Subscribe to our Mailing Lists (It's free!)
Friday, June 2, 2023
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Worker looses life in incident on Woodside’s North Rankin Complex

    Worker looses life in incident on Woodside’s North Rankin Complex

    EU proposes new measures for safe and green shipping

    EU proposes new measures for safe and green shipping

    UK MAIB

    Lessons learned: Never leave the scene of a collision until everything is under control

    Lessons learned: Always ensure you have an accurate picture of the traffic situation before departure

    Lessons learned: Always ensure you have an accurate picture of the traffic situation before departure

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    Book Review: A role model for ship managers

    Book review: The politics of sustainability in the Arctic

    contemplation as a spiritual practice

    Contemplation: Directing the mind towards what’s important

    power of hug

    The power of hugging: How it affects our health

    Impostor Syndrome

    Mental Health Focus: How to deal with Impostor Syndrome

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Grimaldi orders two new ammonia ready car carriers

    Grimaldi orders two new ammonia ready car carriers

    MT NORE METHANOL BUNKERING BUNKER ONE

    Bunker One launches methanol-ready bunker tanker

    Smart Green Shipping and NTS join Winds of Change

    Smart Green Shipping and NTS join Winds of Change

    Maersk: Electricity availability limits e-fuels in the maritime industry

    Maersk: Electricity availability limits e-fuels in the maritime industry

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    The Zulu 4 canal vessel completed a 16.5-kilometre circuit using autonomous and remote operations technology

    Kongsberg completes another autonomous vessel operation

    ONE orders 10 vessels ready for methanol and ammonia

    ONE joins GSBN in paperless trade

    Kongsberg completes autonomous operation of coastal vessel

    Kongsberg completes autonomous operation of coastal vessel

    communication onboard, connectivity

    IMO Sub-Committee considers introduction of VDES into SOLAS

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
    Ship detentions in Paris MoU in February 2021

    AMSA bans bulk carrier Babuza Wisdom for 90 days

    tanker arrested in singapore

    AMSA convicts master and company after pilot ladder injury

    amsa planned maintenance fic

    OCIMF Annual Report 2023: Key amendments and additions under SIRE 2.0

    civil penalties, fines

    Spain fines tanker for illegal STS transfer

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    What does Europe’s ‘Fit for 55’ mean for shipping?

    FEPORT: Policymakers should ensure a level playing field has context menu

    IMO and South Korea sign agreement for gender equality in developing countries

    IMO and South Korea sign agreement for gender equality in developing countries

    BIMCO Q2 2023: Dry bulk market outlook

    BIMCO Q2 2023: Dry bulk market outlook

    Port of Stephenville to become green hydrogen hub

    Port of Stephenville to become green hydrogen hub

  • Columns
    Back To The Future: How Rotor Sails are now a credible option to tackle climate challenge

    Back To The Future: How Rotor Sails are now a credible option to tackle climate challenge

    eu ets maritime

    The EU’s objectives for sustainable shipping

    METIS: Digitalisation can assist vessels to achieve optimum performance and minimise their emissions

    METIS: Digitalisation can assist vessels to achieve optimum performance and minimise their emissions

    Trending Tags

    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    Worker looses life in incident on Woodside’s North Rankin Complex

    Worker looses life in incident on Woodside’s North Rankin Complex

    EU proposes new measures for safe and green shipping

    EU proposes new measures for safe and green shipping

    UK MAIB

    Lessons learned: Never leave the scene of a collision until everything is under control

    Lessons learned: Always ensure you have an accurate picture of the traffic situation before departure

    Lessons learned: Always ensure you have an accurate picture of the traffic situation before departure

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    Book Review: A role model for ship managers

    Book review: The politics of sustainability in the Arctic

    contemplation as a spiritual practice

    Contemplation: Directing the mind towards what’s important

    power of hug

    The power of hugging: How it affects our health

    Impostor Syndrome

    Mental Health Focus: How to deal with Impostor Syndrome

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Grimaldi orders two new ammonia ready car carriers

    Grimaldi orders two new ammonia ready car carriers

    MT NORE METHANOL BUNKERING BUNKER ONE

    Bunker One launches methanol-ready bunker tanker

    Smart Green Shipping and NTS join Winds of Change

    Smart Green Shipping and NTS join Winds of Change

    Maersk: Electricity availability limits e-fuels in the maritime industry

    Maersk: Electricity availability limits e-fuels in the maritime industry

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    The Zulu 4 canal vessel completed a 16.5-kilometre circuit using autonomous and remote operations technology

    Kongsberg completes another autonomous vessel operation

    ONE orders 10 vessels ready for methanol and ammonia

    ONE joins GSBN in paperless trade

    Kongsberg completes autonomous operation of coastal vessel

    Kongsberg completes autonomous operation of coastal vessel

    communication onboard, connectivity

    IMO Sub-Committee considers introduction of VDES into SOLAS

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
    Ship detentions in Paris MoU in February 2021

    AMSA bans bulk carrier Babuza Wisdom for 90 days

    tanker arrested in singapore

    AMSA convicts master and company after pilot ladder injury

    amsa planned maintenance fic

    OCIMF Annual Report 2023: Key amendments and additions under SIRE 2.0

    civil penalties, fines

    Spain fines tanker for illegal STS transfer

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    What does Europe’s ‘Fit for 55’ mean for shipping?

    FEPORT: Policymakers should ensure a level playing field has context menu

    IMO and South Korea sign agreement for gender equality in developing countries

    IMO and South Korea sign agreement for gender equality in developing countries

    BIMCO Q2 2023: Dry bulk market outlook

    BIMCO Q2 2023: Dry bulk market outlook

    Port of Stephenville to become green hydrogen hub

    Port of Stephenville to become green hydrogen hub

  • Columns
    Back To The Future: How Rotor Sails are now a credible option to tackle climate challenge

    Back To The Future: How Rotor Sails are now a credible option to tackle climate challenge

    eu ets maritime

    The EU’s objectives for sustainable shipping

    METIS: Digitalisation can assist vessels to achieve optimum performance and minimise their emissions

    METIS: Digitalisation can assist vessels to achieve optimum performance and minimise their emissions

    Trending Tags

    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Allianz: Best practices to improve IT security

by The Editorial Team
October 27, 2022
in Cyber Security
it security

Credit: Shutterstock

FacebookTwitterEmailLinkedin

In a new report, cyber insurer Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

During the Covid-19 crisis another outbreak has happened in cyber space: a digital pandemic driven by ransomware. Malware attacks that encrypt company data and systems and demand a ransom payment for release are surging globally.

The increasing frequency and severity of ransomware incidents is driven by several factors: the growing number of different attack patterns such as ‘double’ and ‘triple’ extortion campaigns; a criminal business model around ‘ransomware as a service’ and cryptocurrencies; the recent skyrocketing of ransom demands; and the rise of supply chain attacks.

Five areas of focus

RelatedNews

BIMCO Q2 2023: Dry bulk market outlook

Kongsberg completes another autonomous vessel operation

In the report, AGCS identifies five trends in the ransomware space, although these are constantly evolving and can quickly change in the ‘cat and mouse’ race between cyber criminals and companies:

  1. The development of ‘ransomware as a service’ has made it easier for criminals to carry out attacks. Run like a commercial business, hacker groups such as REvil and Darkside sell or rent their hacking tools to others. They also provide a range of support services. As a result, many more malicious threat actors are operating.
  2. From single to double to triple extortion. ‘Double extortion’ tactics are on the rise. Criminals combine the initial encryption of data or systems, or increasingly even their back-ups, with a secondary form of extortion, such as the threat to release sensitive or personal data. In such a scenario, affected companies have to manage the possibility of both a major business interruption and a data breach event, which can significantly increase the final cost of the incident. ‘Triple extortion’ incidents can combine DDoS attacks, file encryption and data theft – and don’t just target one company, but potentially also its customers and business partners. A notable case was a psychotherapy clinic in Finland – a ransom was demanded from the hospital. At the same time, smaller sums were also demanded from patients in return for not disclosing their personal information.
  3. Supply chain attacks the next big thing: There are two main types – those that target software/IT services providers and use them to spread the malware (for example, the Kaseya or Solarwinds attacks). Or those that target physical supply chains or critical infrastructure, such as the one which impacted Colonial Pipeline. Service providers are likely to become prime targets as they often supply hundreds or thousands of businesses with software solutions and therefore offer criminals the chance of a higher payout.
  4. Ransom dynamics: Ransom demands have rocketed over the past 18 months. According to Palo Alto Networks, the average extortion demand in the US was $5.3mn in the first half of 2021, a 518% increase on the 2020 average; the highest demand was $50mn, up from $30mn the previous year. The average amount paid to hackers is around 10 times lower than the average demand, but this general upward trend is alarming.
  5. To pay or not to pay: Ransom payment is a controversial topic. Law enforcement agencies typically advise against paying extortion demands to not further incentivize attacks. Even when a company decides to pay a ransom, the damage may have already been done. Restoring systems and enabling the recovery of the business is a huge undertaking, even when a company has the decryption key.

Main drivers of losses

Business interruption and restoration costs are the biggest drivers behind cyber losses such as ransomware attacks, according to AGCS claims analysis. They account for over 50% of the value of close to 3,000 insurance industry cyber claims worth around €750mn ($885mn) it has been involved in over six years.

The average total cost of recovery and downtime – on average 23 days – from a ransomware attack more than doubled over the past year, increasing from $761,106 to $1.85mn in 2021.

The surge in ransomware attacks in recent years has triggered a major shift in the cyber insurance market. Cyber insurance rates have been rising, according to broker Marsh, while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls employed by companies.

Three out of four companies do not meet AGCS’ requirements for cyber security. Companies need to invest in cyber security. Losses can be avoided if organizations follow best practices. A house with an open door is much more likely to be burgled than a locked house

explains Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.

Best practices

#1 Ransomware identification

  • Are anti‑ransomware toolsets deployed throughout the organization?
  • What proactive measures are in place for identification of ransomware threats?
  • Are policies, procedures, access controls methods and communication channels updated frequently to address ransomware threats?
  • Are in‑house capabilities or external arrangements in place to identify ransomware strains?

#2 Business continuity planning/incident response plan

  • Are ransomware‑specific incident response processes in place?
  • Have there been any previous ransomware incidents? If so, what lessons have been learned?
  • Are pre‑agreed IT forensic firm or anti‑ransomware service provider arrangements in place?
  • Anti‑phishing exercises and user awareness training
  • Is regular user training and awareness conducted on information security, phishing, phone scams and impersonation calls and social engineering attacks?
  • Are social engineering or phishing simulation exercises conducted on an ongoing basis?

#3 Backups

  • Are regular backups performed, including frequent backups for critical systems to minimize the impact of the disruption? Are offline back‑ups maintained as well?
  • Are backups encrypted? Are backups replicated and stored at multiple offsite locations?
  • Are processes in place for successful restoration and recovery of key assets within the Recovery Time Objective (RTO)?
  • Are backups periodically retrieved compared to the original data to ensure backup integrity?

#4 Endpoints

  • Are endpoint protection (EPP) products and endpoint detection and response (EDR) solutions utilized across the organization on mobile devices, tablets, laptops, desktops etc.?
  • Are Local Administrator Password Solutions (LAPS) implemented on endpoints?

#5 Email, web, office documents security

  • Is Sender Policy Framework strictly enforced?
  • Are email gateways configured to look for potentially malicious links and programs?
  • Is web content filtering enforced with restricting access to social media platforms?

#6 Segmentation

  • Are physical, logical segregations maintained within the network, including the cloud environment?
  • Are micro segmentation and zero trust frameworks in place to reduce the overall attack surface?
  • Monitoring patching and vulnerability management policies
  • Are automated scans run to detect vulnerabilities? Are third party penetration tests performed on a regular basis?
  • Does the organization ensure appropriate access policies, enforcement of multi‑factor authentication for critical data access, remote network connections and for privileged user access?
  • Is continuous monitoring in place for detecting unusual account behavior, new domain accounts and any account privilege escalations (administrator level), new service additions, and unusual chain of commands being run during a short time period?

#7 Mergers and acquisitions

  • What due diligence and risk management activities are performed prior to M&A?
  • Are regular security audits conducted on newly‑integrated entities to ensure evaluation of security controls?

EXPLORE MORE AT allianz’S it security guidance

Tags: Allianzbest practicescyber securitycyber threatdigitalizationreports

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

What does Europe’s ‘Fit for 55’ mean for shipping?

FEPORT: Policymakers should ensure a level playing field has context menu

June 2, 2023
IMO and South Korea sign agreement for gender equality in developing countries

IMO and South Korea sign agreement for gender equality in developing countries

June 2, 2023
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Contact

© 2021 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Opinions
    • Book Review
    • Career Paths
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Wellness Corner
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2021 SAFETY4SEA

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Disclaimer.