As maritime technology undergoes rapid digitalization, stakeholders become more reliant on software and information systems to carry out their daily activities. Increased reliance on this connectivity exposes the industry to potential cybersecurity risks.
In that regard, ABS Wavesight and ActZero published a white paper to explain the role technology and regulations play, and how companies can better prepare for potential attacks. The report highlights the need to modernize security defenses.
The need for modernization must be balanced with the ability to defend your cyber access points.
Paul Sells, CEO at ABS Wavesight, and Sameer Bhalotra, CEO at ActZero identify the following critical cybersecurity challenges for the maritime industry:
#1 Ransomware attack: There are organized crime groups around the world—real, effective, organized businesses— run by criminal groups, who are perpetrating ransomware attacks on companies large and small
#2 Email attacks: If a criminal steals an executive’s internal emails about upcoming business plans, It could be devastating. Typically these attacks are also conducted for ransoms or for extortion.
Ransomware attackers are targeting companies when they are on downtime, nights and weekends, or when key administrators are on vacation. They absolutely plan to hit companies when they are weak and least expect it.
…Sameer Bhalotra, CEO at ActZero said.
The report suggests the that a virtual cyber defense war room should be planned for in the eventuality of an attack. This should include the business’ general counsel, finance leads to lock down bank accounts, all of the business’ chief executives, and its regulatory affairs function– because the government is going to want to know what’s happened. In addition, a PR team should start alerting customers and the public about the breach to begin.
A history of cyber attacks within maritime industry
The report further considers some of these sobering figures from ransomware attacks from leading, global shipping companies in the recent past:
In 2017:
Maersk, based out of Denmark, had a major malware attack that hit all of their servers, causing, as their IT teams were quoted, “100% destruction of anything on Microsoft at Maersk”. 49,000 laptops and 3,000 servers were bricked. And the attack resulted in $350 million ((US) in total losses.
In 2021:
- K-line, from Japan, suffered two breaches in the same year. The largest took 10 whole days to contain.
- HMM in South Korea was hacked resulting in days of downtime.
- CMA CGM, a shipping company out of France lost their customer data and their trust.
- Swire Pacific out of Singapore lost confidential information– proprietary PII. Danaos in Greece had a cyberattack that caused them to have disrupted communications with their fleets.
In 2023:
Most recently, DNV in Norway, experienced a targeted ransomware attack on their ship manager software that hit 1,000 of their vessels
4 key steps to better prepare for cyberattacks
STEP 01 – Make a plan
As Paul Sells, ABS Wavesight, explains ‘the first thing I would say is get prepared, make a plan, and make an investment in ensuring that you understand the systems that you’re using and you understand what controls you have in place with both people and technologies.’
STEP 02 – Hire a CISO
Most companies have someone who is leading security: A chief information security officer (CISO), occasionally, this is a contracted position, and a virtual, fractional chief information security officer will suffice for the size of the organization. This role is responsible for building a cyber defense plan.
STEP 03 – Use two-factor authentication
This is when an app sends a code to a user’s phone, or an authenticator app is used on their phone to enable entry at another access point (like a laptop). Some experts say that using two-factor authentication can stop 90% of cyberattacks. Most services have that two-factor authentication as an available setting– often for free.
STEP 04 – Invest in a managed detection response service
A managed detection and response service vendor can provide a whole set of services to help an organization meet its insurance requirements, procurement requirements, and regulatory requirements all in one bundle. This includes software running on endpoints, network security, email firewalls and constant threat monitoring.
