification. A Sept. 2023 attack on trucking and fleet management services provider ORBCOMM reportedly impacted inventory tracking.
The trucking industry is an attractive cyberattacker target, Abnormal’s Sept 12. report said, given the sector’s “supply chains involving numerous suppliers, vendors, and partners and multiple points of communication.” And transportation has plenty of personal data, including address and payment information, according to Mike Britton, CISO at the company.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“There’s no amount of time, resource, or manpower where you can go and effectively make sure that every single one of them has the same security program you do; has the same controls in place, has the same monitoring. And attackers know that too,” Britton told IT Brew.
At Wayne Transports, Holmberg uses a combination of technologies—email security gateways and endpoint detection and response (EDR) tools—and “merciless” employee phishing, using security awareness platform KnowBe4.
By sending employees phishy emails—like messages purporting to be from colleagues—Holmberg can help find the “frequent fliers,” aka the employee who “clicks a lot,” and provide that person with more in-depth training. Important questions he emphasizes to the frequently phished: Was I expecting this email? Do I know that this is the actual email of the sender?
IBM’s global Cost of a Data Breach report revealed phishing as a driving factor in 15% of its studied breaches between March 2023 and February 2024. The phishing-related breaches led to average costs of $4.88 million.
Holmberg said his company’s recent hires have been much more “computer erudite” than in years past—as the industry faces increased digitization (one example: more electronic logging devices) and increased attacks on that digitization. In the past, Holmberg said, the company made sure to hire drivers for the in-office dispatch positions. Now trucking employees need to know their way around computing environments, too.
“Our new viewpoint has switched and shifted to: Let me hire somebody that understands applications, that is inquisitive, and prides themselves on learning and figuring out a difficult system,” Holmberg said.