Cybersecurity landscape is changing: What’s next?

Let's take a look at what happened recently in the maritime "sphere" with regards to cyber security.

Earlier this July, Cosco’s operations in the US were hit by a cyber-attack. As a result, its daily operations in the US were affected. The company's operations outside the US were not affected; neither did the terminal operations, according to reports.

Reality has proven that cyber-attacks in shipping are happening all too often. Another example  is the cyber-attack against Maersk. Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m including:

• loss of revenue
• IT restoration costs
• extraordinary costs related to operations

All began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.

How can shipping companies, therefore, keep pace with the agile development that cybercriminals are employing  in 2018 and how do they pinpoint the recycled vulnerabilities being used?

5 major cyber security problems in today's shipping industry

1. Shipping organizations work carelessly with unauthorized data carriers
2. Authorized data carriers are insufficiently checked by security software after downloads of updates for navigation equipment (ECDIS )
3. Lack of effective security software and/or maintenance
4. Lack of training of the on-board management staff in handling internal networks, through the use of security software
5. Lack of board leadership

Lack of board leadership in the spotlight

"Given the increasing pace and complexity of the threats, corporations must adopt approaches to cybersecurity that will require much more engagement from the CEO and other senior executives to protect critical business information without constraining innovation and growth."

McKinsey reported some years before

Today, most shipping companies know that cybersecurity is a critical issue that simply cannot be overlooked. However, problems cannot be solved if not communicated first. How many of them implement preventive policies to avoid falling victim to a cyber-attack? How many of them have a plan on how to ”clean up the mess” and superintend the fallout?

Getting to a new bussines-driven cybersecurity model

Cyber security is for shipping operators as much as it is for technical people. Leaders must be wholeheartedly involved in order to gain cyber resilience and effectively protect their organizations from cyber threats.

"Shipowners must accept the fact that at some point their company will be compromised by a cyber threat which will significantly impact their operations organization wide."

says Max Bobys,Vice President, HudsonCyber

The most important consideration for cyber resilience is the idea that an organization deploys its assets (people, information, technology, and facilities) in support of specific operational missions (i.e., scope of organization, day by day business.)