Cybersecurity in the freight industry: Why the basics still matter in the age of AI

Cybersecurity in the freight industry: Why the basics still matter in the age of AI

Cybersecurity in the freight industry: Why the basics still matter in the age of AI

https://www.thetrucker.com/trucking-news/perspective/security-pit-stop/cybersecurity-in-the-freight-industry-why-the-basics-still-matter-in-the-age-of-ai

Publish Date: 2026-07-07 14:58:00

Source Domain: www.thetrucker.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

On June 22, 2026, the Five Eyes cybersecurity agencies (United States, United Kingdom, Canada, Australia and New Zealand) released a joint statement on artificial intelligence’s (AI) impact on cybersecurity.

In this release they stated that “while AI will help us improve cyber defense over time, it also accelerates the speed, scale, and sophistication of cyber threats.” They continued, “Success will come from getting the basics right, acting quickly and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage.”
I’d like to unpack these two statements.
We have all seen AI-everything all over the place in our professional and personal lives. It seems we can’t turn on a device or read a tech news story without some AI angle coming into play.

While this incredible technology is changing the way we work, for good or for ill, it is also changing how the bad actors work — and this is not a good thing. They are churning out exploits with increasing speed and scaling up their attack capabilities with unprecedented reach in a reduced timeframe.
This all sounds intimidating, like something that would require extremely sophisticated defenses and futuristic AI-enabled security teams to counter.

But the message is clear in the Five Eyes release: Getting the basics right has never been more important.
What are the “basics”?
What do they mean by “the basics,” and why do they help in this new AI-enabled threat environment?
Here’s why: While AI-enhanced cyberattacks can sound much more intimidating than traditional cyberattacks, they rely on the same weaknesses:

Poor credential hygiene;
Lack of resistance to social engineering;
Poor patching compliance; and
Our propensity to leave things connected to the internet that we do not need connected to the internet — such as Operational Technology (OT), Internet of Things (IoT) devices and legacy systems, to name just a few.

The security measures we can put around these types of vulnerabilities are not going to break the budget, and they are often not technically complex.

Educating our teams on the risks of social engineering and how to spot an attempted attack is key to defending against a spoofed email from a broker, whether it is AI-generated, AI-enhanced, or traditional (AKA: human-written).
The use of multi-factor authentication (MFA) on all accounts effectively helps to guard against credential theft or misuse. Well defined vulnerability and patch management, with tight time requirements between patch release and patch deployment, helps to guard against new vulnerabilities as they are discovered.
And arguably one of the most effective methods of protecting against AI-enabled attacks (or any other cyberattack) is to reduce your available attack surface by removing outdated systems from your network and blocking access from the internet to your OT and IoT devices. If one of these devices absolutely must be exposed to the public internet, then ensuring that default accounts and credentials are removed or changed is critical.
Cybersecurity should not be a separate function.
The second point that was made in the Five Eyes release was that cybersecurity must not be treated as a separate function. Anyone who has heard me speak on cybersecurity in the past knows this is a concept that is near and dear to me.
The entire organization must embrace a culture of security. Cybersecurity must be treated as a core tenet of the business itself, not something that gets a line item in the budget.
What does this look like in practice?
Security culture starts at the top. Leaders who embrace and value cybersecurity as a core part of their organization set an example for the rest of the organization to follow:

They give cybersecurity a seat at the table in board level discussions.
They ensure that there is adequate budget for the security teams to properly defend the organization.
They champion security awareness training throughout the organization, including the highest levels of the leadership team.

These security savvy leaders understand that cybersecurity is not a cost center; it is a risk management tool that they can leverage to protect the business and improve the overall financial performance of the organization.
Does this mean that we don’t need to “fight fire with fire” when it comes to AI?
It does not.
We absolutely must empower our security teams with AI-enabled defenses that are capable of detection and response at machine speed, systems that never get alert fatigue and can handle the ever-increasing speed of attempted attacks.
We must automate the patching of our systems and use AI-powered tools to rapidly triage and alert on suspicious signals in our networks.
But these are not the first steps in effectively protecting an organization from AI-enabled cyberattacks; they are the top level of tools that are layered onto a strong foundation of cybersecurity maturity and an organizational culture of security mindedness.
AI is changing the security game.
AI technology will continue to advance, and we will continue to face threat actors who employ AI tools for nefarious purposes. We will continue to improve our defenses, deploying ever-more-sophisticated defenses capable of detecting and containing attempted attacks, but we must do so with our feet securely planted on solid cybersecurity best practices.
Ben Wilkens, CISSP, CCSP, CISM, is director of cybersecurity at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.