Cyber Siege Mentality
Mitigating the risks associated with cybersecurity
By Angela E. Thomas
On Feb. 3, a Brooklyn, N.Y. man “MODERN-DAY BANK ROBBERS NO LONGER NEED A
pled guilty to operating “an unlicensed GUNMAN AND A GETAWAY DRIVER. TODAY, THEY JUST
money transmitting business in connec- NEED A MALWARE OPERATOR AND MONEY MULES TO
tion with his role in an international
cybercrime operation.” According to the CARRY OUT THEIR CRIME FROM ANYWHERE IN THE
FBI, the man and his co-conspirators WORLD.”
used a malware scheme that caused
more than $1.2 million in losses and WILLIAM F SWEENEY, JR., ASSISTANT DIRECTOR-IN-CHARGE, FBI
more than $6 million in attempted
losses. tor of information security and pri- in the Arkansas Democrat Gazette that
vacy with Arvest Bank, and Rodney P. estimated a business is attacked by ran-
In a press release responding to the Moore, attorney with Wright, Lindsey somware every 40 seconds.
crime, FBI Assistant Director-in-Charge & Jennings, addressed council members
William F Sweeney, Jr., said, “Modern- about protecting their businesses from “According to the federal govern-
day bank robbers no longer need a cyberattacks, while sharing examples of ment, some of the crimes are perpetu-
gunman and a getaway driver. Today, the most common cybercrimes includ- ated by Russian mafia groups that are
they just need a malware operator and ing business e-mail compromise. very organized with expertise in the
money mules to carry out their crime skills needed to navigate most of the
from anywhere in the world.” “Check fraud, phishing and ran- areas of business. The attacks are not
somware are three of the more common random — the hackers have studied
A 2014 report by Center for crimes,” Pascoe said. “It’s vitally impor- their victims,” Pascoe said. “Criminals
Strategic and International Studies tant to understand what these threats target victims by phishing and using
estimates that the infamous 2013 hack look like and how to mitigate the risks social engineering techniques.”
against Target stores cost banks more involved.”
than $200 million. And just weeks ago, Social engineering techniques
in California, four individuals — includ- He cited a recent article published
ing two Russian Federal Security Service
officers — were charged with compro-
mising the information of at least 500
million Yahoo accounts.
Cybercrimes have become “fast, big
and widespread,” according to James B.
Comey, FBI director.
So it’s fitting that cybersecurity
and tips to avoid becoming victim to
online crimes was the topic for the
first quarter meeting of the Arkansas
Trucking Association’s Accounting &
Finance Council. Jon Pascoe, direc-
ARKANSAS TRUCKING REPORT - Issue 2 2017 51
Truck Safety “MOST COMPANIES DO NOT BELIEVE THEY
HAVE EXPOSURE IN THIS AREA. MOST DO NOT
Program UNDERSTAND THE MAXIMUM THREAT OF THE RISK.
THEY SIMPLY DO NOT APPRECIATE THAT THEY DO
Funding NOT HAVE INSURANCE AND NORMAL PROTECTION
APPLICATIONS NOW CONSUMERS DO.”
RODNEY P. MOORE, ATTORNEY, WRIGHT, LINDSEY & JENNINGS
The Arkansas Commercial
Truck Safety and Education
Program has begun its next
APPLICATIONS ARE AVAILABLE AT: include installing malware in fake place, he can now look around the
social media profiles as well as e-mail account to collect and transmit data,
ArkansasHighways.com/ACTSEP.aspx compromises. such as a wire transfer. He may dupli-
cate a past transfer, down to the penny,
— or — DATA HELD HOSTAGE which may be less likely to raise a red
Arkansas Commercial Truck Safety flag, and transfer the money to his
Among his clients, business e-mail account.
and Education Program compromise — which the FBI calls “a
c/o Arkansas State Highway and $3.1 billion scam” — and ransomware Pascoe said bank-issued security
are the two most common cybercrimes. tokens offer protection if a perpetra-
Transportation Department He offered the following example: tor is trying to gain physical access to
Program Management Division your computer; however, in the scenario
An employee receives an e-mail, described above, because the hacker
P. O. Box 2261 clicks a link included in it, and without has remote access to your computer
Little Rock, AR 72203-2261 his knowledge or authorization, soft- and control of your session, he has all
ware is installed on his computer. the information needed because you’re
— or — using the token.
Arkansas State Highway and The perpetrator can now see every-
Transportation Department thing the victim is doing and can alter Ransomware has become com-
the information being sent from his monplace over the last several years. In
Central Headquarters computer and to a banking website. The fact, the American Bankers Association
10324 Interstate 30, Room 503 victim visits his banking website and estimates that criminals using ransom-
enters his credentials. The perpetrator ware collected $209 million in the first
Little Rock, AR 72209 is connected to this computer in real- quarter of 2016.
time, and when the victim logs into the
Telephone: (501) 569-2261 bank’s website, the perpetrator is also Again, a link sent in an e-mail or
Fax: (501) 569-2623 logged into the bank’s website. via a pop-up is often the point of entry.
Once victims click the link, malware, or
Email: LFPA@ahtd.ar.gov The hackers then put up a “smoke malicious software, is installed on the
screen” message saying the bank’s web- computer or mobile device and “infects”
APPLICATION DEADLINE: site is down. In reality, the perpetrator its data, encrypting files and folders
JUNE 1, 2017, 4 P.M. has gained access to the bank account on it as well as any attached drives and
and without protective measures in
52 Issue 2 2017 - ARKANSAS TRUCKING REPORT
computers using the same network. HOW NOT TO BE A VICTIM
Victims often aren’t aware of the
Pascoe shares the following tips to help protect your company:
occurrence, until they can no longer
access their data or until they begin to PROTECT YOUR NETWORK:
receive demands for payment (in the
form of money or bit coins) in exchange • Dedicate a computer to your online banking and accounting functions. Be certain it
for the decryption key. is not used for e-mail or general web browsing, including social media.
According to the article Pascoe • R emove administrative privileges from all computers used for online banking to
referenced, hackers often send “tainted reduce the risk of unauthorized software installations.
hyperlinks to broad targets, say an
entire company. Just one user clicking • Utilize a network router and install firewalls to reduce the risk of unauthorized
the link can infect the entire company, access to your computer and network.
and ransom demands have grown: aver-
aging between $10,000 and $75,000. • C hange all default passwords on networking equipment.
• I nstall software updates to operating systems and critical software patches.
“Small businesses are fragile and • Install, use and maintain SPAM filters.
cannot take these types of hits,” Moore • I nstall, use and auto-update “always on,” real-time anti-virus and anti-spyware to
said. “Sixty percent of these companies
go out of business within six months of your desktop and firewall systems.
an attack. Of course, law enforcement • E nhance corporate processes for approving ACH batches and reviewing wire
does not recommend that victims pay
the ransom demanded, but many of the transfers.
business must have their data imme-
diately — for example, retailers during END-USERS:
busy shopping seasons.”
• Don’t respond to e-mails, open attachments or click on links in e-mails from
STAY AWARE OF THE RISK unknown sources.
It’s also important to become • Do not download software from sites you don’t know and trust.
familiar with your banking institutions’ • Be wary of anti-virus pop-up messages. Ask your IT staff for legitimate anti-virus
policies, Pascoe said. The regulations
and protections in place for consumers software.
do not apply to commercial accounts. If you suspect you’ve fallen victim to a cybercrime, call local law enforcement
immediately. Cease all online activity, and disconnect the computer from the net-
Many companies seek assistance work. If possible, leave the computer running — this may allow authorities to track
through their attorneys. the malware. Change your passwords, and contact your bank immediately.
“We are often brought in due to “Our team helps address every “Most companies do not believe they
the trust relationships we have with cli- aspect of cybersecurity. We’ll help cli- have exposure in this area. Most do not
ents. We can advise them privately due ents with the cyber-insurance policy understand the maximum threat of the
to the attorney-client privilege,” Moore application, bring in technology profes- risk. They simply do not appreciate that
said. sionals to assess their systems and make they do not have insurance and normal
recommendations,” Moore said. protection consumers do.”
Clients often seek his services when
they’ve had a hacking event and want One of the advantages to working Pascoe noted that Arvest Bank does
to understand their legal liability. Other with an attorney in this manner is that not provide computer or technology-
do so beforehand. Addressing the issue the professionals work for Moore and related advising services. He and Moore
of cybersecurity prior to an event is his team, not the business, so the work provided information based on advice
much more advantageous. falls under the attorney-client privilege. from the Internet Crime Complaint
Center (IC3), the FBI and the U.S.
“This allows us to work with He said that work includes helping Secret Service.
our clients to draft policies and train clients craft responses to hackers and
employees so they are alert of the risks evaluating their legal exposure, from For more information, Pascoe
and understand the seriousness,” Moore regulatory compliance to consumer and recommends reading their pub-
said. “Employees are any company’s big- contractual liability exposure. They’ll lication “Fraud Advisory for
gest liability.” also help address how to structure their Businesses: Corporate Account Take
communication with the media in case Over.” It is available in PDF for-
Indeed, a chief technology officer of a breach. mat at: www.ic3.gov/media/2010/
for disaster recovery service was recently CorporateAccountTakeOver.pdf
quoted as saying: “At least one employee While discussions about cyber-
will click on anything.” crime and the use of terms such as You may also find information and
phishing, hacking and malware have tips to prevent cybercrime on the FBI’s
become more commonplace, Moore said website fbi.gov/investigate/cyber. ATR
the most common mistake remains:
ARKANSAS TRUCKING REPORT - Issue 2 2017 53
ADVERTISER The coverage you need. The guidance you trust.SM
www.regionsinsurance.com LITTLE ROCK
Arkansas State Highway and
Transportation Department.......................52 ©2017 Regions. Regions Insurance is an affiliate of Regions Bank. Products 1500 Riverfront Drive
Aon Transportation........... Inside front cover and services are offered by Regions Insurance Inc. and underwritten by Little Rock, AR 72202
ABF.............................................................25 unaffiliated insurance companies. (501) 661-4800
Arkansas Trucking Association..... 41, 49, 50 (800) 542-0226
Arkansas Trucking Report............................57
Drivers Legal Plan......................................38 1465 E. Joyce Blvd. Suite 205
Great Dane.................................................42 Fayetteville, AR 72703
Great West Casualty..................................37 (479) 684-5250
MHC Kenworth............................................8 DIGITAL MAGAZINE NOW AVAILABLE!
NanoMech......................... Inside back cover
Regions Insurance......................................57 You may view Arkansas Trucking Report—complete with sound effects—online within a
Rich Logistics..............................................26 week of distribution.
Southern Tire Mart....................................15
Stallion Transportation Group....Back Cover Another awesome feature of this great new technology is that websites in the
Stephens.......................................................3 digital magazine are “live.” So, viewers may click on a site featured in an ad and be
Summit Truck Group...................................4 transported directly to an advertiser’s website.
TA/Petro..................................................... 18 Check it out: www.arkansastrucking.com
The Larson Group......................................34
Utility Tri-State, Inc.....................................6 This is just one more service that we’re happy to offer on behalf of our ATR advertisers.
This edition of Arkansas Trucking Report
was made possible with the support of
these corporate advertisers. They support
the trucking industry by enabling ATA to
provide this publication to its members,
prospective members, elected officials and the
national trucking and business community
at large. They deserve your consideration
and patronage when making your corporate
purchasing decisions. Thank you!
PLEASE VISIT ARKANSASTRUCKING.
COM TO SEE THE DIGITAL VERSION OF
ARKANSAS TRUCKING REPORT WITH
LIVE LINKS TO ADVERTISERS’ WEBSITES.
ARKANSAS TRUCKING REPORT - Issue 2 2017 57
THE LAST WORD
The power of association
By Butch Rice and keep that revenue in the state. sweep through the crowd, I heard the
It’s a small victory when I think power of association.
about the other challenges we have When I served hot dogs and ham-
Twelve years ago, ahead of us, like technology that chang- burgers to drivers at the TA Petro on
I received a call ask- es faster than we can prepare and adapt, I-40 during National Truck Driver
ing me to be on the infrastructure that crumbles beneath Appreciation Day alongside my col-
Arkansas Trucking our wheels and evolving perspectives leagues from across the industry, I saw
Association’s board toward trade, manufacturing and ecom- the power of association. And when we
of directors. It was merce that are changing our businesses gather over 300 fellow ATA members
one of the proudest at the annual business conference in
moments of my career. I didn’t think WHI’AVTEWSEEECNAN Rogers on May 3, I expect to feel the
anything could top that honor until DO WHEN power of association.
two years ago when I accepted the baton WE MOVE
passed from Craig Harper, COO of J.B. TOGETHER... One of the most satisfying
Hunt, as chairman of the board. moments as chairman was helping with
During my time as chairman, I and our customers’ expectations. the Special Olympics of Arkansas dur-
have tried to model the ATA’s mission But I’ve seen what this associa- ing the Truck Convoy. This event hosted
statement: protect the collective inter- only 24 participating trucks when I took
ests of the industry, promote how essen- tion can do. I’ve seen what we can do office and we as a whole were able to
tial trucks are to every community and when we move together, when you bring reach 110 trucks participating in this
serve the members of the association issues to the board of directors, when convoy. This event serves one of the
so we are all better and more profitable you write your legislators, when you greatest causes in the state and being
than we were the year before. show up to celebrate our common val- able to raise over $60,000.00 during
Seeing the work that goes into that ues of safety, efficiency and progress. this event for the Special Olympics
mission has been a humbling and grati- Athletes of Arkansas was a great attri-
fying experience. Just a few weeks ago, I When I attended the Arkansas bute and has made this charity one that
was present when Gov. Asa Hutchinson Truck Driving Championship for the I hold close to my heart.
signed a law that will improve the IRP first time in 2015 and experienced the
process for every company registering deafening applause and industry pride It has been a tremendous honor to
trucks in the state. It was a law two serve as your chair and to play a part
years in the making. It won’t pave every in this great association’s long history.
highway or solve the looming problem It is my hope that my passion for this
of the driver shortage, but it will make industry is contagious, and every carri-
life a little easier for companies who er — big and small — catches some of the
won’t have to make a trip to Little Rock same fervor as we tackle the problems
every time they buy a new truck. It will of the future together.
make Arkansas more attractive to busi-
nesses with a choice of where to register Butch Rice is president and CEO of
Stallion Transportation Group and
current chairman of the board for the
Arkansas Trucking Association.
Opinions expressed on this page may not reflect official policies or opinions of the Arkansas Trucking Association or the American Trucking Associations.
58 Issue 2 2017 - ARKANSAS TRUCKING REPORT
#1 Scientific Breakthrough in Advanced Lubrication & Protection
From then to now, NanoMech revolutionizes the way you look at preventive
maintenance in the heavy duty trucking industry.
AtomLube® extreme greases and GUARDx™ corrosion-resistant coatings are the next generation of superior performance in
lubrication and protection. Through scientific innovation, and 21st century breakthrough technology, NanoMech’s revolutionary
products have been proven by top industry leaders to eliminate friction, wear and corrosion under extreme pressure,
temperatures and other conditions.
Our products provide enhanced protection and lubrication that allow PM intervals to be extended to 75k+ miles!
Simply put, nothing works as well as AtomLube and GUARDx, rendering all competitors obsolete. Nothing even comes close!
To order or learn more go to NanoMechTruck.com or call 855-368-2497.
Chassis Grease | Dielectric Grease | Food Grade Grease | Landing Gear Grease | 5th Wheel Grease
Multifunctional Corrosion Protectant | Protects All Exterior Components | Protects All Wheels
Protects Undercarriage | Protects Container Panels | Protects Truck Bed | Water and UV Resistant