July 12, 2024 Top Cybersecurity Predictions: An Overview

Volume 27 | Issue 2

Supply chains must adapt to evolving cyber threats. It’s no longer a matter of if, but when an organization will be attacked.

Click here to read the complete illustrated article or continue below to read the text article.

Those involved in the supply chain must brace themselves for ever-evolving cybersecurity threats. The lessons learned from 2023 provide a foundation, but the dynamic nature of cyber threats requires ongoing vigilance and adaptation. The National Motor Freight Traffic Association, Inc. (NMFTA)™ aims to stay ahead by anticipating future challenges through diligent research and collaboration with other cybersecurity organizations.

The supply chain’s critical role in maintaining economic stability, public health and safety, national security, and technological advancement highlights its importance as critical infrastructure. Disruptions in the supply chain can have far-reaching consequences, making its resilience and efficiency vital to the functioning of modern societies.

Phishing: The Persistent Threat

Phishing remains a prominent tactic used by cybercriminals to infiltrate enterprise systems. These deceptive communications trick recipients into clicking malicious links or opening harmful attachments. In the supply chain industry, phishing scams can lead to security breaches, including ransomware attacks.

To combat phishing, supply chain companies must prioritize employee training. Workers should be adept at identifying suspicious emails, such as those from lookalike URLs. For instance, a phishing email might use “dellIogistics.com” instead of “delllogistics.com,” where the letter ‘I’ replaces the ‘L’. Employees should verify sender addresses and scrutinize links before clicking. When in doubt, they must refrain from opening attachments or clicking on links. In addition, it’s imperative that companies deploy a software solution in addition to training to help combat phishing.

API Security: A Dual-Front Battle

API security is critical for both host-side and mobile integrations. APIs are essential for workflow and telematics systems but pose significant security risks. Key concerns include:

• Zombie APIs: Outdated and deprecated APIs that are still accessible.
• Denial-of-Service (DoS) Attacks: These can overwhelm and disrupt services.
• Authentication Bypass: APIs that allow unauthorized access.
• Data Leakage: Accidental exposure of sensitive information.
• Shadow APIs: Undocumented APIs that can be exploited by attackers.

Addressing these issues requires rigorous security measures, including regular audits, robust authentication protocols, and continuous monitoring of API activities.

Direct Threats to Trucks

The increasing integration of technology in trucks introduces new vulnerabilities. Modern trucks equipped with on-board diagnostics, telematics systems, and sensors can be targeted by hackers. During a recent NMFTA Cybersecurity Conference, we hosted a live truck hacking demonstration which showed how a hacker could manipulate a truck’s brakes using a simple antenna.

NMFTA recommends that fleets implement cybersecurity measures to protect their critical systems from cyber threats.

Predictions from Other Industry Experts

Several organizations have provided insights into the cybersecurity landscape for 2024:

WatchGuard Predictions

• Artificial intelligence (AI) and machine learning (ML) Risks: While still a minority of attacks, threat actors will experiment with AI tools and sell them on the dark web.
• Automated Spear Phishing: Emerging markets for these tools will enhance attackers’ capabilities.
• Vishing and QR Code Attacks: Increased use of phone scams and malicious QR codes will exploit user trust and habits.

AI-Related Predictions

AI will significantly impact cybersecurity, both positively and negatively. Key forecasts from Gartner, Forrester, and Trend Micro include:

• GenAI Tools: These will enable more sophisticated cyberattacks.
• AI-Based Cyber Defense: Essential for keeping pace with evolving threats.
• BYOAI (Bring Your Own AI): Employees using personal AI tools can introduce security vulnerabilities.
• Deepfakes and BEC (Business Email Compromise): AI will enhance these attack methods.
• Voice and Video Impersonations: More convincing attacks on personal and executive accounts.
• LLM (Large Language Model) Attacks: Increased focus on exploiting these models.

Google Cloud/Mandiant Predictions

Key expectations from Google Cloud/Mandiant include:

• Zero-Day Vulnerabilities: Persistent use by cybercriminals.
• Election Cyber Activity: Targeting U.S. elections specifically.
• Hacktivism and Wipers: Increasingly disruptive attacks.
• Space-Based Infrastructure: A new target for cyber threats.
• Hybrid and Multi-Cloud Attacks: More sophisticated and impactful.
• Serverless Services: Greater use by threat actors.
• Supply Chain Attacks: Targeting developers via software package managers.
• Mobile Cybercrime: Growing prevalence.
• Cloud Security Gaps: Leading to cloudnative worm attacks.
• Generative AI: Facilitating advanced social engineering lures.

Election Threats

Global elections will be prime targets for cyberattacks, including:

• Misinformation: Propagated through social media.
• Voting Machine Attacks: Both virtual and physical threats.
• Voter Data: Cyberattacks on voter lists and related processes.

Conclusion

The cybersecurity landscape presents numerous challenges for the supply chain industry. From phishing attempts to API security breaches, to evolving AI-driven attack vectors, these examples emphasize the need for proactive measures. Companies must stay vigilant, continuously train their employees, and adopt advanced cybersecurity technologies to safeguard their operations and the greater supply chain.

NMFTA remains committed to monitoring these trends and sharing insights with the industry. Our efforts will culminate at our annual NMFTA Cybersecurity Conference on October 27-29, 2024, in Cleveland, OH, where we will discuss the latest developments and strategies in cybersecurity. For more information, visit www.nmftacyber.com.

About the Author:
Joe Ohr has more than two decades of experience in technical operations, customer success management, customer support, and product support.

Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity.

Prior to Ohr’s role at NMFTA, he served as in numerous engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs.

Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals.

He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs.

Subscribe to Industry Today