“84% of company directors believe that their IT department is able to protect their organizations from a cyber-attack.” These were the findings of a research study by AIG conducted inthe UK two years ago. The cybersecurity landscape, however, is changing day after day, year after year; and here we are in 2018, trying to put ourselves in the shoes of cybercriminals to better anticipate where attacks will be coming from, while at the same time they think more like developers to evade detection!
Let's take a look at what happened recently in the maritime "sphere" with regards to cyber security.
Earlier this July, Cosco’s operations in the US were hit by a cyber-attack. As a result, its daily operations in the US were affected. The company's operations outside the US were not affected; neither did the terminal operations, according to reports.
Reality has proven that cyber-attacks in shipping are happening all too often. Another example is the cyber-attack against Maersk. Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m including:
- loss of revenue
- IT restoration costs
- extraordinary costs related to operations
All began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.
How can shipping companies, therefore, keep pace with the agile development that cybercriminals are employing in 2018 and how do they pinpoint the recycled vulnerabilities being used?
5 major cyber security problems in today's shipping industry
- Shipping organizations work carelessly with unauthorized data carriers
- Authorized data carriers are insufficiently checked by security software after downloads of updates for navigation equipment (ECDIS )
- Lack of effective security software and/or maintenance
- Lack of training of the on-board management staff in handling internal networks, through the use of security software
- Lack of board leadership
Lack of board leadership in the spotlight
"Given the increasing pace and complexity of the threats, corporations must adopt approaches to cybersecurity that will require much more engagement from the CEO and other senior executives to protect critical business information without constraining innovation and growth."
McKinsey reported some years before
Today, most shipping companies know that cybersecurity is a critical issue that simply cannot be overlooked. However, problems cannot be solved if not communicated first. How many of them implement preventive policies to avoid falling victim to a cyber-attack? How many of them have a plan on how to ”clean up the mess” and superintend the fallout?
Getting to a new bussines-driven cybersecurity model
Cyber security is for shipping operators as much as it is for technical people. Leaders must be wholeheartedly involved in order to gain cyber resilience and effectively protect their organizations from cyber threats.
"Shipowners must accept the fact that at some point their company will be compromised by a cyber threat which will significantly impact their operations organization wide."
says Max Bobys,Vice President, HudsonCyber
The most important consideration for cyber resilience is the idea that an organization deploys its assets (people, information, technology, and facilities) in support of specific operational missions (i.e., scope of organization, day by day business.)