Ince & Co warns of ‘evolving’ cyber-threat for the supply chain

International law firm Ince & Co has advised shipping and transportation companies to prepare for more cyber-attacks in the wake of recent high-profile incidents.

Following the widespread impact and disruption caused by the WannaCry and NotPetya attacks earlier this year, a spate of incidents in the recent weeks has highlighted the evolving threat to not only shipping companies, but other parts of the supply chain.

According to Ince & Co, the root cause of this challenge is that increasing digitalisation, advances in satellite communications, and a drive towards greater technological efficiencies all increase the risks for owners and operators rushing for the benefits, without considering the side effects.

    Rory Macfarlane, Partner, Ince & Co Hong Kong, commented: “Throughout 2017, we have seen headline-worthy cyber-attacks occur with growing frequency and severity. A number of high-profile companies have already fallen foul of the risks posed by the increasing digitalisation of our industry. As new technologies emerge to streamline operations, cut costs and increase efficiencies, evolving and expanding cyber-threats also emerge. It is imperative that shipping companies act to mitigate their cyber-risk now, before they become the next victim of a major breach.”

The effects of the NotPetya and WannaCry ransomware attacks proved a potent example of how costly a large scale, sophisticated cyber-attack can be, but for those working within cyber-security, these attacks did not come as a surprise, Rory Macfarlane  stated.

    Rory Macfarlane continued saying that: “Businesses must recognise a simple fact: there will be – or has already been – a cyber-attack on your business. But a cyber-attack being inevitable does not mean a ‘company-ending’ cyber-breach will be. Companies that make honest assessments of their businesses and get on the front foot will be able to mitigate their cyber-risk dramatically. Those who decide to ‘wait and see’ will have a rude awakening as these kinds of risks continue to develop.”

In order to tackle this problem Mr. Macfarlane believes that preparedness is crucial. As he is stating, “a proactive approach for concerned owners and operators” must be taken.

    “The message is simple: improving your cyber protection need not be costly. Significant improvements can be made for a modest investment. But prevention is always better than a cure, and the creation of a culture of cyber-security is essential. In the world of cyber-prevention, by far the best form of defence against cyber-crime lies in a concerted, top-down effort to planning and prevention. Indeed, board members should be aware that an unprevented cyber-breach could constitute an abdication of fiduciary duty, if mitigating measures were ignored or not put in place,” Rory Macfarlane concludes.

Petya ransomware earlier this year affected the shipping sector. This incident made clear that shipping will be forced to face the fact that attacks are not only probable, but that they are real, and the industry is vulnerable to them, ‘Phish & Ships’ reported.

In fact, many large companies were attacked. A few months ago Maersk announced that its IT systems were out of work due to a cyber attack. Initially, the company announced that its systems were down without referring the cause. After a while, Maersk published an update confirming that it has been hit by hackers.