In This Article:
This story was originally published on Trucking Dive. To receive daily news and insights, subscribe to our free daily Trucking Dive newsletter.
When Werner Enterprises workers saw a video of CEO Derek Leathers apparently announcing an end to all employee vacations, responses ranged from “this is crazy” to “I’m leaving.”
But the company created the ruse using a software tool and previous footage of Leathers. Werner was prompted by growing concerns a year and a half ago that a real cyberattack could mislead workers.
The company informed staff at an all-hands meeting 90 minutes after the broadcast occurred that it was fake, EVP and CIO Daragh Mahon said last week at the National Motor Freight Traffic Association Cybersecurity Conference in Cleveland.
“The idea of saying that he was removing all vacation and PTO effectively would be so ridiculous, people would pause,” he said. Some people realized the broadcast was fabricated, but most people thought it was a joke, Mahon said.
With outside parties able to replicate a CEO’s voice on a phone call or produce seemingly credible videos of personnel, the Nebraska-based carrier wanted to prevent staff from being misled.
“It's crazy that people at that level of an organization wouldn't pick up a phone or wouldn't walk into the boss's office and say, ‘Hey, did you really tell me to pay that $5 million bill like now?’ And it's happened,” Mahon said.
The average cost of a data breach in 2024 for the transportation industry was $4.3 million, according to a report by IBM. And many incidents involve a third-party vendor, said Carrie Yang, a cyber practice SVP at the insurance broker and risk adviser Marsh.
Sharing solutions
Tech leaders gathered for the three-day conference, which NMFTA Chief Operating Officer Joe Ohr said aimed to communicate about cybersecurity experiences and strategies, rather than scare attendees.
“Getting hacked happens to everybody. It shouldn't be seen as embarrassing,” he said. “So this conference is about sharing the story.”
Often times, issues can recur and solutions are not implemented unless a company is hacked, audited, sued or bought themselves, conference speaker Drew Blandford-Williams, head of cybersecurity at Condition Zebra (US).
“We will not learn until it happens to us,” Blandford-Williams said.
Preventing problems
At Werner, cybersecurity training is part of driver safety training, and with 95% of corporate cybersecurity attacks stemming from email last year, Mahon feels that method of communication is no longer needed anymore.