AASHTO Journal - Report: Transportation Industry is now a ‘Priority Target’ for Cybercriminals

A new report issued by IBM Security on May 21 indicates that the travel industry and its customers are “increasingly the targets of cyberattacks” as criminals seek to monetize highly valuable travel data, while the transportation industry as a whole is now a “priority target” for cybercriminals as it now ranks as the second-most attacked industry—up from tenth in 2017— attracting 13 percent of observed cyberattacks.

[Above illustration by U.S. Air Force Staff Sergeant Alexandre Montes.]

Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches, IBM Security noted in its 2019 IBM X-Force Threat Intelligence Index.

“Traveling has always been when people are more vulnerable. A few hundred years ago, the perpetrators were pirates or highwaymen. Now those criminals are still out there, but they’ve changed their methods to focus on digital attacks instead,” noted Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security, in a statement.

“People carry a goldmine of data when traveling including passports, payment information and detailed travel itineraries,” he said. “When placed in the hands of a cybercriminal, all of this information can be patched together into a complete picture of the traveler’s life to inform identity theft, initiate spear phishing attacks, or be sold on the dark web.”

Morning Consult conducted an online survey of 2,201 American adults on behalf of IBM Security to understand exactly how much risk travelers expose themselves to while away from home and found most Americans engage in high-risk behaviors while traveling.

More than 70 percent of Americans polled by the firm said they’ve connected to public Wi-Fi networks, charged a device using a public USB station, or enabled auto-connect on their devices which puts their information at risk.

Business travelers are even more likely to engage in risky behaviors, the survey found. Roughly 45 percent of business travelers carry a device with valuable or sensitive information on it, yet business travelers admitted much more frequently to risky behaviors such as:

Connecting to public Wi-Fi: roughly 42 percent of business travelers do this “every time” or “very often” versus 34 percent of personal travelers.
Charging a device using a public USB station: about 40 percent of business travelers do this “every time” or “very often” versus 28 percent of personal travelers.
Enabling auto-connect on their devices: about 39 percent of business travelers do this “every time” or “very often” versus 30 percent of personal travelers.

However, the poll also found that travelers are “acutely aware of the risks to their financial information” due to cyberattacks, with more than half of them saying that they are “extremely” or “very concerned” that their credit card (53 percent) or other sensitive digital information (52 percent) will get stolen when traveling.

That number drops significantly when they aren’t traveling, according to the report, as only 40 percent are similarly concerned that financial information will be stolen at home and 41 percent that their digital information will be stolen at home.