September 23, 2025 • 31 mins
How prepared is your business to face today’s evolving cybersecurity threats? Are you confident your team could spot an AI-generated scam or respond to a ransomware attack in real time? Listen to Joe Ohr sharing the impact of the NMFTA Cybersecurity Conference, which was born out of the LTL industry’s push to go digital and address the gap in security education and awareness.
We discuss who the prime targets for cybercriminals are, how AI has changed the game for bad actors, and how the NMFTA conference equips attendees with real-world tools. With its peer-to-peer format, intimate setting, and focus on actionable outcomes, strengthen your defenses against the rising tide of cyber threats!
NMFTA Cybersecurity Conference Registration: https://cyber.nmfta.org/cybersecurity-conference/register
About Joe Ohr
Joe Ohr has more than two decades of experience in technical operations, customer success management, customer support, and product support.
Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity.
Prior to Ohr’s role at NMFTA, he served as in numerous engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs.
Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals.
He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs.
📊📉 Don’t miss out on the latest market trends by subscribing to your TOP Transportation Morning Show! 🌎
🎬🎯 #TheFreightCoach Morning Show is LIVE every weekday at 10:30 AM CST to break down transportation industry headlines! Mark your calendars!
🤝 Shoutout to my sponsors!👇
- Denim | https://info.denim.com/chrisjolly
- SPI Logistics | https://spi3pl.com/
- Revenova | https://revenova.com/freightcoach/
- NMFTA | https://nmfta.org/
Help Sgt. Murphy's Kids Soar: A Fallen Hero: https://www.gofundme.
🚀🔥 To sign up for my Newsletter, go to http://eepurl.com/iNoHco, get in touch with me through the social media channels below, and subscribe to my YouTube Channel!👇
▶️ https://www.youtube.com/channel/UCjrL70IEnCfDkNaiYMar3jw
📷 https://www.instagram.com/thefreightcoach/
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Came back with a bank window down yelling now money any day hey oh Got the foot on the gas pedal to the metal when I'm get to the back hey Got the foot on the gas pedal to the metal when the lane moving fast hey Let them all cross if they hate then let them made them make a bigger.
Speaker 2 (00:25):
Balls hey what is up ladies and gentlemen?
We are back.
We are live.
It is a Freight Coach podcast, the top podcast in transportation coming to you guys every single weekday, 8:30am Pacific, 10:30 Central to break down some industry headlines.
But most importantly, you guys provide some actual insight into what you can do with all of this information.
If this is your first time tuning in, welcome.
(00:45):
This is the real side of freight, ladies and gentlemen.
And I do say that before every single show.
And what I mean by that is I only speak with transportation professionals because at the end of the day, you guys, I want to talk to the right individuals who have done what you're looking to do or who are currently doing what you're trying to achieve.
So you can take that information, apply it, utilize it, and see a meaningful difference in your business and your life.
(01:05):
Happy Tuesday everybody.
I got a very special guest.
I'm going to bring him up here in a second.
But my team always wants me to say this stuff at the beginning of the episode as well as the end of the episode.
And that is if you get value in what you hear today and you're not subscribed, subscribe to the show, you guys.
And if you're feeling ambitious after this one, rank the show on itunes and Spotify.
Because if you saw value, that's how your network's going to see it as well.
(01:27):
And then just one quick reminder, if you guys want to get in on the weekly Freight Coach newsletter, new ones dropping tomorrow.
I just need you to go to the freightcoach.com though to register for it.
I don't auto sign up my contact list or if you give me your email address, I don't just auto sign you up for that stuff because I want you to want to receive that.
So that being said, you guys, today's topic is like secretly, this is my probably favorite topic to talk about in all of transportation.
(01:53):
This is my favorite event to attend inside of the industry because it's one of the few environments that I'm in that I truly feel like I am only there to learn.
I can't draw any parallels from past experiences or anything like that in my day to day job.
And it is one of those things where I Learn every single time I'm there.
Speaker 1 (02:12):
So.
Speaker 2 (02:12):
So with that being said, I got Mr. Joe or of the NMFTA on today to break down the cybersecurity conference we got coming up here in Austin, Texas next month.
So, Joe, thank you so much for taking the time to join me.
Speaker 3 (02:23):
No, thanks for having me.
I appreciate it and appreciate your support of the cyber conference.
Speaker 2 (02:28):
No, this is.
I mean, this is my fourth one.
Right.
Like, I think I've been to the one in D.C. houston, Cleveland last year, now this one going.
Going to one of my favorite cities, Austin, Texas.
And, you know, I'm sure you're happy because it's, you know, you don't have to leave the state of Texas this time.
Speaker 3 (02:43):
Exactly.
Speaker 2 (02:46):
So, you know, with this, what was one of those, like, driving forces to why you guys started this event?
And was it like a growing need or was it, you know, like, with your guys as members at the NMF ta like, hey, we want to really start pushing this?
Speaker 3 (03:01):
No, that's a great question.
And were just talking about that the other day.
You know, we.
We dabbled in cybersecurity just because members were asking.
And at that point, it was really asset side.
We were doing some research and looking at things, but it was really behind closed doors.
We weren't really talking about what were doing.
(03:24):
And then.
And then as we started moving forward with the digitalization effort within.
Within ltl, we started getting a lot of questions like, hey, as we do this and as we transition to paperless, we really are thinking about cybersecurity and cybersecurity at the forefront.
(03:45):
And as we make this jump, we really don't know what to do.
We need more guidance.
And so it kind of became, hey, there's a spot here where nobody's talking about it.
And so we kind of went and looked and said, you know, who else is doing a conference?
Who else is putting together standards?
(04:06):
Who else is doing research?
And we really couldn't find a lot of these answers.
And that's why we started doing the conference is just to fill a need that.
And give back to the industry where we didn't think anybody else was doing it really, as a gift back to the industry.
Speaker 2 (04:23):
No.
And this is something that I look at it as.
This isn't just one side of the industry that needs to start paying attention to this stuff.
Right.
Like that.
From my perspective, I think the thing that, like, my biggest takeaway over these last, you know, three events that I've been to at that conference, and this is coming from A guy whose entire IT strategy and experience is essentially just restart your computer when stuff's not working right.
(04:50):
Is the best thing to do.
Like, step one for a lot of people is like, have a plan.
Any plan out there is better than not having a plan for any, you know, form of cyber attack that's out there.
But like, the most simplest form, like the simplest step is do not click on external links inside of your email.
Right.
(05:10):
Like, anytime that there's an external link that's in there, don't click on that.
That was like another massive takeaway.
And a lot of the chief technology officers that I've talked to that have been at that show have essentially said, like, that essentially minimizes like 90% of your problems by not clicking on those links.
Speaker 3 (05:26):
Yeah, exactly.
And that's really what the conference is meant to be.
You know, last year we took a very different approach than years past where we wanted to people to hear from their peers.
Kind of like the introduction to your show, like, hey, you want to talk to the people have done it?
And that's really what we did at the conference last year, is we had people that were the CEOs, the CTOs, the CIOs, the CSOs, come talk about, you know, what problems have they run into?
(06:00):
You know, as an industry, everybody likes to share when, except for when it comes to cybersecurity, then they kind of close up and they don't really talk about it.
But last year, you know, we did talk to some people who had been impacted by, you know, breaches, and they came out and they said, hey, we got breached.
(06:20):
And we've kind of continued that with some calls every quarter.
And, and that's what we're going to talk about.
And, and then in October in Austin, you know, one of the things we're going to talk about is the cyber impact of cargo theft.
Speaker 2 (06:34):
Yeah.
Speaker 3 (06:35):
And we're going to talk about that aspect of it.
And so we're going to hear from people impacted by cargo theft.
We're going to hear from the experts, but then we're also going to hear from law enforcement and why it's so challenging.
Because I don't think that there's so many different aspects of cargo theft.
I don't think anybody's gotten their arms around it.
(06:56):
But there's definitely a cyber aspect to hear about that people want to hear about and discuss.
I think just opening up and having that discussion leads to a lot of discussions maybe we didn't expect.
So sometimes we'll schedule something for a half an hour that maybe we only have 10 minutes of topic and assume that, hey, there's going to be 20 minutes of discussion.
(07:26):
And that's the big takeaway we got last year was it was the fireside chats, it was the discussions that people walked away learning the most.
Speaker 2 (07:37):
Yeah, I, I look at it as is.
I think one of the biggest takeaways that I got last year as well was the fact that these guys aren't just going after like large logos, right?
Because I think a lot of companies, and especially inside of the transportation industry, when 95 of the market is made up of small businesses, right?
And you think like, oh, we're too small, they're not going after them.
(07:59):
And I forget the gentleman's name.
But he had said he's like, a lot of these guys look at it like this.
It is a lot easier to steal one dollar from a hundred people than it is to steal a hundred dollars from one person.
And that's why there is no like profile of company that they go after.
If anything, he said they definitely lean towards the smaller businesses than the larger businesses because generally speaking, the larger organizations out there, and this isn't just a transportation thing.
(08:27):
This is kind of across the country, they have higher security measures in place to keep their system safe and everything.
It's a lot harder of a breach than that mom and pop organization out there who can get in and, you know, spend a thousand bucks essentially to pay the ransomware at that time.
And I think that was one of those things that really opened up my eyes.
(08:48):
And then, you know, kind of a couple of these events happened inside of my organization in the last year.
And it was the too good to be true email that came in.
And as a sales rep and especially in a down freight market, Joe, like we' now, right?
People are looking for new freight opportunities everywhere.
And one of them, you know, I, I got an inbound email like 2 months ago and you know, I'm like, wait a second.
(09:13):
I've literally never seen an out been outbound outreach to me as a broker to move their freight.
And the thing was, is like they put a legit company website.
Everything was in the email, everything was there.
And I actually called the company and I'm like, hey, FYI, I just received an outbound email, like, something just doesn't add up here.
(09:35):
And they were like, yeah, we think we've been hit because you're like the 14th provider that has called us here in this past week.
And then I looked at the web domain on there.
There was, there was an extra L in the name.
I don't have it off the top of my head, but it was two Ls instead of one L. And then when you went to the company's website, it was spelled properly, but they just added an additional letter in the email.
(09:59):
Right.
So it looked very legit out there into the, I would say the untrained person, they're going to see that inbound email and then all of a sudden, you know, it's going to be, send us your banking information so we can give you direct deposit on freight or something like that.
And then boom, you're done, you're compromised.
Right.
So it is like those are those direct parallels that I've personally experienced here over the last year and I think like this is one of those things that I have taken away from going to your guys's event is like, that's like I, I was a skeptic, but like I'm really a skeptic now after attending this stuff.
Speaker 3 (10:34):
Yeah.
And, and looks like domains like you mentioned are the, the bad actors are getting smarter and more sophisticated and with AI, they can do more and they can do it faster and they can go, they can do it more efficiently.
You know, it used to be we joke around like, oh, you can look for the broken English or it was so far fetched that oh, you got an uncle in Nigeria that left you a couple million dollars.
(11:05):
Now it's not as far fetched.
I mean, there was just something on the local news where they can take 60 seconds of a audio recording and basically turn it into a 20 minute message.
And they can do the same thing with video.
I mean, that was one of the things one of the big carriers talked about is they used a $500 AI program to create a message from the CEO that looked real enough that people thought PTO was being canceled.
(11:38):
And so if you're a small carrier with AI, they can go after a thousand small carriers a lot easier than they can go after maybe one or two of the big carri.
And that's the thing I walked away from last year is, you know, as we walked around the room, especially the first day, I talked a lot of people like, hey, you know, why did you come?
(12:03):
And one of the folks had like 10 trucks and he said, I have no cybersecurity and I have no idea where to even start.
I just need to know where to start.
And I Think a lot of people are in that situation.
It's not the people that have a big organization.
(12:23):
Some of these people don't have IT organizations in house.
They definitely don't have security.
They just need to know where to start.
That's one of the things that we like to do at the conference is whether you are someone that owns a big trucking company and you've got something in place, there's sessions for you.
(12:47):
But if you're that person just looking to figure out where to start, there's going to be sessions for you.
One of the things we introduced last year and that we're doing this year also is tabletop exercises.
Because you do want to do like real world scenarios, hands on.
Okay, what happens.
It's kind of the old Mike Tyson thing.
(13:09):
Everybody's got a plan till you get punched in the mouth.
And that's what the cyber attack is a punch in the mouth.
And so it's kind of going through those different scenarios.
And I know, you know, at NMFTA we do those and we see things all the time.
An employee, I think it was just yesterday got a email or a text that it was spoofed.
(13:34):
Like it came from our CEO and or executive director, didn't our board members will get things and it's just scraping things off of different websites.
And so the bad actors are getting better and better.
And so, you know, it doesn't matter really if you're a small carrier or a large carrier, people are going to try to take advantage of you.
(14:02):
And so, you know, that's really what the conference is meant is to, it's not going to, you're not going to walk away and say, hey, I can cover all the basis, but you're going to at least have that starting point and at least be able to make that informed decision of, okay, this is how far I need to take it.
(14:22):
This is the investment.
And I think that's a lot of the discussion is, okay, how much investment is needed based on what I need to do and how long can I afford to be down and what do my options look like and what does everybody else do?
And that's a lot of, is just talking to your peers and trying to determine, okay, what are the best practices.
Speaker 2 (14:48):
Yeah, and I think like, you know, from my perspective, this isn't just a show for companies that have IT departments.
Right.
Like, yeah, so those are great to have there.
But like you mentioned it, I think it's almost more important for the individuals and the businesses out there that don't, right?
Like they have nothing out there.
And especially like with the growing amount of freight tech that is available to you right now, how are you even aware if they're managing your data properly and keeping your stuff safe?
(15:17):
And again, I feel like just from an education standpoint alone this shows imperative, right?
Like we are not getting less digital as that the years progress, right?
Like if anything we're going to become more and more reliant on technology.
And you brought up a good point there Joe, that I think a lot of people don't think about.
How long can you afford to stay in business if your systems are down?
(15:38):
How can you do that?
How are your customers information protected?
You know, all of that stuff, it's an overarching thing.
And you know, you brought up the AI video and stuff out there about a CEO saying, you know, canceling PTO and stuff like that.
It's only going to get easier, right?
Like it's only going to get easier for these guys to go in there and especially with AI and you know, so it's like how can some, you know, potential attendee learn more about AI and cyber inside of their organization as every new company inside of freight tech is an AI freight tech company.
Speaker 3 (16:12):
Yeah.
And like for us we have, anytime AI is deployed or launched or looked at, we have a checklist and you have to go through that.
And one of the things you'll find in this conference is free tools.
(16:32):
And I think, you know, we're not, we don't use a conference to say, hey, buy this, buy this.
We'll point you to some free utilities.
And so one of the things that we just created is a vendor checklist and it includes things related to AI.
And if you look at that vendor checklist, it's really things to think about, questions to ask.
(16:57):
But also it's a good basis for AI or non AI.
And like you said, you're only as strong as your weakest link.
That weakest link may be AI, it may be your telematics, it may be video based safety, it may be, you know, the green screen down that glows.
(17:20):
You know, it may be your TMS provider, you don't know.
And so the vendor checklist that we provide on our website I think is some, it's just something we recently released.
It is really, I think valuable when you're looking at that because AI is scary.
(17:43):
A lot of people go for the free AI and anything you put out there is public knowledge.
So it's usually worth it, number one, to go with a reputable AI.
But number two, do the AI that costs money and ask questions like, hey, is this my space specifically or is it public?
(18:08):
And then like we sell software so like with class IT plus we make sure that it doesn't get fed into a general AI model because that's proprietary data.
So you really got to ask the right questions about how the data being entered into the AI is being used, who's got visibility?
(18:30):
Because like say for example, you've got a group of developers and they're putting code into AI, that code you don't want to become public knowledge.
Or let's say you have accountants and they're putting spreadsheets and formulas into AI, all of a sudden that becomes public knowledge.
So you really got to ask the right questions.
(18:51):
And you know, part of that vendor checklist is what questions do you ask?
How do you vet the vendors and how do you make sure that your data stays secure?
Speaker 2 (19:04):
So is there going to be like, with all that being said, how many sessions or are potential attendees going to be able to, you know, like what can they expect to take away from like building that human firewall?
Right.
Like that initial, like we don't have a response training or we have no training at all awareness to it.
Is that going to be like a couple of sessions dedicated to that of like an incident of like, hey, this is how we stop a lot of that from evolving.
Speaker 3 (19:29):
Yeah.
You know, one of the sessions that we're doing that I'm really excited about is it's called when Seconds Count.
And it's, it's experts talking about incident response.
And these are people that's what they do and they'll talk about why it's so important.
(19:53):
And last year you heard from people, one person worked with insurance, one person didn't.
And so you know, it's not a one size all, but there's a session called when seconds count, that's really important.
And then what we're also talking about, you know, you had mentioned phishing.
(20:16):
So talk about that.
We'll talk about on the cargo theft side, some lessons learned and I think that's really important like you said, as far as response time.
And then that's all on Monday and then on Tuesday.
One of the things that I mentioned was the tabletops.
(20:38):
So we're going to lead something where we walk through the process of a business risk Assessment and how do you generate what's called a risk register for your business and conduct a tabletop business continuity exercise.
And so, you know, that's something that you walk out of this with.
(21:02):
You walk out of the conference with.
This is what I put together.
And you know, that's something that is very, very valuable.
And that's what you do on that tabletop.
And then, you know, one of the things that we're doing there at the end is we're getting, we're having an executive panel and we're talking about again, you know, how are people of all sizes and not just lpl, tanker and other areas.
(21:36):
How do you approach cybersecurity?
What do you do and what is your best practices?
So it's an opportunity to hear from your peers.
Speaker 2 (21:47):
Yeah, and that to me, like, I, I would say, you know, a word collaboration comes to mind is like another big takeaway from a lot of those previous events that I've been to.
And you know, it seems like there's an emphasis on that right there.
Right.
Like it doesn't matter what size company you're at, like, let's sit down, let's talk.
What are we doing here?
How are we stopping these?
Because it is like a collective right at the end of the day.
(22:08):
Because I think most companies have that mindset of at this point, it's not if it's when it happens, how do we become better prepared for it?
How do we minimize any potential threat if it does happen?
How do we minimize, like you said, those seconds count, right?
How do we minimize the threat to where it doesn't get access to our entire system or how that looks.
(22:29):
And you know, I think unfortunately, but fortunately, the best way to learn is to hear from the people who've been through that, right?
Like, there's been a couple of high profile breaches that have happened, you know, in the industry, but kind of across the country there.
And I remember, you know, it was, I think it was last year or maybe it was two years ago when the gentleman, I believe they were from Target or something like that was there and.
(22:53):
Or his com, he used to work for Target and his company does like fishing stuff now or they're a cyber threat company out there, you know, kind of hearing from him and like learning from that stuff and you know, to tie a parallel in, I believe it was like a controller wired millions of dollars for this business because they received a, a fake phishing from like the CEO or CFO or somebody like authorizing it.
(23:19):
And it went to some offshore account or something like that.
And, you know, so again, it's like it's learning from a lot of this stuff because it's only going to become more and more advanced and harder to catch, I think.
And I just think that having that awareness is often overlooked in a lot of businesses.
(23:39):
Right.
I feel like as proactive as freight can be, I think it's also very reactive in a lot of situations.
And again, a lot of this is you can minimize your exposure by attending a simple event like this and learning from people and companies who have robust systems in place already that keep their businesses safe.
And again, like, you can be that individual who doesn't have anything and you can go in there and people are going to give you the time of day.
(24:04):
You know, you're going to have these roundtables, these tabletop discussions about what to do and what to implement.
So this isn't, hey, we have nothing.
I don't know if I should be there.
I feel like you should be there more than anyone at that point.
Speaker 3 (24:17):
Yeah.
And agreed.
And it is.
We, we purposely keep it small.
You know, this isn't something where you're going to get 5, 600 people.
We, we purposely keep it under 150.
It's also not a show full of booths and salespeople.
Even that we do have sponsors, but even the sponsors I'm excited about because they send their tech people and so, and then they actually attend the sessions and they participate in the sessions.
(24:52):
And I know last year, and I've done some prep calls with them this year is, you know, it's usually people we work with and we've got relationships with and they're from the industry.
And so it's not, they're not there really to just sell, sell.
They're there to learn and they're, they're there also to give back, which makes it very, you know, beneficial.
(25:20):
And that's what I heard from the vendors that attended last year that I've talked to this year is, hey, I'm going to send a few more people because we got a lot out of it.
And again, you know, not.
They're talking about from a knowledge perspective.
And that's the most important thing is just the opportunity to exchange ideas and say, hey, what do you do here?
(25:44):
What do you do there?
And we're also talking about maybe the things that, you know, haven't happened as you as we've talked about that as we go towards paperless, there's a lot in the truck.
So we'll also be looking at that.
We've got some folks from OEM side, manufacturer side, and we'll be talking about, you know, as these trucks become more automated and they have more sensors that's more opportunity for the bad actors to do things.
(26:21):
And so, you know, how do we prevent that?
And so, you know, we'll be talking about that and that's something, you know, that not all the OEMs and not all the manufacturers are willing to do.
So the ones that do show up, again, kudos to them for being willing to participate in the discussion.
And so we'll, we're doing some fun things around that also with these guys.
Speaker 2 (26:47):
Yeah, I'll never forget that in Houston when Ben hacked that truck, like that was wild.
That was one of the most, I would say that was one of the most insane things I've ever experienced.
I'm not just trying to overstate it or anything like that, but when you think about it guys, and like hearing Ben with, He's with the NMWTA, you guys, and in hearing him explain how essentially how easy it can be and like how in close proximity and stuff like that and kind of breaking down that, and then seeing him go in and hack a truck live like again like as Joe had mentioned, there you guys with more sensors and more components that are added on to these trucks, it's going to become more and more of a real threat out there.
(27:29):
And, and that's another thing too.
If you own a fleet, hearing from your OEM and everything front firsthand what they're doing, again this is a must attend event if I'm being honest.
And you know, to Joe's point about it's an intimate event.
It's not going to have your typical vendor booth floor and stuff like that at the scale of some of the other industry conferences that you're at.
(27:51):
It is very education packed and it's very invaluable I think for anybody of any tech background to go and attend.
But Joe, I'm going to put the link for how people can register for the conference out there.
Do you have any, like, any way that people can go, just go to your guys's website to check it out or.
Speaker 3 (28:07):
Yeah, go to cyber.nmfta.org and it's October 26th through the 28th in Austin.
You can Also, reach out to.
To me in LinkedIn or anybody in MFT and LinkedIn, or just go to NMFK.org but reach out to us and we'll get you registered.
(28:31):
And again, it's.
It's a very fun conference.
Lots of knowledge, and you actually walk away with something you can implement the next day.
Speaker 2 (28:45):
No, I. I agree with that.
And you guys, check it out.
Austin's a great city.
If you're a barbecue fan, it's worth it just for that alone.
And you get to learn a lot about cyber security out there.
I'll put all those links out there in the show notes, you guys.
And if you guys can't find Joe or anybody at the NMWTA, hit me up.
I will gladly put you guys in contact with them.
But that's going to be it for today, ladies and gentlemen.
As always, if you got value in what you heard, subscribe to the show, you guys.
(29:08):
And if you're feeling ambitious, rank the show on itunes and Spotify, because if you saw value, your network's going to see it as well.
I appreciate you guys.
I love you guys.
And we'll be talking to you soon.
Speaker 1 (29:23):
Came back with a bank window down yelling now money anything hey oh got the foot on the gas pedal to the metal when I'm getting to the back hey got the foot on the gas pedal to the metal when the lane moving fast hey Let them all cross if they hate then let them made them make a bigger ball hey.
Came back with a bank window down yelling now money any day hey oh Got the foot on the gas pedal to the metal when I'm get to the back hey Got the foot on the gas pedal to the metal when the lane moving fast hey Let them all cross if they hate then let them made them make a bigger.
Speaker 2 (00:25):
Balls hey what is up ladies and gentlemen?
We are back.
We are live.
It is a Freight Coach podcast, the top podcast in transportation coming to you guys every single weekday, 8:30am Pacific, 10:30 Central to break down some industry headlines.
But most importantly, you guys provide some actual insight into what you can do with all of this information.
If this is your first time tuning in, welcome.
(00:45):
This is the real side of freight, ladies and gentlemen.
And I do say that before every single show.
And what I mean by that is I only speak with transportation professionals because at the end of the day, you guys, I want to talk to the right individuals who have done what you're looking to do or who are currently doing what you're trying to achieve.
So you can take that information, apply it, utilize it, and see a meaningful difference in your business and your life.
(01:05):
Happy Tuesday everybody.
I got a very special guest.
I'm going to bring him up here in a second.
But my team always wants me to say this stuff at the beginning of the episode as well as the end of the episode.
And that is if you get value in what you hear today and you're not subscribed, subscribe to the show, you guys.
And if you're feeling ambitious after this one, rank the show on itunes and Spotify.
Because if you saw value, that's how your network's going to see it as well.
(01:27):
And then just one quick reminder, if you guys want to get in on the weekly Freight Coach newsletter, new ones dropping tomorrow.
I just need you to go to the freightcoach.com though to register for it.
I don't auto sign up my contact list or if you give me your email address, I don't just auto sign you up for that stuff because I want you to want to receive that.
So that being said, you guys, today's topic is like secretly, this is my probably favorite topic to talk about in all of transportation.
(01:53):
This is my favorite event to attend inside of the industry because it's one of the few environments that I'm in that I truly feel like I am only there to learn.
I can't draw any parallels from past experiences or anything like that in my day to day job.
And it is one of those things where I Learn every single time I'm there.
Speaker 1 (02:12):
So.
Speaker 2 (02:12):
So with that being said, I got Mr. Joe or of the NMFTA on today to break down the cybersecurity conference we got coming up here in Austin, Texas next month.
So, Joe, thank you so much for taking the time to join me.
Speaker 3 (02:23):
No, thanks for having me.
I appreciate it and appreciate your support of the cyber conference.
Speaker 2 (02:28):
No, this is.
I mean, this is my fourth one.
Right.
Like, I think I've been to the one in D.C. houston, Cleveland last year, now this one going.
Going to one of my favorite cities, Austin, Texas.
And, you know, I'm sure you're happy because it's, you know, you don't have to leave the state of Texas this time.
Speaker 3 (02:43):
Exactly.
Speaker 2 (02:46):
So, you know, with this, what was one of those, like, driving forces to why you guys started this event?
And was it like a growing need or was it, you know, like, with your guys as members at the NMF ta like, hey, we want to really start pushing this?
Speaker 3 (03:01):
No, that's a great question.
And were just talking about that the other day.
You know, we.
We dabbled in cybersecurity just because members were asking.
And at that point, it was really asset side.
We were doing some research and looking at things, but it was really behind closed doors.
We weren't really talking about what were doing.
(03:24):
And then.
And then as we started moving forward with the digitalization effort within.
Within ltl, we started getting a lot of questions like, hey, as we do this and as we transition to paperless, we really are thinking about cybersecurity and cybersecurity at the forefront.
(03:45):
And as we make this jump, we really don't know what to do.
We need more guidance.
And so it kind of became, hey, there's a spot here where nobody's talking about it.
And so we kind of went and looked and said, you know, who else is doing a conference?
Who else is putting together standards?
(04:06):
Who else is doing research?
And we really couldn't find a lot of these answers.
And that's why we started doing the conference is just to fill a need that.
And give back to the industry where we didn't think anybody else was doing it really, as a gift back to the industry.
Speaker 2 (04:23):
No.
And this is something that I look at it as.
This isn't just one side of the industry that needs to start paying attention to this stuff.
Right.
Like that.
From my perspective, I think the thing that, like, my biggest takeaway over these last, you know, three events that I've been to at that conference, and this is coming from A guy whose entire IT strategy and experience is essentially just restart your computer when stuff's not working right.
(04:50):
Is the best thing to do.
Like, step one for a lot of people is like, have a plan.
Any plan out there is better than not having a plan for any, you know, form of cyber attack that's out there.
But like, the most simplest form, like the simplest step is do not click on external links inside of your email.
Right.
(05:10):
Like, anytime that there's an external link that's in there, don't click on that.
That was like another massive takeaway.
And a lot of the chief technology officers that I've talked to that have been at that show have essentially said, like, that essentially minimizes like 90% of your problems by not clicking on those links.
Speaker 3 (05:26):
Yeah, exactly.
And that's really what the conference is meant to be.
You know, last year we took a very different approach than years past where we wanted to people to hear from their peers.
Kind of like the introduction to your show, like, hey, you want to talk to the people have done it?
And that's really what we did at the conference last year, is we had people that were the CEOs, the CTOs, the CIOs, the CSOs, come talk about, you know, what problems have they run into?
(06:00):
You know, as an industry, everybody likes to share when, except for when it comes to cybersecurity, then they kind of close up and they don't really talk about it.
But last year, you know, we did talk to some people who had been impacted by, you know, breaches, and they came out and they said, hey, we got breached.
(06:20):
And we've kind of continued that with some calls every quarter.
And, and that's what we're going to talk about.
And, and then in October in Austin, you know, one of the things we're going to talk about is the cyber impact of cargo theft.
Speaker 2 (06:34):
Yeah.
Speaker 3 (06:35):
And we're going to talk about that aspect of it.
And so we're going to hear from people impacted by cargo theft.
We're going to hear from the experts, but then we're also going to hear from law enforcement and why it's so challenging.
Because I don't think that there's so many different aspects of cargo theft.
I don't think anybody's gotten their arms around it.
(06:56):
But there's definitely a cyber aspect to hear about that people want to hear about and discuss.
I think just opening up and having that discussion leads to a lot of discussions maybe we didn't expect.
So sometimes we'll schedule something for a half an hour that maybe we only have 10 minutes of topic and assume that, hey, there's going to be 20 minutes of discussion.
(07:26):
And that's the big takeaway we got last year was it was the fireside chats, it was the discussions that people walked away learning the most.
Speaker 2 (07:37):
Yeah, I, I look at it as is.
I think one of the biggest takeaways that I got last year as well was the fact that these guys aren't just going after like large logos, right?
Because I think a lot of companies, and especially inside of the transportation industry, when 95 of the market is made up of small businesses, right?
And you think like, oh, we're too small, they're not going after them.
(07:59):
And I forget the gentleman's name.
But he had said he's like, a lot of these guys look at it like this.
It is a lot easier to steal one dollar from a hundred people than it is to steal a hundred dollars from one person.
And that's why there is no like profile of company that they go after.
If anything, he said they definitely lean towards the smaller businesses than the larger businesses because generally speaking, the larger organizations out there, and this isn't just a transportation thing.
(08:27):
This is kind of across the country, they have higher security measures in place to keep their system safe and everything.
It's a lot harder of a breach than that mom and pop organization out there who can get in and, you know, spend a thousand bucks essentially to pay the ransomware at that time.
And I think that was one of those things that really opened up my eyes.
(08:48):
And then, you know, kind of a couple of these events happened inside of my organization in the last year.
And it was the too good to be true email that came in.
And as a sales rep and especially in a down freight market, Joe, like we' now, right?
People are looking for new freight opportunities everywhere.
And one of them, you know, I, I got an inbound email like 2 months ago and you know, I'm like, wait a second.
(09:13):
I've literally never seen an out been outbound outreach to me as a broker to move their freight.
And the thing was, is like they put a legit company website.
Everything was in the email, everything was there.
And I actually called the company and I'm like, hey, FYI, I just received an outbound email, like, something just doesn't add up here.
(09:35):
And they were like, yeah, we think we've been hit because you're like the 14th provider that has called us here in this past week.
And then I looked at the web domain on there.
There was, there was an extra L in the name.
I don't have it off the top of my head, but it was two Ls instead of one L. And then when you went to the company's website, it was spelled properly, but they just added an additional letter in the email.
(09:59):
Right.
So it looked very legit out there into the, I would say the untrained person, they're going to see that inbound email and then all of a sudden, you know, it's going to be, send us your banking information so we can give you direct deposit on freight or something like that.
And then boom, you're done, you're compromised.
Right.
So it is like those are those direct parallels that I've personally experienced here over the last year and I think like this is one of those things that I have taken away from going to your guys's event is like, that's like I, I was a skeptic, but like I'm really a skeptic now after attending this stuff.
Speaker 3 (10:34):
Yeah.
And, and looks like domains like you mentioned are the, the bad actors are getting smarter and more sophisticated and with AI, they can do more and they can do it faster and they can go, they can do it more efficiently.
You know, it used to be we joke around like, oh, you can look for the broken English or it was so far fetched that oh, you got an uncle in Nigeria that left you a couple million dollars.
(11:05):
Now it's not as far fetched.
I mean, there was just something on the local news where they can take 60 seconds of a audio recording and basically turn it into a 20 minute message.
And they can do the same thing with video.
I mean, that was one of the things one of the big carriers talked about is they used a $500 AI program to create a message from the CEO that looked real enough that people thought PTO was being canceled.
(11:38):
And so if you're a small carrier with AI, they can go after a thousand small carriers a lot easier than they can go after maybe one or two of the big carri.
And that's the thing I walked away from last year is, you know, as we walked around the room, especially the first day, I talked a lot of people like, hey, you know, why did you come?
(12:03):
And one of the folks had like 10 trucks and he said, I have no cybersecurity and I have no idea where to even start.
I just need to know where to start.
And I Think a lot of people are in that situation.
It's not the people that have a big organization.
(12:23):
Some of these people don't have IT organizations in house.
They definitely don't have security.
They just need to know where to start.
That's one of the things that we like to do at the conference is whether you are someone that owns a big trucking company and you've got something in place, there's sessions for you.
(12:47):
But if you're that person just looking to figure out where to start, there's going to be sessions for you.
One of the things we introduced last year and that we're doing this year also is tabletop exercises.
Because you do want to do like real world scenarios, hands on.
Okay, what happens.
It's kind of the old Mike Tyson thing.
(13:09):
Everybody's got a plan till you get punched in the mouth.
And that's what the cyber attack is a punch in the mouth.
And so it's kind of going through those different scenarios.
And I know, you know, at NMFTA we do those and we see things all the time.
An employee, I think it was just yesterday got a email or a text that it was spoofed.
(13:34):
Like it came from our CEO and or executive director, didn't our board members will get things and it's just scraping things off of different websites.
And so the bad actors are getting better and better.
And so, you know, it doesn't matter really if you're a small carrier or a large carrier, people are going to try to take advantage of you.
(14:02):
And so, you know, that's really what the conference is meant is to, it's not going to, you're not going to walk away and say, hey, I can cover all the basis, but you're going to at least have that starting point and at least be able to make that informed decision of, okay, this is how far I need to take it.
(14:22):
This is the investment.
And I think that's a lot of the discussion is, okay, how much investment is needed based on what I need to do and how long can I afford to be down and what do my options look like and what does everybody else do?
And that's a lot of, is just talking to your peers and trying to determine, okay, what are the best practices.
Speaker 2 (14:48):
Yeah, and I think like, you know, from my perspective, this isn't just a show for companies that have IT departments.
Right.
Like, yeah, so those are great to have there.
But like you mentioned it, I think it's almost more important for the individuals and the businesses out there that don't, right?
Like they have nothing out there.
And especially like with the growing amount of freight tech that is available to you right now, how are you even aware if they're managing your data properly and keeping your stuff safe?
(15:17):
And again, I feel like just from an education standpoint alone this shows imperative, right?
Like we are not getting less digital as that the years progress, right?
Like if anything we're going to become more and more reliant on technology.
And you brought up a good point there Joe, that I think a lot of people don't think about.
How long can you afford to stay in business if your systems are down?
(15:38):
How can you do that?
How are your customers information protected?
You know, all of that stuff, it's an overarching thing.
And you know, you brought up the AI video and stuff out there about a CEO saying, you know, canceling PTO and stuff like that.
It's only going to get easier, right?
Like it's only going to get easier for these guys to go in there and especially with AI and you know, so it's like how can some, you know, potential attendee learn more about AI and cyber inside of their organization as every new company inside of freight tech is an AI freight tech company.
Speaker 3 (16:12):
Yeah.
And like for us we have, anytime AI is deployed or launched or looked at, we have a checklist and you have to go through that.
And one of the things you'll find in this conference is free tools.
(16:32):
And I think, you know, we're not, we don't use a conference to say, hey, buy this, buy this.
We'll point you to some free utilities.
And so one of the things that we just created is a vendor checklist and it includes things related to AI.
And if you look at that vendor checklist, it's really things to think about, questions to ask.
(16:57):
But also it's a good basis for AI or non AI.
And like you said, you're only as strong as your weakest link.
That weakest link may be AI, it may be your telematics, it may be video based safety, it may be, you know, the green screen down that glows.
(17:20):
You know, it may be your TMS provider, you don't know.
And so the vendor checklist that we provide on our website I think is some, it's just something we recently released.
It is really, I think valuable when you're looking at that because AI is scary.
(17:43):
A lot of people go for the free AI and anything you put out there is public knowledge.
So it's usually worth it, number one, to go with a reputable AI.
But number two, do the AI that costs money and ask questions like, hey, is this my space specifically or is it public?
(18:08):
And then like we sell software so like with class IT plus we make sure that it doesn't get fed into a general AI model because that's proprietary data.
So you really got to ask the right questions about how the data being entered into the AI is being used, who's got visibility?
(18:30):
Because like say for example, you've got a group of developers and they're putting code into AI, that code you don't want to become public knowledge.
Or let's say you have accountants and they're putting spreadsheets and formulas into AI, all of a sudden that becomes public knowledge.
So you really got to ask the right questions.
(18:51):
And you know, part of that vendor checklist is what questions do you ask?
How do you vet the vendors and how do you make sure that your data stays secure?
Speaker 2 (19:04):
So is there going to be like, with all that being said, how many sessions or are potential attendees going to be able to, you know, like what can they expect to take away from like building that human firewall?
Right.
Like that initial, like we don't have a response training or we have no training at all awareness to it.
Is that going to be like a couple of sessions dedicated to that of like an incident of like, hey, this is how we stop a lot of that from evolving.
Speaker 3 (19:29):
Yeah.
You know, one of the sessions that we're doing that I'm really excited about is it's called when Seconds Count.
And it's, it's experts talking about incident response.
And these are people that's what they do and they'll talk about why it's so important.
(19:53):
And last year you heard from people, one person worked with insurance, one person didn't.
And so you know, it's not a one size all, but there's a session called when seconds count, that's really important.
And then what we're also talking about, you know, you had mentioned phishing.
(20:16):
So talk about that.
We'll talk about on the cargo theft side, some lessons learned and I think that's really important like you said, as far as response time.
And then that's all on Monday and then on Tuesday.
One of the things that I mentioned was the tabletops.
(20:38):
So we're going to lead something where we walk through the process of a business risk Assessment and how do you generate what's called a risk register for your business and conduct a tabletop business continuity exercise.
And so, you know, that's something that you walk out of this with.
(21:02):
You walk out of the conference with.
This is what I put together.
And you know, that's something that is very, very valuable.
And that's what you do on that tabletop.
And then, you know, one of the things that we're doing there at the end is we're getting, we're having an executive panel and we're talking about again, you know, how are people of all sizes and not just lpl, tanker and other areas.
(21:36):
How do you approach cybersecurity?
What do you do and what is your best practices?
So it's an opportunity to hear from your peers.
Speaker 2 (21:47):
Yeah, and that to me, like, I, I would say, you know, a word collaboration comes to mind is like another big takeaway from a lot of those previous events that I've been to.
And you know, it seems like there's an emphasis on that right there.
Right.
Like it doesn't matter what size company you're at, like, let's sit down, let's talk.
What are we doing here?
How are we stopping these?
Because it is like a collective right at the end of the day.
(22:08):
Because I think most companies have that mindset of at this point, it's not if it's when it happens, how do we become better prepared for it?
How do we minimize any potential threat if it does happen?
How do we minimize, like you said, those seconds count, right?
How do we minimize the threat to where it doesn't get access to our entire system or how that looks.
(22:29):
And you know, I think unfortunately, but fortunately, the best way to learn is to hear from the people who've been through that, right?
Like, there's been a couple of high profile breaches that have happened, you know, in the industry, but kind of across the country there.
And I remember, you know, it was, I think it was last year or maybe it was two years ago when the gentleman, I believe they were from Target or something like that was there and.
(22:53):
Or his com, he used to work for Target and his company does like fishing stuff now or they're a cyber threat company out there, you know, kind of hearing from him and like learning from that stuff and you know, to tie a parallel in, I believe it was like a controller wired millions of dollars for this business because they received a, a fake phishing from like the CEO or CFO or somebody like authorizing it.
(23:19):
And it went to some offshore account or something like that.
And, you know, so again, it's like it's learning from a lot of this stuff because it's only going to become more and more advanced and harder to catch, I think.
And I just think that having that awareness is often overlooked in a lot of businesses.
(23:39):
Right.
I feel like as proactive as freight can be, I think it's also very reactive in a lot of situations.
And again, a lot of this is you can minimize your exposure by attending a simple event like this and learning from people and companies who have robust systems in place already that keep their businesses safe.
And again, like, you can be that individual who doesn't have anything and you can go in there and people are going to give you the time of day.
(24:04):
You know, you're going to have these roundtables, these tabletop discussions about what to do and what to implement.
So this isn't, hey, we have nothing.
I don't know if I should be there.
I feel like you should be there more than anyone at that point.
Speaker 3 (24:17):
Yeah.
And agreed.
And it is.
We, we purposely keep it small.
You know, this isn't something where you're going to get 5, 600 people.
We, we purposely keep it under 150.
It's also not a show full of booths and salespeople.
Even that we do have sponsors, but even the sponsors I'm excited about because they send their tech people and so, and then they actually attend the sessions and they participate in the sessions.
(24:52):
And I know last year, and I've done some prep calls with them this year is, you know, it's usually people we work with and we've got relationships with and they're from the industry.
And so it's not, they're not there really to just sell, sell.
They're there to learn and they're, they're there also to give back, which makes it very, you know, beneficial.
(25:20):
And that's what I heard from the vendors that attended last year that I've talked to this year is, hey, I'm going to send a few more people because we got a lot out of it.
And again, you know, not.
They're talking about from a knowledge perspective.
And that's the most important thing is just the opportunity to exchange ideas and say, hey, what do you do here?
(25:44):
What do you do there?
And we're also talking about maybe the things that, you know, haven't happened as you as we've talked about that as we go towards paperless, there's a lot in the truck.
So we'll also be looking at that.
We've got some folks from OEM side, manufacturer side, and we'll be talking about, you know, as these trucks become more automated and they have more sensors that's more opportunity for the bad actors to do things.
(26:21):
And so, you know, how do we prevent that?
And so, you know, we'll be talking about that and that's something, you know, that not all the OEMs and not all the manufacturers are willing to do.
So the ones that do show up, again, kudos to them for being willing to participate in the discussion.
And so we'll, we're doing some fun things around that also with these guys.
Speaker 2 (26:47):
Yeah, I'll never forget that in Houston when Ben hacked that truck, like that was wild.
That was one of the most, I would say that was one of the most insane things I've ever experienced.
I'm not just trying to overstate it or anything like that, but when you think about it guys, and like hearing Ben with, He's with the NMWTA, you guys, and in hearing him explain how essentially how easy it can be and like how in close proximity and stuff like that and kind of breaking down that, and then seeing him go in and hack a truck live like again like as Joe had mentioned, there you guys with more sensors and more components that are added on to these trucks, it's going to become more and more of a real threat out there.
(27:29):
And, and that's another thing too.
If you own a fleet, hearing from your OEM and everything front firsthand what they're doing, again this is a must attend event if I'm being honest.
And you know, to Joe's point about it's an intimate event.
It's not going to have your typical vendor booth floor and stuff like that at the scale of some of the other industry conferences that you're at.
(27:51):
It is very education packed and it's very invaluable I think for anybody of any tech background to go and attend.
But Joe, I'm going to put the link for how people can register for the conference out there.
Do you have any, like, any way that people can go, just go to your guys's website to check it out or.
Speaker 3 (28:07):
Yeah, go to cyber.nmfta.org and it's October 26th through the 28th in Austin.
You can Also, reach out to.
To me in LinkedIn or anybody in MFT and LinkedIn, or just go to NMFK.org but reach out to us and we'll get you registered.
(28:31):
And again, it's.
It's a very fun conference.
Lots of knowledge, and you actually walk away with something you can implement the next day.
Speaker 2 (28:45):
No, I. I agree with that.
And you guys, check it out.
Austin's a great city.
If you're a barbecue fan, it's worth it just for that alone.
And you get to learn a lot about cyber security out there.
I'll put all those links out there in the show notes, you guys.
And if you guys can't find Joe or anybody at the NMWTA, hit me up.
I will gladly put you guys in contact with them.
But that's going to be it for today, ladies and gentlemen.
As always, if you got value in what you heard, subscribe to the show, you guys.
(29:08):
And if you're feeling ambitious, rank the show on itunes and Spotify, because if you saw value, your network's going to see it as well.
I appreciate you guys.
I love you guys.
And we'll be talking to you soon.
Speaker 1 (29:23):
Came back with a bank window down yelling now money anything hey oh got the foot on the gas pedal to the metal when I'm getting to the back hey got the foot on the gas pedal to the metal when the lane moving fast hey Let them all cross if they hate then let them made them make a bigger ball hey.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.