Cybersecurity Insights for the Freight Industry (with Erika Voss of DAT)

Ever wondered how cybersecurity intersects with the logistics and freight industry? Discover these critical insights in our 250th milestone episode of Freight 360, featuring an exceptional guest, Erika Voss from DAT. Erika takes us through her unique career journey from physical security and emergency management to championing cybersecurity in the freight world. We share tips to protect you and your brokerage from cyber threats as well, so this is a great listen!

Erika Voss: LinkedIn

Support Our Sponsors:
QuikSkope - Get a Free Trial: Click Here
Levity: Click Here
Bluebook Services: Click Here
DAT Freight & Analytics - Get 10% off your first year!
DAT Power - Brokers & Carriers: Click Here
DAT Express - Brokers: Click Here
Truckers Edge - Carriers: Click Here

Recommended Products: Click Here
Freight Broker Basics Course: Click Here
Join Our Facebook Group: Click Here
Check out all of our content online: Click Here

Speaker 1: 0:19

All right, Welcome back everybody for another episode of the Freight 360 podcast. This is actually a. This is a special episode in two ways. We've got a special guest that we'll get to in just a minute here, but it's also our 250th episode, so, Ben, a little bit of a mini celebration there.

Speaker 2: 0:37

Right, so now the 250.

Speaker 1: 0:39

So quarter century mark. Yeah, there you go.

Speaker 1: 0:43

Make sure to share us with all your colleagues, I know this is usually a great training resource for folks out here, uh, in the freight broker space that don't always have the best internal education at a smaller office. Um, leave us a comment, subscribe. You know all that good stuff that helps us, uh, get in front of more people. And, um, you know, if you're, if you look, want to get some more content, just go to freight 360.net. You got a full searchable library of all of our blogs, our YouTube videos whether they're full length podcasts or shorter educational videos, uh, demos of some of the products that are in the space, and you can also find the freight broker basics course If you're looking for an educational option there for a deep dive into how to launch a brokerage and grow the sales side of it, the carrier networking and all that good stuff.

Speaker 1: 1:27

So, before we get into our news and sports, I wanted to give a brief introduction to our guest today, erica Voss, with DAT. She's with us and we're gonna be talking about cybersecurity. So, real quick, erica, before we get into the weeds in a bit here, give for anyone doesn't know you and they probably don't because you're fairly newer to DAT tell us a little bit about you, what you do with DAT, and then we'll peel back the layers throughout the episode.

Speaker 3: 1:53

All right, sounds good, nate. Hey, thanks everyone. Good morning, my name is Erica Voss. I'm the Vice President Information Security Officer here for DAT.

Speaker 1: 2:04

Awesome. Well, there's a lot to unpack and we're going to definitely get there. You got a really interesting background. I'm sure a lot of stories we'll get to, but thanks for being with us. We appreciate it, ben. What's going on in South Florida?

Speaker 2: 2:17

Weather's not as hot as it probably is up there, I mean for the most part. So not too many complaints for this time of year.

Speaker 1: 2:23

We finally cooled down. It was like here in Buffalo. It was like in the 90s for a little bit of a stretch there the last week I think the whole like Northeast right, like a lot of record temps were set. But it has finally cooled off I shouldn't say cooled off. It's 75 right now, which I'll take. This is like perfect for June in Western New York.

Speaker 2: 2:41

But I would say this I was telling you I played golf Friday. It's probably the first time I played, I think since like January, so like still summer heat, you know, like high nineties in the middle of the day. We'd heat off at like nine. And I'm like, oh, I used to play a lot, but I used to be used to it, right. And I'm like, oh, this won't be that big of a deal. I got, we got done, like we played pretty quick, but like 1 32 I got back I had like a headache for like an hour and a half by the time I got home and like literally cooled down. I'm like, I really think I like almost had heat stroke and just like wasn't paying attention.

Speaker 1: 3:11

I'm like it's a lot hotter out there when you're sitting out there for four or five hours out in the sun it is one of those things too where, like with golf, if you don't golf that, like you wouldn't think about this necessarily, but like if you golf, you get it, like you are committed for four to five hours and you've got to plan ahead. So like, whether it's what you're wearing, or like hydrating, or for me, a lot of times it's like bug spray or even like an allergy pill, because we'll have like the cotton blowing around and uh, ibuprofen in every one of my golf bags yeah, water bottles and all my golf clothes are white for that very reason, because any other color is just ridiculous to wear.

Speaker 2: 3:47

And if you're stuck at golf, like me, on some days.

Speaker 1: 3:49

Just make sure you have enough balls with you, because I tend to like, uh, throw in the woods and donate them to mother nature, so, um, speaking of golf, yeah, I'm gonna segue into sports.

Speaker 2: 3:59

My cousin, um darren kowalski, won the pitts Pittsburgh Open by four shots at the Pittsburgh Field Club and he was in the Post Gazette this morning for becoming the first player to win both the Tri-State Amateur and the Pittsburgh Open in the same year. He was four under 136 for two rounds. He was the overall and low amateur so he technically won the whole tournament. But since he was an amateur, the low pro got the check but he won by two strokes so in the amateur I'm actually curious do they only play two days or two rounds?

Speaker 1: 4:33

is that what it is versus four I?

Speaker 2: 4:35

I think it's. Most of those tournaments are two or three days. I mean, I've followed him for years and I really think almost every tournament is kind of two days until you get into like the pga. Maybe the corn fairy tour is like four days like the pga, but I don't really know. Off the top of my head I'm pretty sure two days mostly because guys got to take off work to go play and I'm guessing, you know, four days is a lot to get that many people to be able to yeah, that's that makes sense, because they all have other jobs or, you know, a regular career most likely.

Speaker 1: 5:08

I did see. I didn't watch the the PGA event this past weekend, but I heard that there was like they stormed. People stormed the green on like a playoff hole. Did you hear about that?

Speaker 2: 5:20

I didn't get a chance to watch any. It was something about.

Speaker 1: 5:23

Yeah, it was like climate activists were like I forget what their message was, but either way they like stormed the green on, like I think it was a playoff hole with Scotty Scheffler or something like that on the on Sunday but they were able to resume play. So I was looking into that. After the show Crazy Also celebration in South Florida, the Florida Panthers. I didn't do it. I never would have thought I went to game seven for the Stanley Cup but because I think we talked about it last week, we're like, yeah, stanley Cup's probably going to be over by the time this episode drops Because Florida was up three games to none. Edmonton came back and won three straight to tie it up, but it was a. That was a good Stanley cup to watch. I don't watch a ton of hockey like I used to when the Sabres were good but I just like sports and that was a good, entertaining game.

Speaker 2: 6:15

Justin was at game five down here and he went to game seven two days ago. He was telling me about it Friday. He was like it was the most fun and disappointing, you know, when they lost game five, to not close it out. But he was like, yeah, I think I'm going to try to get tickets to game seven. Hopefully it goes to game seven.

Speaker 1: 6:31

So it was pretty cool that he got to get back there and watch them close it out, and it wasn't like it was a blowout, Like it was like it was. I think it was two to one was the final score. So good stuff. I don't have anything else in sports.

Speaker 2: 6:44

Yeah, a couple of things in news. This is mostly saw this in Freight Caviar too. This morning Morgan Stanley put out a six-month forecast for spot rates and this is good news to everybody in the market because they are extremely optimistic. I will cite just the highlights. But current average spot rate right now across the country $1.60 per mile. The six-month forecast $1.91 per mile. 12-month forecast $2.16 a mile.

Speaker 1: 7:13

And keep in mind that's without fuel. That's just your line haul spot rates.

Speaker 2: 7:17

So optimistic outlook $2.39 in six months. Pessimistic, worst case scenario they're thinking $1.52, which is about $0.08 less than we're at now. But optimistically, 12 months from now is $2.85 a mile, right, without fuel. Like that is significant. That is like literally I don't know, I can't do that percentage that quick in my head, but it looks like it's about 60% increase over $1.60 a mile.

Speaker 2: 7:44

Oh, it's fantastic. So you know, in the bigger picture, forecasts suggest there's going to be a reversal of recent downward trends, most of which they're attributing to economic recovery expectations and capacity exiting after prolonged rate pressure. So more carriers leaving the market throughout the rest of the year and more shipping demand, more freight, more shipments. So, hey, a little spot of sunshine in the outlook. We'll see how things play out.

Speaker 1: 8:12

I saw one and I included in our newsletter that went out this week from transport topics. So, like, if you're a TIA member transport topics you should get it either sent to your office or you get the digital one in your inbox. I think the article was actually from like a week or so ago, but it was about the appropriations from DC that are specifically being I think it was $2 million being appropriated to create a task force to combat fraud in the supply chain. So cargo theft, double brokerage, you know all the, all the illegal brokerage activities, things like that. So, like they say, the squeaky wheel gets the grease. We've been going to DC every year, for, you know well, the TIA has been going for a while, but the last two years and this will be, I think, the third year now where that's like the big talking item is fraud and we're going to definitely talk a little bit about fraud today. But yeah, it's a good sign.

Speaker 2: 9:10

One other RXO is. Rxo shares up on news they're going to buy Coyote. If they do buy Coyote they will become the third largest 3PL in the country, so pretty big deal. They're buying them off of UPS. Is that correct? Become the?

Speaker 1: 9:25

third largest 3PL in the country, so pretty big deal. Stock market yes, is that correct? Yes, that was the big acquisition, like seven or eight years ago, I remember.

Speaker 2: 9:31

Yeah, and here's the thing right. Like that, one failed miserably related to integration, like they just weren't able to get any of the economies of scale by bringing them back. They lost a ton of money on it 75 million, according to Steven.

Speaker 2: 9:47

Apparently, they lost on the deal between buying it and having to resell it. So, like I don't think this is as I don't know, I don't think this positive outcome is assured or as likely as maybe everyone hopes. I think there's a lot that they're going to have to do to integrate these two companies, to get that value, and I think we're going to see whether or not that like always, see whether or not that plays out over the next couple of years.

Speaker 1: 10:13

Yep, exactly, yeah, so Steven said they bought it for. So UPS bought Coyote for 1.8 billion and that was three years ago, 2021, and then sold it for just under 1.8 billion and I guess it was three years ago, 2021, and then sold it for just under $1.1 billion is what they announced this week. So not a great negative spread there for the shareholders.

Speaker 2: 10:33

Buy them high and sell them low, Kind of the opposite but Exactly.

Speaker 1: 10:38

But Well, cool, let's get into the episode here. So, and that's Erica, are you a sports fan? You got any sports?

Speaker 3: 10:45

input or anything. Huge sports fan I mean let's be real, let's talk about Seattle. I mean born and raised here with the Seattle Seahawks, love them, diehard fan. It'll be interesting to see. We got a new young coach, got some new young players, let's see where we go. And then I mean you guys talk weather. I mean Seattle, nothing but 50 shades of gray here. Get your Patagonia. Don't bring an umbrella, that's how we're going to know you're a tourist. Like, get out there, enjoy it.

Speaker 1: 11:15

That's funny. That's funny. Yeah, won a super bowl. Is it 10 years ago, right?

Speaker 3: 11:28

yep, I'm a. I'm a diehard bills, fan here in buffalo, and that's like uh, yeah, maybe someday that's your highlighted news now yeah, exactly, exactly.

Speaker 1: 11:35

I'm excited. This is like the time of year when, like I'm itching for, like all the like, all the open practices to start and pre-season and all that it's it feels like it's just around the corner.

Speaker 3: 11:46

So countdown begins when it's, like you know, july one starts next week and it's like, all right, like let's get into preseason, I'm ready for the games. I want to see who's going to be the team this year. Is you know? Are the chiefs going to actually go do a three-peat, like they say they're going to? I mean, it's going to be interesting. It's going to be a good football season we shall see, we shall see.

Speaker 1: 12:06

Well, cool, let's get into our uh discussion, uh, erica, today with uh you and cyber security, and we're going to talk about all kinds of stuff. So, um, you mentioned your role with dat been there for six months. Um, tell us a little bit about what your journey was like, because I know, um, you didn't start in logistics or freight, but how did you get to where you are today? What's your background? Look like that kind of set you up to do what you're doing today.

Speaker 3: 12:35

Yeah, you know, I mean my background has been pretty, pretty wild. I think more than a non-traditional, I guess you could say security person. So I started in physical security, I worked for Department of Corrections, I was a corrections officer, promoted through the ranks, got into emergency management, got into business continuity, disaster recovery, and then my career kind of took off after that because it was more around the companies that I had worked for who had supply chain footprints. It was how do you protect the product, how do you protect the truck? Like you know what's the seal, you know why did we not want someone to take the seal off? And I remember going what is all this? Like I was more about people in process.

Speaker 3: 13:12

And so me like, through the years, it just kind of evolved into you know just the different companies, and looking at e-commerce and the types of supply chain attacks that started happening, and then why it became like a hot thing to you know, steal a truckload and what that meant, and then fast forward to where it is today with DAT. I mean, double brokering is a great example. I remember Googling double brokering and I was like, what the hell is this? So I did and read it, and I was like, oh my God, this is like an actual thing. And then it was.

Speaker 3: 13:38

It was very like eyeopening to me. It wasn't about the type of risk or threats or attacks that I'm used to. It was more around you know, hey, how do I actually go do this and how do I actually go protect this and solve for this, and so that became very different for me, and it was just. It was a little mind blowing, I think, more than anything, and what I loved about it, though, is, you know, I've been in some element of security that ranged from supply chain to products, to trucks, to, you know, physical security, to cybersecurity, so it's just, my career has been incredible and it's been really fantastic, but it's also like this is a different type of attack landscape that I've ever had to experience, so it's more around. You know now how do I go? Actually not only protect the business, but also, like, protect our customers, which is different.

Speaker 1: 14:20

Yeah, it's wild, so it's funny, like we'll talk about it. Um, throughout our show is like it's kind of the joke of people that don't work in the freight brokering world. It's like hard to explain exactly what we do and how it all works. And then, if you want to add a layer to that, you try to talk about the fraud that we deal with and it's like wait, what Like it's? What is double brokering? How does this work? But if you put like a number on the what the fraud is evaluated, I think the most recent we've found Ben is like $800 million a year or something like that right Between like a double brokerage, cargo theft, something, wasn't it like 800 million.

Speaker 2: 14:56

Yeah, I mean I've heard, we've heard estimates all over the place. I would love to hear from Erica what you, what are, what are you looking at or what do you use as that number, If you have one in your head for the context of how significant this is across the entire United States?

Speaker 3: 15:13

Yeah, I mean same thing. So, like I'm a huge person who always looks at the data statistics 800 million I've seen that number pretty commonly actually now for the last few months, and like you could pull it from whether you pull it from FBI statistics kind of, because they're actually attacking and tracking the fraud. But if you look at like supply chain attacks, which is kind of a bigger number really to go after, I mean you're looking at over a billion dollars of just supply chain fraud, whether it's been cargo, whether it's been freight, whether it's, you know, ships, containers, I mean it's just, it's massive. And so I think you have to really understand your footprint. So like for me, like it's very much about the trucks, it's very much about trucking versus.

Speaker 3: 15:49

I also, you know, previously once upon a time looked at supply chain attacks. I had to think about containers, I had to think about cargo, I had to think about, you know, stuff going overseas and you know CT, pat and like how do I look at TAPA and like some of these industry standards where I was like, oh my God, this is a whole new world. But 800 million is pretty common. That's a pretty like pretty easy number, but your statistics are really going to depend on where you want to pull your from when you're looking at what your company is actually trying to solve for.

Speaker 2: 16:12

So that's the thing that I've always found interesting, right Cause I was always curious and we've never been able to like dig in. We've talked to at Veris to drill down a little bit behind the scenes and had some people from law enforcement they work with that have given us some of this information and what the thing is like. You hear that and to me like it just seems low, but it's like anecdotal, cause I'm like I talk to people every week that are running into instances and I know they're not reported. They don't know who to report them to. They're just paying cash to make them go away to keep the customer happy and move on. And I'm like, out of 10 that I hear about every few months, right Eight aren't reported, that someone just pays out of pocket and moves on, tries to resolve it, deals with the claim, and I'm like I know they're not getting reported.

Speaker 2: 16:53

So like I'm always curious how much of that 800 million estimate is reported and how much of it is you know just them having to inflate the numbers for what isn't reported because it's enormous, like the one small ring. You know, like one of the clients that Nate and I know they came across one. This was like three weeks ago we talked to the guy at Travelers Insurance that was working on it because they had like two loads stolen that they were able to recover Right. But that insurance agent said that particular ring over a 10 day period was able to get away with something between seven and 10 million bucks in a week. And I'm like that is a small company, a small instance in a week hitting 10 million. This has to be happening at least weekly somewhere in the country. I'm like 10 million times 50, right, you're at 500 million.

Speaker 1: 17:38

That's just small instances.

Speaker 1: 17:41

Ben, to add to your point, it's not all being reported, because I remember the most recent policy forum in DC that TIA hosted. They had 80,000 reports of fraudulent brokerage submitted through like the FMCSA's reporting, whatever their reporting system is. And one of the points I made I was like, yeah, my brokerage had been double brokered in the last two years as of today. Last year we've probably been double brokered like 40 or 50 times and we've never reported it. We'll talk about it and we do stuff to like stop it, we don't have the time to go through. And we do stuff to like stop it, we don't go, we don't have the time to go through and file a report every single time it happens. We're more worried about like how do we try and recover some kind of money? Or, you know, blacklist this, this fraudulent carrier, or this spoofed email address that stole someone's identity like it's definitely not being reported, so I bet the number is way higher. Um, but either way, like 800 million is a lot of money it's a huge problem.

Speaker 1: 18:49

So I'm curious, like on a like big picture, 40 000 foot view, erica, for you, what like? So you obviously six months you've been there um, what does your department look like like? What does it consist of? As far as, hey, here's what our you know, here's what our job entails, or our mission statement, or what is the role of the? I guess give me the department title again. You said information, cyber, something. It sounded cool.

Speaker 3: 19:19

No, yeah, so chief information security officer. So that's the title essentially, no-transcript. How do we deliver the future? And so my big thing is really around. What is that? What does that space need to look like? And that space is really around. How do you secure things? How do you protect, how do you architect? So how are we building things better? How are we thinking about making sure we're being compliant for our customer? And then also it includes everyone. So delivering the future is what I'm all about, and so I think what's great for me is like when I think about what I want to do at DAT.

Speaker 3: 20:13

I mean, I'm very much a change agent. I can come and sit down and I'm going to draw a truck on the whiteboard for you and I'm going to say there's 18 different types of attacks I could do with a truck. And people just look at that and they go what? And I'm like let's talk about it. Let's think about you know the brakes. Let's think about you know the reefer systems or the cargo monitoring or the device systems or the USB drives, like all the things that actually run a truck are very automated.

Speaker 3: 20:36

Now it's an attack. That's an attack landscape for me. And then on top of that, now put the person in the seat, so the person in the seat is also carrying a smartphone, and then you have to think about what are they clicking on, what are they calling? I mean, your attack landscape is very different and I think that's where that's where I think people need to stop and kind of look and go. Oh my God, not only am I driving, you know, millions of product down the road, or millions of dollars in my cargo that I'm carrying potentially, or hundreds of thousands of dollars, it still has 18 different type of attacks that I can go after. And that's not that's crazy.

Speaker 2: 21:04

Reminds me of that book that came up. This is probably like 15 years ago now. I think it was called Against All Enemies. It was one of the people from like I think it was the Bush cabin or something Wrote this book about exactly that the landscape and the change in the late 2000s and how, just like the surface area of which you're exposed to be able to have to defend. Now right is just growing every single day, every single tool you add, every product you use, your emails, who's reaching you? Right, it's like it's not infinite, but it is infinitely larger than it was prior. Right, in a traditional business of you got a fax machine, a phone number and an email address. Right, there's just so many more opportunities to be vulnerable these days.

Speaker 1: 22:57

Yes, I think about like the customer count at DAT, right, if you think about the amount of like tens of thousands of of 100 brokerages and then 100,000 plus trucking companies are using the product, right, so you've got a six figure customer count. That all are. You know, a lot of them use your products and your services in some sort of similar way, but a lot of them are different, like if you go to the actual the trucking company, the truck driver, right, like you mentioned, some of them are reefer fleets, some of them are not. Some of them drive in one area, some of them don't, some of them use ELD, Some of them are exempt, and it's just you got to. I feel like you have to have a very, very broad mindset as to like this is a very, very large scale of what are, like you called it, like you're the target, right, it's not just, hey, this is the one vulnerable area no-transcript what I go into like every day.

Speaker 3: 24:14

I log in, you know, and I look at. You know, let's say, a threat intelligence platform which I think is key for anybody to have the same age. If you're going to do anything cyber related, I go in and I look and it's really quick.

Speaker 1: 24:20

What does that mean? Break that you go to like DATs load board.

Speaker 3: 24:23

That's where you get your information correct Of like the loads you want to pick up. That's the same thing for me from a cyber perspective. I log into like a load board style, but it's all threat intelligence. It's you know, intelligence feeds that are coming in like literally throughout the globe that are telling me there's a supply chain attack happening or there's a domain being stood up that's a phishing domain, there's an insider threat attack, there's a ransomware attack. It tells me all the different types of attacks that are happening and it tells me some in real time. It tells me where there's bad countries, where there's bad actors. It tells me about different groups that are out there.

Speaker 3: 25:01

If you think about, you know, what's in the news today. Everybody's talking about CDK and their you know data breach that they'd have, which is for all the cars same thing. I get all that Intel, but I get it in one really cool view. That kind of tells me okay, how do I set up DAT to not be attacked all the time? Or how do I set up the right you know attack surface to make sure we're not being hit? That's what every cyber person's going to do. They're going to look and go. Okay, how do I make sure I can protect. You know, what we say is the front doors, the walls, the roof. You know that's how we think about it. So I kind of put that same terminology in place is how do I protect the truck? So I look and go, I log into my threat intelligence platform and I start reading and like paying attention to what's going on. And then I start looking at my attack landscape and go okay, where can I change things? How can I get us to be faster at detections? How can I get us to be smarter with the alerts that we're doing, and where can we take action in real time? And so for me, I mean, it's not even just DAT, it's an industry problem. It's everybody's dealing with fraud, everybody's dealing with impersonation, everybody's dealing with phishing campaigns, or they're dealing with phishing attacks or clicking on a link, which I'll be very candid, I die laughing when people talk to me about oh gosh, I'm being phished and I'm like it's 2024. Why are you still clicking on links? Like we've done a shitty job as an industry? Because people are still clicking on links now and people get frustrated and, like you know, mad and it's like, oh my God, I would be the same. However, what have we done to educate you? We say, go take a training. We say get online, don't click on a link. And then, but it's like here's the link to click on to go take the training. It's like we're kind of like it doesn't make sense. And so for me it's very much like pay attention to what you're doing. No-transcript, good citizen at work. That's just being a good citizen.

Speaker 3: 27:01

You don't want to have an identity theft attack because if you do, it takes, you know, let's say probably on the average of you know, one full day, an attacker who wants to steal your identity. I mean they can open a car loan, they can open credit cards, they can, you know, forward your mail. I mean the faster they can move through any type of identity fabric for you, once they've got your information, is catastrophic. Well, what's the return on that? It takes you three, four, five, six years to clean that up. I mean you're dealing with credit unions. You're dealing with, you know, credit companies and you're dealing with, you know, the Equifax.

Speaker 3: 27:34

You know credit report monitoring people. You know all the credit reports. I mean you're going through it, you're going, oh my God, and then you've got to go down to the post office and be like, hey, my mail shouldn't be forwarded. I mean, the sheer like catastrophic footprint of that is going to be crazy. And so for me, that's what I do. I look at DAT and I go, okay, what can I actually solve for? What can I actually fix? And it's really around the phishing domains how fast can I take them down? It's really around making sure I have the right identity fabric in place to do the blocking and the protecting, and then it's making sure I have the right detections in place and then making sure we actually can respond to it.

Speaker 1: 28:04

I mean Is identity theft one of the biggest, broad, I guess, terms you could use of, like some of the biggest issues that we're seeing currently.

Speaker 3: 28:13

Yeah, I think. I mean I would say it's a little bit of both. I think it's definitely around identity attacks more than anything. So I mean, people want to get your information, they want to take your MC number. They also want to be a really good person with their new MC number. The next you know, six months later, they're a bad actor. It's like they were a bad actor to begin with. It's just they're going to be like oh look, I'm really positive, I'm going to be a good person on your load board, when all they're doing is they're no different than a cyber bad actor. They're sitting dormant, they're waiting to attack. Yeah, they're sleeping, Exactly.

Speaker 1: 28:41

Totally. Is there a quick little side story? And so this is a real thing and, like from personal experience, we have a guy that's joining my brokerage who ran his own brokerage for like a year and a half and was doing great. And we talked to him and he's like yeah, he's like I had my identity stolen and I forget that he had like a sophisticated term of exactly what the attack was and what they did. But they ended up they stole his identity and destroyed his reputation. Um and uh, now he's like I I'm not even gonna associate my, my llc name anymore. I just need a fresh start. He's got to start from scratch now because, you know, somebody stole it and, basically in a matter of days, just yeah, he could never rebuild what he, what he had, back to where it was.

Speaker 1: 30:49

So I'm I'm wondering, like with the DAT side of things, when it comes to like identity, what, what are the, what are the things that DAT is doing to like protect its customers? As far as you know, I've seen, I've seen the phishing scams of like every platform, right, you see a really crappy put together email that someone's probably going to fall for, but it's like, hey, we need, we need you to click this button and log in to verify this and it's like that's not real, but somebody might click on it. So I'm curious what are some of the things that DAT is doing? I know we talked with some other folks in your organization last year on this topic, but it's obviously been a big issue lately with phishing scams and do you guys track, like the activity that people are doing and they, hey, we're going to flag this activity looks weird or I guess just all around. What are some of those things that inside the DAT environment that you guys are doing to protect the user?

Speaker 3: 31:42

Yeah, a lot of it is is we're doing tons of education, tons of awareness and training. So one of the things I always like to tell people is you know, it's all in how you eat, and that's the phrase. It's education, awareness and training. So it's how you eat that truck. Again, it's how do you help the user. We have SSO single sign on SAML integrations, I mean, which is really great. That protects your account. It's making sure we sophisticated passwords, the threat intelligence platform that's new. That's something that I brought to the table, and then other things. Naturally, of course, from a cyber landscape perspective, we can't get too deep into like actually sharing the secret sauce, of course, naturally, but it's really around protecting the customers. The big push I'm going after now is how do we proactively reach out to our customers and say, hey, we're seeing these bad IPs or we see these countries that are actually creating bigger challenges, and so it's putting that information together now to hopefully run and roll out this campaign here pretty soon of like, here's how we can proactively reach to the brokers, the shippers, the carriers and say, hey, here's the data we're seeing and here's the intelligence we're seeing, and get out there and do it, and that's probably the biggest push I can say, even in the six months of being here, that I found from talking just the handful of customers so far is they're craving that intel. They're craving to understand and wanting to know hey, what can I do on my end? Is there blocks, is there things? I mean I can't stop a double brokering thing from happening all the time, but I can make sure we can definitely have the detections to say, hey, we see California as a hotspot, like we're getting tons of things that we see from there, and so it's putting that information into a digestible, you know threat intelligence platform to then turn around and push that out to our customers and say here's what you need to be doing also on your end. That's actually what's gonna help us stop fraud.

Speaker 3: 33:18

The second piece is really and this is a big thing I push on with people is you've got to report it. It's a pain, it's a pain in the ass. Like Nate, you full heartedly believe you're not going to go report $10 every single time, but it's the reporting actually matters. That's where you can actually get cybercrime. You know evangelists that get in and get involved and they get more ingrained. And I have a very strong partnership with Department of Homeland Security and we're looking at different ways to do more of like a thing I'm pushing out called Zero Trust Transportation, which is how do we protect our trucking industry better?

Speaker 3: 33:45

It's not just about fraud, it's the communication, it's the intelligence, it's the platform. I mean that's what's going to make a difference. It's helping people understand what their attack surface monitoring is and it's. I know it's probably crazy for people, but like that's the service I offer and that's kind of what I tell people. I am your cyber as a service person. I want you to call me and say come teach me, come help me understand, and like that's the thing. And some brokers are now starting to catch on and they're like hey, are you willing to come to my office location and sit down for a full day and do a full cyber training? Absolutely, that's how we're going to be better as an industry. You have to get out there and eat that truck one bite at a time.

Speaker 2: 34:19

So, first thing, I wanted to ask too, because I was thinking about that as you were talking about that platform and this information that you have, because Nate and I have tried to actively gather as much to put this out there for the exact point you made, right, like you need fundamental education and awareness before you're really going to do anything with a market that large right. So getting the information out, I think, is absolutely vital. And the side note to that point is we've worked on two courses with DAT and to me that sounds like a great third course that should be offered and just basically provided to the industry of like fundamentally, what are your steps? Like you said, for your, you know, your internet hygiene, I think, is that cyber hygiene and just understanding where you're at risk and why, right, because to me I think like that's got to kind of be the foundation. And then the other piece like we've shared lists of like they used to call it like the Glendale list, because that was the famous hotspot for double brokers and we would send Excel sheets around Like here's the bad MC numbers, right, but you know, and that was as effective as it ever could be at that scale. And it's just like when you said, like being able to provide more of this to me, I think this is also the biggest gap in our industry, which was also why we started this to begin with is like lots of companies just didn't know best practices to do standard things, let alone best practices to prevent people trying to rip them off Right.

Speaker 2: 35:42

And that is just this big hole, I think, across the entire industry, and it's on both sides right. Carriers have just as hard a time vetting brokers that are perpetuating the fraud with them or impersonating them, and it's not just a one-way street where you can look at one specific area, it's across the board and I think the more this happens, the more the whole industry benefits in efficiency. Obviously, reduced loss, so you're going to have lower costs across the board but also like, more importantly, no market functions and the history of humanity without trust. If you don't trust how you're doing business, you will do less of it. There's more friction and it creates issues, right and anything, and I think the more prevalent this is, the more people are trying to either avoid it or get around it, but they don't have that basic understanding, like you pointed out, of like.

Speaker 2: 36:33

These are the fundamental things you should be doing day to day. These are some of the other areas to be aware of and these are some best practices, because nobody is right Like outside of this. Like Maersk I think it was like five or six years ago had that huge attack, attack I think it was like nine figures. That was like reported offline as to what. Maybe they paid to get access, but they were my customers so I remember talking to them. They literally went to best buy and bought a bunch of laptops, scrapped every computer in the entire company and started working off paper right, it's the largest shipper in the world working off reams of paper.

Speaker 3: 37:09

Yeah, it was probably one of the most massive supply chain attacks. I mean, I studied it for years. Like I looked at it and I was like, wow, the attack vectors, that the way they were to come in, but like it's how you recover. And I think one of the pieces that I love about what you're totally saying there, ben, is like, if you look at it and this is the piece I challenge people on I am a huge technologist. I am a technologist at heart. I love it. I think my wife probably would kill me every day because I'm on my phone or on my laptop all the time. But if the flip side of that is what is everybody doing? We're trying to take new technology and AI and ML and be like look at how we're going to go solve all these things. Folks, where's the basics? The basics matter. Your cyber hygiene cares. It's cool, and this is what I like to tell people. It's cool. We talk about go use MFA. Multi-factor is amazing, but if you don't know what it does, how is it amazing?

Speaker 2: 37:59

If you sit there and go, well, why do I need it? It's a hassle. Then it's friction and it irritates you, doesn't give you the understanding that it's actually a safety thing.

Speaker 3: 38:05

Yeah. And so it's going to explain to people hey, when you enable MFA or you want to roll it out, you need to make sure you have a timeout and you need to make sure you have a lockout. Like, hey, if you set it for 30 days, what's the point of even having MFA? I could breach it for 29 more days before you reset it. That's dumb.

Speaker 3: 38:22

But it's like those cyber hygiene things people need to really understand and cyber hygiene things people need to really understand. And I challenge people on that because it's like look, I would love to use state-of-the-art technology, but most of these companies, or most of these you know firms that have been around let's be real, you guys didn't have technology. You had a radio, you had a clipboard and you made a phone call to tell have somebody tell you where to pick up your next load. Now you want to put a smartphone in your hand and say here's some automation and here's some level of sophistication, but, by the way, it's going to create tech debt for you. But go do these things and you're like I want to pick up my trailer.

Speaker 3: 38:52

I want to know where it's going, I want to know what my rate per mile is and I want to be at dinner with my wife or my significant other by the end of the day. We don't do that. We put a bunch of bells and whistles in between, going to make this better and faster, and it's like again fundamentals, yeah.

Speaker 1: 39:08

Go for it. So this is something that we experienced in my company last week. Um, so we're using a. There's a tool that we're using to verify identity. Um at the pickup. So quick scope. Ben you and I have talked about it, we've had them on the show. It's a tool that allows folks to request a geotagged photo within a two-mile radius of the pickup and it's going to character, recognize the side of the truck, make sure the MCDOT matches location's. All good, that way we know. All right, we verified the carrier beforehand, but now we're verifying the correct truck shows up at the pickup before the pickup number is released.

Speaker 1: 39:49

Well, we have a driver that gets the link texted out and he's 70 years old, he's got a flip phone and his wife set up a spam filter. And now he's like I can't, I don't, I don't, I don't have the text. And we're like all right, well, go to your spam filter and authorize this. And he's like I don't know how to do that. So the whole thing that's like this technology is great, but we don't know how to use it or what it's doing. It does become a huge barrier. And then if you're like, okay, fine, we'll, we'll pull back the barrier a little bit. Well, now you're creating that vulnerability again so.

Speaker 1: 40:26

I'm actually curious. The average driver age is probably older than the average broker age. I'm just guessing that. And even if it's not, you're still going to have a large chunk of the driver population. That is a lot of this technology is very new to them and that's not how they were used to starting off in their career 30, 40 years ago. So have you guys had any? Has that been like any of the discussion points like hey, we got to make this user friendly but effective at the same time, or what does that look like from DAT's perspective?

Speaker 3: 41:00

Yeah, we definitely I would say collectively as a company talk about that, like we are very customer obsessed and figure out you know how do we think about things differently from a customer perspective and where can we actually, you know, be better about it and communicate and actually teach them the protections that need to actually happen from a. Hey, if I use this thing and so it's like a good example is you talk to me about geo tagging and I sit there and I think there's geo spoofing attacks that happen. There's, you know, deep fake attacks that happen. There's metadata of a picture, like there's three different ways. I'm already thinking of how an attacker can take that information from you where you're trying to do the level of protection with sophisticated technology. I'm thinking of there's nine more ways I can get into it and cause harm to you from a business perspective.

Speaker 3: 41:38

So the big thing I push around when I think about with my team is we talk about the customer, how do we think about it?

Speaker 3: 41:43

We put, you know, the good old days of like there's a chair in the room and it's like okay, if we want to roll this out to a customer, what's the impact to that person?

Speaker 3: 41:50

Again, who's just trying to pick up a load and get it from point A to point B, and so we're talking about the technology and the tools that we want to use from a cyber perspective can be really powerful and helpful, but we also don't want to make it burdensome.

Speaker 3: 42:02

And I think that's the piece that we really have got to focus on is we've got to think about the customer also in the same breath. Why we're thinking about, why I'm the bad actor, what can I do with this information? And then, one step further if I get this information now, what can I sell for it? There's a whole dark web thing you have to think about, and what I can get for an MC, numbers that are being bought, you know, for $10. I mean things like that that are actually happening. You have to pay attention to all that, and so you have to think about that from that customer lens, which is again what do I do with all this intelligence I have and how do I start sharing and populating with the best things to then actually go protect the customer?

Speaker 1: 42:35

It's so sad to me. I wish the world was all rainbows and butterflies and there wasn't bad actors out there, but the reality is we've seen this wave of fraud in the last couple of years. Do you think it's going to get any better? Or does the defense proactively just get better? Or do the scammers get less incentivized when it gets harder? What do you think the future holds? No one's got to quit the ball, but what would you say?

Speaker 3: 43:02

Yeah, I mean defense in depth is really going to matter for you. The more defensive layers you have, the better. As much as I think it's hard for people to really understand and digest, every broker, I hope at some point starts looking at getting a cyber person in their shop. I know a lot of people. They can't afford the technology. But if you're going to actually play in this space and actually go solve fraud, you're going to need to invest in a cyber person at least one, whether it's an analyst, an engineer or you know. Like DAT is great, they hired somebody like me, you know, who's got years of experience. But it's like you have to start thinking about that. The supply chain attack surface it's going to get worse. It's going to get worse before it gets better. That's just proven statistics. I mean data breaches. I mean I love it. Everyone's like, oh, I'm not going to be breached and it's like, really, it's not a matter of if, it's a matter of when everybody's going to be hit at some point.

Speaker 1: 43:48

I mean it just continues to go yeah, when and how bad right.

Speaker 3: 43:50

Yeah, and that's really what it is, and I mean I hate to say it like the trucking industry, we are going to see fraud hit a whole new level. That is actually going to cause more people to truly get involved and actually probably really come together as a community or as an industry and actually go solve it, which is kind of my whole thing around zero trust transportation. At the end of the day, we all have to come together. It's not. We're not going to solve fraud if we all keep trying to do it in pockets. We have to come together as an industry and say we are going to combat these people.

Speaker 2: 44:16

So I have a question about that too, because I've thought about that a lot recently too. Right Of wanting to have somebody, just like you said, some cybersecurity person, to be able to overlook everything, look for vulnerabilities, talk about best practices and just do that. I don't know what, what. The two questions I have for you is where would somebody because a lot of our listeners, smaller businesses, right, handful of people, maybe a few dozen people, right Everything, yeah, maybe one person in all the way up to the larger companies that we know are, I mean, five, 10,000 people, right. So, like for a small business, right, where can they go? Can they go to like Upwork and just put in cybersecurity person? And then, how do you know that person is like, how do you find that?

Speaker 1: 44:58

And then, how do you pay?

Speaker 3: 45:11

Like what would, even from a high level? Where can somebody start to look for this person and what would they be looking for and what would they be paying? Yeah, I mean a lot of. It is honestly like you can go out to a small business association and type in cyber and like it's going to give you a list of contractors. It's going to give you a list of resources.

Speaker 3: 45:19

I am a huge proponent and this is what I genuinely tell people. Again, I love what I do. I think you guys could probably figure it out very fast Like wow, she actually like loves her job. And I and I tell people like I love what I do and I would do what I do for free because that's how we're actually going to get better as an industry. And so I tell people connect with me on LinkedIn, like I'm happy to connect people to other contractors or share those free resources. I mean that's that's how you're actually going to get better. And so that's the big thing I do is I point people small business association. I mean they're going to have different cyber resources out there. There's tons of free trainings that I know and I'm aware of, so I'm always willing to share that information you can go out on LinkedIn and create a LinkedIn account and people talk about cyber and free trainings all the time. I mean there's tons of different way.

Speaker 3: 46:05

Again, it just goes back to starting with the basics. And what do you actually want to solve for it's a service that I even offer, like I go out there and I spend tons of times with businesses and actually want to help them be better. And you know, I mean it's just, it's just what you do, it's just being a good cyber steward, I think, more than anything at the end of the day, and that's's what I'd say connect with me, like I'm happy to connect people with others. Or you know, if you are thinking about hiring somebody into your cyber organization, or even a contractor, like I mean that's, I've been in this business for, you know, 27 years now.

Speaker 3: 46:35

Just in the broader security umbrella, it's like heavily connected. I can connect to pretty much somebody, probably with somebody at some point who can help them come do it. And then, if you want to hire a contractor and you're a small business, I mean think about what you actually want to solve for. Do like an informational call is what I tell people and say what is your worries, your worry, phishing attacks. Okay cool, you could actually go buy a software and actually do it for 50 bucks. Don't go out and spend $500. Or if you want to hire a contractor to train your people, or hire a person to come train your people, I mean, then go do it. You're probably gonna spend 250 bucks maybe, but that 250 bucks could be pretty valuable to one attack For sure.

Speaker 3: 47:09

So I mean, and that's the thing, and that's the thing I'm doing, even with DAT and with our sales group is I spend a ton of time talking with them about cyber as a service. And our sales guys are. They're excited they're actually bringing me out into the field now and they're having me meet with different customers and brokers. I was like, look, I'm happy to come do training with you all. I have an entire team. Like we're willing to come teach you how to be better and like you should, you should be pushing DAT for us, wanting to do that, and that's that's how we're going to change our attack landscape and that's how we're going to have solid cyber hygiene. And then, when you want to get into levels of sophistication, I mean it. But like you don't want to trust anybody hitting your network, you want them to continually authenticate that Like it's Nate every time coming to DAT I know it's Nate.

Speaker 3: 47:53

Everything he does inside my DAT network it's Nate the entire time. I want him to continually authenticate. So I know wherever Nate goes, it's actually Nate, it's not. Nate got in and actually, you know, I don't care what Nate's doing. Seven days down the road Nate's taking all my you know crown jewels with him out the door because I never vetted him. So doing zero trust is really where it's about.

Speaker 1: 48:12

So you made a comment, or Ben, you had another question. Go ahead, and then I'll ask mine.

Speaker 2: 48:16

The one. It was just kind of a follow-up to that right, like how much in the path from where we are to where you ultimately feel like the industry needs to go right, which is clearly we'll call it, I don't know a handful year timeline, I don't know 10 years, five years, just a longer time scope, right, how much do you think? Because I know you mentioned earlier that we need to come together as an industry as a whole and the thing that Nate was talking about earlier is we really do need the FMCSA to be doing things like DAT is to protect the database, because to me, like I came from banking, like you got to know your customer regulations, we verify this with literal documentation. You can't open a bank account or just conversation to stealing identities the side for a moment, right. Like we regulate that you can't go to a bank, you can't take money. That is regulated for this very purpose, right.

Speaker 2: 49:05

But yet we don't really have this secure database or it's much more secure than it was last year. The FMCSA, and it is absolutely making progress towards there. Nate's been updating us on like what they were doing last year and what they'll be talking about this year. So clearly more resources, but how much do you think needs to be done on the federal side to verify and protect the motor carrier numbers, which are the identities of the businesses, for us to get to this place? We want to go.

Speaker 3: 49:33

Yeah, I think I mean it kind of goes back to your crystal ball statement. I mean that's probably a space I would love to see the FMCSA get involved with is actually stand up a cyber arm, like they're missing. That, I think, truly from how the federal wants to change the industry. I mean it's your critical infrastructure. At the end of the day, it's your trucking business, like from point A to point B, north America. I mean, why would you not have a cyber arm? The level of sophisticated like cyber attacks that are happening? That's what needs to happen, I mean I hope. With what was it?

Speaker 3: 49:59

I think I read yesterday Booty Edge appointed somebody finally now to take over the FMCSA and it's like that's great, but like, like that's where it's going to come down to. It's cool. We want to go clean the database and we want to go build new things. Again. You're going back to do this stuff, but where's the cyber hygiene that we're all missing and craving and pushing for? How do we vet that you don't have a PO box or a fake Google number? I mean, what are you doing to fix that? That's what's actually missing, at least from my perspective, from an industry perspective. I mean that's what actually the FMCSA needs. They need to go hire their cyber chief security officer and be like I'm going to work hand in hand and stand up again. Stand up the zero trust transportation group. That's how you're gonna actually change the industry and actually solve the FOD problem.

Speaker 1: 50:45

Yeah, ben, I'm glad you asked your question first and it kind of segued into mine. So, and it's a great point the FMC in mind, so it's a great point the fmcsa is, they're like the door that opens up, that lets people into this environment right, they're the, they're the licensing.

Speaker 2: 50:58

It's a two-way door. It's not a one-way door.

Speaker 1: 51:00

Right, there's like oh right and, like some of the things that we had discussed with um, some of the folks on capitol hill, just as like ideas, was like okay, well, if somebody is, if there's, you know, if you have a, I guess, beyond a reasonable doubt whatever the term would be that somebody is a bad actor on the inside. Yep, why is there not a way for, like the fmcsa, to be like pause you, your authority is like is being put on hold while we internally investigate? I think the answer was like they don't have the resources in place to do anything about it, so the only option would be kick them out. And then it's like well, are you then potentially discriminated against a non bad actor? And then it just looks bad. But yeah, I mean, the barrier to entry to get into our, into our industry is so low Three hundred bucks an application online and you wait a couple of weeks and boom, you're after it and you can apply for four hundred MC numbers, and they're at PO boxes or at a warehouse or whatever.

Speaker 1: 52:04

So, but anyway, to segue from that into my question was you know that you made a comment earlier about we can't all be doing this independently. We have to work together as a whole to fight this. You're going to get that synergy type of outcome then. So FMCSA is obviously one, but are you guys working with and we never really mentioned their name on the show but like Truckstop right or like Highway we love Highway, we've had them on the show. They're not obviously a load board competitor of DAT.

Speaker 1: 52:34

A lot of people use both right One for carrier identity and capacity on the other platform. But are you guys doing anything in conjunction with the truck stops of the world or the highways of the world, so these carrier vetting companies, other load boards or the regulatory side of it with the FMCSA? Is there any collaboration or discussion? Because it's probably kind of weird when you're like, well, we kind of fight for customers if you're a direct competitor, but we kind of want to solve this all together because people might want to use both of our products. So how do you handle that part of it?

Speaker 3: 53:08

Yeah, I'm not doing anything specifically with them, but I think that's also just full transparency. I think I'm still learning DAT in our business model, so I think it's more of like I would love to see us come together. I don't think we should look at it as a hey, we're all competing in the same competitive landscape. I think it needs to be kind of again what I keep pushing, that zero trust transportation is coming together as an industry to drive that synergy to how we can all tackle fraud, and I think you kind of I mean we do it from a cyber perspective with private public partnerships you kind of all just agree to sign this. You know like non-existent NDA of like look, we're just going to share best practices and share how we can tackle the fraud. I think that's what's going to have to be done. I know TIA does a ton of work around. You know how they're trying to combat fraud, but we're all still doing fraud again in like these individual pockets, and so I I would probably say more of the challenges is when are we all going to come together? Like, I am a huge evangelist for bringing us together as a community, as an industry. You're going to TIA in the fall, I am going to TIA.

Speaker 3: 54:04

In the fall, I went to TIA in February for my first time, down at Arizona or no April, and really got got to meet people and kind of really started understanding the fraud landscape and kind of how we all talk about it. And I think that's the big push now is, well, what are we all seeing? Who's got the threat intelligence to actually change it? I mean, are other companies looking at threat intelligence platforms? I mean, most companies I talk to they don't have a cyber leader. So it's kind of like, how are they tackling fraud? And we get out there as a group and we talk about you know way we can solve for it with a solution which is cool.

Speaker 3: 54:35

But again, what is your cyber hygiene? How do I go to Nate's point? How do I teach the small broker who's got like maybe 10 people? Or how do I teach you know the small business who's got him or her that are actually driving? It's like we've got to figure out a way to still teach them the basics and the fundamentals with you know what is multi-factor authentication or what is I don't click on this link or what's a phishing domain, like those things which still actually are targeting people. That's the stuff that's taking people down. It's not, oh dear God. You know so-and-so trucking has now been hit with a cyber attack. But you watch, you will see that at some point I guarantee it you will see a brokerage company be hit by a cyber attack.

Speaker 1: 55:11

You're going to enjoy the TIA.

Speaker 1: 55:13

Yeah, you're going to enjoy the TIA conference in September. It's obviously your first policy forum, but it's it is. It's a great way and that's a. That's a prime example of how TIA does a good job of saying hey, we're going to bring a bunch of our competitors into one building, meaning like a bunch of freight brokers, but you'll have vendors like your DATs, your highways and insurance providers. Those folks are all there too, but we'll bring a bunch of competing freight brokers who come together to try and present solutions and voice the challenges that we're having as constituents to our lawmakers and we share it amongst each other. There's a lot of networking between different brokerages on best practices and nobody goes home from that event and is like they're going to steal my business and my customer is like, no, I learned 10 times more from being around 100 different people that do the same job as me every single day than I would have if I just did it on my own. So I think you're going to really enjoy that and I I'll get to say hello in person.

Speaker 1: 56:10

I'll be excited, that is a great event and this is like. This is like a hot topic, and I'm yeah, I think that's going to be huge.

Speaker 3: 56:18

And that I'm actually excited for, and that's probably the one thing I started to see. Even with some of the industry conferences that are going on. I love that there's always a conversation around fraud, and so now I actually, as a change agent, I'm pushing that with like well, where's the cyber track? Where's the track about cybersecurity and what you should be doing from a best practices perspective? Your fraud output is a lack of your cyber posture. Like that's some of the challenges you have. What are you doing from a cyber perspective? And so it's interesting because that's the conversation that continues to happen, but that's a different door. It's. I have all these fraud problems. Great, well, what are you doing to have cyber detections or protections in place? And it's like wait, what it's like? Yeah, like if you want to get hit, it's easy to hit you, but what are you actually doing to make sure you have a good cyber posture to begin with?

Speaker 3: 57:00

For example, I remember talking to a customer and they got on and there was this whole conversation around. You know due diligence and you know making sure that the accounts are being protected, and the first question I asked the person after they got done, you know kind of kind of going for you know good five minutes and I, you know I'm very customer focused, I want to hear their pain points. And so they went through the whole spiel and they got to the end. I said, okay, so what are you doing with your account? And the question was like, well, what do you mean? And I go, well, how much, how many times do you's like? But that's how I have to do my business. No, it's, you're being cheap. Pay for 14 accounts.

Speaker 2: 57:37

And it reminded me too and you were saying this earlier just in this episode about, like trying to fix things after the fact without any of the responsibility before, like I'm like in my head I just have this analogy of teaching my daughter to ride a bike but not teaching her how to like avoid cars or wind across the street or anything that she needs to be responsible Like she's got a helmet and elbow pads.

Speaker 2: 57:59

Have at it. It's like, well, yeah, like there's some responsibility in, like what she should learn how to do to avoid the problems in the first place. The helmet is there and the inevitable that an accident happens. It's like if you're just being creating scenarios where you're vulnerable all day long cause you're handing out passwords. It's like literally emailing your driver's license to a bunch of new employees that you didn't run background checks and that work in another country, and like that can and can be okay, but, exactly, I'm going to sit there and go okay, well, here's all the things you've done wrong.

Speaker 3: 58:28

First, go fix those things first, which is on your end, then I can come in and help you. And I think that's that's the push that I keep pushing for is, where's the cyber tracks? Go to to your point teach the people how to secure themselves, first and foremost. Then you can go in and say okay, now here's where we can get new levels of sophistication. I mean, that's that's the piece that I'm hoping changed and that's the piece that you know, nash, I think it's National Motor Freight.

Speaker 2: 58:54

NMFTA, I think National Motor Freight Transportation Association.

Speaker 3: 58:58

They reached out to me just recently and they were like hey, we're going to do a cybersecurity conference in October. Cool, it's Cybersecurity Awareness Month. Would you come talk? Absolutely, let's talk about third party risk, let's talk about how we can do cyber basics and things like that. That's what we should be doing. Where's the cyber conference? So again, that's kind of the pushback to you know some of these folks, we want to come together and solve prod. Then where's the cyber conference for the industry? I guarantee you every person would go to it.

Speaker 2: 59:23

For sure, and like because they're seeing it and they're experiencing it's costing them money, there's a pain there, right, and if you got it and you're going to do it and people recognize it, they'll go. The two questions I have is like what would you suggest you know as like an overall way to drive more awareness, because we know it's the government and the government does things when they feel pain, right? Like, have all the trucking companies and all the brokers call their local congressmen to advocate to the FMCSA to do this? Like, what do you think would need to happen? And the follow up is like enforcement, like they don't enforce any of the fines or regulations. Do you think either of those things?

Speaker 3: 1:00:02

could help in this scenario. Yeah, I think the big thing again it's it's that cyber arm is missing from a federal level. If you're going to really go solve critical infrastructure for the trucking industry, I mean there's billions of dollars, trillions of dollars in theory that run through our entire like supply chain transportation. Until something actually gets done there, and I think the painful part is and I think it's just based on statistics until there's actually an attack that hits that actual trucking industry or take somebody down, I don't know that someone's going to want to go fix it. Truly, I mean we do a lot of great talking and we're talking to our congressperson, you know, and we're saying, hey, we want to do it. But it kind of comes back to what are we doing to come together as an industry? Who's going to actually say there needs to be some money put in place? I mean I'm a person like I have my doctorate, go write for grant money. People will give you money. Then go do it. I mean I'm at the point where it's like I'm starting to look at how can I change industry.

Speaker 3: 1:00:49

I am an industry change agent for a reason. Dat was when they hired me. I was very clear, even very clear even through my interview process I am a change agent. If you do not want to make change, do not waste my time. Like you don't want to hire me, then and it's like I've been here, you know, six months. I've tripled my team. I brought in really sophisticated levels of tools. We're doing the things. It's still not fast enough, even for me, but I also know it's really important to land the message right, to tell the story correctly to our customers, to help educate them, and so I am being very intentional now to go out and start getting in the field and spending time with our customers.

Speaker 3: 1:01:20

But the piece that's still missing for me is where can I bring that all together? And I think that's where I started going. I want a zero trust transportation group and I hope at some level. I would love I would say that's almost the challenge I would love a federal person to reach out to me and say okay, how do we go? Do zero trust transportation? And then let's get the. Let's get the community to come together, the industry leaders to come together and say here's the things we're seeing from a cyber attack landscape. Again, remember your fraud output is a lack of your cyber posture. I mean that's, that's the thing you've got to go fix. You've got to fix your cyber.

Speaker 1: 1:01:49

So to put a bow on the conversation. What are some actionable takeaway, like bite size tips that you would give to the freight broker that's out there, that's listening, or maybe it's a small trucking company that's thinking about expanding into brokerage or whatnot. So what are some actionable things? We talked about not sharing your password. What are some other easy takeaways here?

Speaker 3: 1:02:15

Yeah, the big thing is definitely enable multi-factor authentication, but there's an app. Download the app to actually do it. There's a Google Authenticator app, there's a Microsoft one. I mean, everybody's got some type of authentication app. Do it that way. That's going to generate a code to you. Well, getting that code is actually going to be more secure for you.

Speaker 3: 1:02:31

Making sure that you actually educate your users on really don't click on a link. I can guarantee and I would I always tell people this, I'd take my entire career. I'm never going to ask you for your password and email. If you get an email that is asking for that or wanting you to put in your credentials, that is your phishing scam. They are looking to phish your credentials. You have to, and I know it's hard, which is again, it's 2024. People are still clicking on links. You've got to slow down for that 30 seconds and go wait. Why are they asking me for my password? Or, you know, did I actually ask for my password to be reset? If you didn't, then that's the fish. That's the attack that's actually trying to come at you.

Speaker 3: 1:03:06

The other thing is is pay attention. I mean, there's bad actors out there. They're going to send you a text. They're going to try to be like, hey, your banking information has been changed or hey, this route's been changed, I can give you a cheaper load. Is it really ever a cheaper load? Like that should be a red flag. Those are the big things to really kind of pay attention to. Is what are those red flags that we should actually look at the next piece again. I cannot say it enough Report it, report it, report it. I know it's painful, I know it's hard, I know the paperwork process. I I get the insurance side of it. But if you don't report it, we're never going to fix it. We're never. There's there's eight different types of fraudsters out there. There's people who get paid to be fraudsters for a reason. That's how they make their living. If you don't report it, we can't stop those fraudsters.

Speaker 3: 1:03:46

See something, say something, right See something, say something, and then, yeah, I mean I would again, I'd offer myself up anytime, anytime. Anybody needs help. Comments, questions, concerns. Reach out to me Like I am here to help us.

Speaker 1: 1:03:58

Awesome, ben. You have anything else you want to ask before we uh?

Speaker 2: 1:04:02

That was great. I mean, we could literally have this conversation the rest of the morning. There's tons of other things I want to ask, but yeah, I mean I think we got a really good synopsis.

Speaker 1: 1:04:10

We'll do a part two later this year.

Speaker 3: 1:04:11

Yeah let's do a part two for sure. It'd be fun to have a series.

Speaker 1: 1:04:15

Awesome, well cool. Erica, it's great to have you on here. I will make sure that in our show notes I sent you a LinkedIn request so I think I got the right Erica Voss, phd in the greater Seattle area. So we'll put your LinkedIn in the show notes, in the description on YouTube, so people can connect with you and they know how to reach out and all that good stuff. But anything you want to close out with or anything you want to final thoughts or words here.

Speaker 3: 1:04:44

Yeah, I think the biggest thing is is again like reach out, share the information, reach out, see something, say something. You got to report it. I mean we're going to get better as an industry if we just communicate, start talking.

Speaker 1: 1:04:55

Awesome Ben. Final thoughts.

Speaker 2: 1:04:57

Yeah, I just wanted to tie that into what we talk about all the time. Right, if you've got an issue, whatever that is, before you look at everyone else to help you solve it, first look at the things you can do and also do the second right, like, because, as Erica pointed out, like it all starts with our behavior. What we're doing, whether it's in sales, how many times you pick up the phone, or whether it's creating opportunities for fraud or criminals to be able to attack you. Right, learn the basics, spend some time, spend an hour or two instead of scrolling through TikTok, watch a couple of these things. Reach out to her on LinkedIn and look for some reputable trainings that you can take your company through, because pretty low cost, really high reward. To me, this is a huge issue that everyone needs to be paying attention to. Yeah, and whether you believe you can or believe you can't, you're right, and until next time, go Bills.

Freight 360

Cybersecurity Insights for the Freight Industry (with Erika Voss of DAT) | Episode 250

Listen to this podcast on