Cyber Attacks: A Minor Casualty or Today’s Biggest Threat?

Manos Roudas, General Manager, Aspida gave a presentation entitled ”Cyber Attacks: A Minor Casualty or Today’s Biggest Threat?” at the 2015 SAFETY4SEA Athens Forum. He focused on the recent cyber threats which are a growing menace with a significant impact on operations as well as disastrous consequences for business continuity. He analysed issues in order to be secured from cyber-attacks such as the impacts of an attack, ways to be secured from threats, measures taken under attack, how to realise you have become a target, how to avoid a targeted attack, what a hacker is looking for and who is responsible to secure the company.

90% of the worlds goods come from the sea. This is 400 billion dollars industry actually. At the same time 18 /20 container lines were found to be vulnerable to hackers, to people that can gain access to their systems.

37% of server computers on ships are also vulnerable to hackers. So lets see what people think about cyber security. Lets see what you think. Most people turn to think that it is something very technical that should only concern the IT guys. Other people believe that it is pure science fiction like Hollywood movies. And some others think that it is such a kind of thing that only happens to other people.

As a matter of fact, cyber security and cyber threats are real; they are here and can have a dramatic impact to our business. What this may be? This may be the halt or the obstruction of operations. Lets imagine that one morning you arrive at the office and you have no access to your computers. You and no one of your colleagues. And this situation cannot revert. Actually the clock is ticking, hour passes and you can do nothing about it. How long do you think you can survive without internet or computers in the office?

The second threat is the disclosure of sensitive or classified information. For example imagine that you have a phone call late at night, letting you know that all of your company information has gone public. And when I say all I mean all. Even the files that you keep privately in your own laptop.

Who may have done this and why? Usually behind the cyber-attack are:

• Criminals looking for financial gain
• Hackers looking for a challenge
• Hacktivists
• Competition
• Nations states

And what are they looking for? Well if its not for their fun, this may be for your harm, your money or both.

I am sure now you are wondering if you have heard of such an incident. Well dont worry because you may havent. Because in most cases victims are not aware that they have been attacked until it is too late. And even then, they prefer to keep it to themselves. Because they are afraid that such publicity may heart their reputation.

So why is maritime an attractive target? The maritime specifically is a very attractive target to hackers. If you ask me, this is mainly because they are very vulnerable. The IT departments are usually kept separately in the offices, they dont engage in the daily operations unless something goes wrong. And then these guys go out of the room and they come up. This is usually the situation in most companies. And also there is a lot of money in the shipping industry. Therefore, if somebody is looking for money its the right place to attack.

What is the door that is usually left open to hackers? People are. Not the systems. This is what we call the social engineering. It is actually how people treat their computers. Not the computers and the networks themselves. Social engineering concerns the way that we perform our operations. Not part of it such as the data network.

And now lets move to the interesting part. I am going to tell you three stories. Stories that actually happened very recently. They are from real life and they happened to people like you and me. The first one; There is a big maritime company that had a very good investment in IT and securing their IT systems. They had the most expensive hardware, they had very sophisticated software and they had all the procedures in place. They were very serious about their procedures the use of their passwords and the accessibility of their networks. They had everything set up. Until someday, there was a rejected candidate that on his way out he noticed a little post-it note that was in front of the receptionist. And that post-it note had this magic word that gave him access to the companys network. So he could use these credentials to enter the companys network and take his revenge.

There was another maritime company where the management felt that they had done everything good to secure their network. They also had expensive hardware, software and they have taken every measure to keep hackers out of their business. Well almost. Because hackers do not always come through cyber doors. Sometimes it is easier to come through the normal doors or windows. Especially if they can open them with a screwdriver or a credit card. And then they can have full access to the information. The hacker of this story broke into the office and just took the server computer and walk out the door. That is simple.

And then there is a team of hackers that they wanted desperately to have access to the systems of a container line. Although they have tried many ways using sophisticated and advanced tools, they could not get in. Until they discovered that the easiest way to do so was actually to hack the Facebook accounts of some of the employees. And they have done so. They tried these passwords and they found that they could access the company network with these same credentials. They had not only one but several working passwords to complete their task.

Another incident happened in May 2015 and it involved company called Black Gold. These guys actually have been attacked by a team of Nigerian hackers, therefore the danger in the Gulf of Guinea, is not only physical but also cyber. It took them several days to restore their operations.

This is why nowadays there is a big phase about cyber security. Those of you remember the first days of Somali Piracy back in 2009-10 you may find similarities in todays biggest threat in shipping. And if you are still wondering whose responsibility it is to take care of cyber security, it is everyones. It concerns the IT people, the management and every employee. Better safe than sorry!