In the latest episode of "The Freight Caviar Podcast", we sit down with Cameron Ramsdell, the CEO of Armstrong Transport Group. He discusses strategies for protecting your business against fraud and how he grew Armstrong by 60% in one year.
The FreightWaves Future of Freight Festival in Chattanooga wasn’t just about supply chains, innovations, and industry insights—it also highlighted the growing importance of cybersecurity in logistics. Amid conversations on tech-driven efficiency and fraud prevention, one theme stood out: protecting sensitive information in Transportation Management Systems (TMS) and other logistics applications.
Beyond the Checkbox: Rethinking Cybersecurity Testing
Many companies at the conference discussed their efforts to maintain cybersecurity standards, often highlighting their compliance with frameworks like SOC 2. But what exactly is SOC 2, and why does it matter for logistics companies?
Understanding SOC 2
SOC 2 (Service Organization Control 2) is a set of compliance requirements established by the American Institute of CPAs (AICPA). It outlines how organizations should manage customer data based on five key principles: security, availability, processing integrity, confidentiality, and privacy. For logistics companies—especially those offering applications like TMS that handle sensitive shipment details, customer information, and financial data—SOC 2 compliance is often necessary to assure partners and clients that their data is protected.
However, achieving SOC 2 compliance can sometimes become a “checkbox” activity, performed once a year to meet contractual obligations. While this satisfies basic requirements, it may not fully protect companies against the constantly evolving tactics used by cyber attackers. Cybersecurity isn’t a one-time task; it’s an ongoing process that must adapt to new threats as they emerge.
Introducing Penetration Testing
One critical aspect of a robust cybersecurity strategy is penetration testing. This is essentially a simulated cyberattack on your own systems, conducted by security professionals, to identify and fix vulnerabilities before real attackers find them. Think of it as hiring a friendly “hacker” to test your defenses so you can strengthen them. Unfortunately, many organizations only perform penetration testing when it’s required for compliance purposes, rather than making it a regular part of their security routine.
The takeaway? Relying solely on annual compliance audits like SOC 2 isn’t enough. Logistics companies need to integrate proactive cybersecurity measures—like regular penetration testing tailored to the latest threats—into their everyday operations. By doing so, they move from simply meeting standards to actively safeguarding their data and systems against potential attacks.
Phishing vs. Technical Risks: A Limited Awareness Gap
Discussions at the conference revealed that while companies are well-aware of risks like phishing—where employees might be tricked into revealing sensitive information—they’re less familiar with technical vulnerabilities in their networks or applications. This lack of awareness can be dangerous. In our interconnected logistics systems, a weakness in one area can impact the entire supply chain.
Some companies have started using tools to monitor their network traffic for unusual activity, which is a good step. However, fewer are conducting continuous and proactive assessments, like regular system checks and penetration tests, to find and fix vulnerabilities before they can be exploited.
New Tech, New Threats
An interesting point of discussion was the development of new features in logistics applications designed to reduce fraud, such as location-based safeguards and advanced verification processes. While these innovations are valuable, they can also introduce new security challenges if not properly protected.
This is where penetration testing becomes especially important. By simulating real-world attack scenarios on these new features, companies can identify potential weaknesses and address them proactively. This ensures that efforts to combat fraud don’t inadvertently create new opportunities for cyberattacks.
Dollars and Sense: The Cost of Cybersecurity
One application developer mentioned that their company spends $240,000 annually on cybersecurity, mainly on products like firewalls and services that respond to breaches after they occur. This reflects a common trend of investing heavily in security products and reactive measures. While these are important, they often focus on responding to incidents rather than preventing them.
Investing in proactive measures—such as regular penetration testing, employee training on cybersecurity best practices, and continuous monitoring—can provide a better return on investment by stopping breaches before they happen. It’s not just about how much is spent on cybersecurity, but how wisely that money is used.
Trust and Cybersecurity: A New Perspective
In the logistics industry, trust is crucial. Carriers, brokers, and partners all rely on each other to keep goods moving smoothly. However, cybersecurity needs to be part of this trust equation. When you work with another company, you’re not just sharing business; you’re sharing risks. If their systems are vulnerable, your data and operations could be at risk too.
This interconnected risk highlights the need to assess the cybersecurity practices of your partners. Companies like Velite.io, which specialize in proactive cybersecurity for the logistics sector, can help organizations evaluate their own vulnerabilities and those of their partners. By doing so, companies can make informed decisions and build more secure, trustworthy relationships.
Velite’s Mission at F3
At the F3 conference, Velite offered free consultations to logistics companies, helping them understand cybersecurity best practices and assess how prepared they are to handle cyber threats. By encouraging organizations to adopt a proactive mindset, Velite aims to help the logistics industry move from simply meeting compliance requirements to achieving true resilience against cyberattacks.
Their approach emphasizes that cybersecurity isn’t just an IT issue—it’s a critical business concern that affects every part of operations. Through services like penetration testing, where security experts simulate attacks to find weaknesses, companies can identify and fix problems before they lead to financial losses or damage to their reputation.
As Cyber Threats Evolve, So Must the Logistics Industry
As the logistics sector continues to embrace digital technologies and innovative solutions, keeping cybersecurity at the forefront is essential. The discussions at F3 highlighted a key point: staying ahead of cyber attackers isn’t just a good idea—it’s vital for the future of the industry. By moving beyond basic compliance and adopting proactive security measures, logistics companies can better protect themselves, their partners, and their customers in an increasingly digital world.
Aleks Frelas, Founder and CEO of Velite.io, leads a cybersecurity team focused on offensive security and vulnerability management. He is also a FreightCaviar contributor on cybersecurity in logistics.
Keep up with the freight broker world in 5 minutes.
Join over 12K+ subscribers to get the latest freight news and entertainment directly in your inbox for free. Subscribe & be sure to check your inbox to confirm (and your spam folder just in case).