01 Nov Maritime Cyber Security: How vulnerable your company is?
Digitisation is nowadays determining the way we do business, creating vast opportunities, but also introducing risks to industries worldwide.
Shipping makes no difference with it’s expanding fleet carrying around 90 per cent of world’s freight. Vessels are equipped with modern 4.0 technologies, which are vulnerable to a range of hacking incidents. This includes ghosting of GPS systems, taking over of command and- control systems, disruption attacks, ransomware and even cyber commercial intelligence gathering. The fact that there is no official report about cyber-attacks hitting the maritime sector speaks for itself. Companies are reluctant to provide such information, in order not to damage their reputation.
As of January 1, 2021, cybersecurity must be addressed by all players in the shipping industry and incorporated into their Safety Management Systems, SMS.
There are many access points on a vessel for cyber pirates to take control of data, systems or access.
Markus Schmitz of SOFTimpact, addressed the question at multiple events on Cyber security, confirming that indeed many on-board systems have vulnerabilities including GPS, AIS, ECDIS and Satellite communications.
With greater automation and machines standardising security controls, we humans are increasingly being recognised as the weakest link in a company’s security programme. It is believed amongst many that the biggest vulnerability to cyber-attacks lies with staff.
Multiple recent surveys imply a lack of training in the basics of internet security and reinforce the case for staff training. Other researches show that, ransomware attacks in 2019 are up 26 per cent from one year ago with more than half of organisations encountering a ransomware attack that directly impacted business operations.
Vigilance for ‘the human element’ and a thought-out recovery strategy to mitigate against multiple, automated assaults are also critical.
Before you begin writing your response plan, it’s worth conducting a thorough risk assessment of your organisation to understand where you may be vulnerable. In tandem, define the key individuals who need to be ‘on deck’ during a cyber incident. Document roles and responsibilities as well as contact information, ensure there is an emergency communications’ plan in place and don’t rely on email addresses or desk phones as they may be taken offline during the breach.
SOFTimpact can help with Risk assessments, technology consultancy, cyber defence planning and educate your staff to be Cyber mature, etc.