It is known that the global coronavirus pandemic is testing all aspects of everyday life. However, during this crisis it is observed an increase in cyber-attacks following the new reality of remote working. In light of the situation, speakers at the “Becoming cyber resilient: Past, present, future” SMART4SEA Talk focused on the latest trends with regards to cyber security within shipping industry.
mong others, experts brought to the table issues around the ways to tackle cyber threats, how maritime companies can become cyber resilient and recover from such incidents.
The maritime industry like most other sectors is rapidly depended on digitalization, connectivity and automation in order to improve its efficiency and reliability. Although this dependence means an increased exposure to a greater risk of cyber-crime.
According to Akshat Arora, Senior Surveyor at Standard Club, those risks are dependent not only on systems and processes but also on how they are use. That simply means the human factor.
The pandemic has forced organizations and individuals to embrace remote work practices with greater reliance on electronic systems. This crisis has also given the opportunity to malicious cyber actors to exploit the situation.
… Akshat Arora added.
- Integrated IT (Information Technology) and OT (Operational Technology) on ships
- Complex shipboard systems- more vulnerable to cyber attacks
- Remote work practices- greater reliance on electronic systems
- Risks dependant not only on systems and processes, but also on how they are used- the human factor
- Increase in malware, ransomware and phishing emails, exploiting during COVID-19 pandemic
- Surge in shipping cyber-attacks since February 2020
What is more, Akshat Arora urged that it is crucial for all shipping companies to have a cyber risk management plan to know how to react and better respond to a cyber threat.
Speaking of cyber security, Mark Sutcliffe, Managing Director at Maritime Cyber Alliance shared that the estimate of 1% of the world’s GDP is lost to cyber-crime, meaning an estimated 1.5 trillion dollars per annum.
“But what do the hackers do with this colossal amount of money? Well, they are investing in new tools, training and new talents. In fact, they give them pensions, bonuses or holidays. So, don’t even think for one second that this whole situation is not going to accelerate or continue”.
… Mark Sutcliffe said.
As explained, 33.10% of companies who do actually pay a ransom, don’t get their data back, and that is incredibly serious.
Based on lessons to be learned from past cyber accidents, Jim McKee, CEO at Red Sky Alliance marked that training methods, awareness, backup of data, enhanced security measures, encryption and two-factor authentication are key elements in dealing with malware attacks.
Following the above, Mark Sutcliffe noted that apart from training their staff, companies need to focus on how to recover from an incident. Namely, business continuity and a digital recovery plan are part of going forward.
3 out of 4 companies that have this plan, recover in 24 hours. If you don’t have a recovery plan, do not expect your business to recover. You need to be at the forefront. It is not just the IT department that takes care of the cyber-attacks, as everyone has to be fully engaged.
Answering the question of Mr. Apostolos Belokas on the knowns and the unknowns with respect to cyber resilience in shipping so far, Akshat Arora stated that:
“The sophistication of the attacks basically shows that whatever firewall you create, the hacker may eventually cross over it. Therefore, it is essential for the systems to be able to recover. In general, cyber resilience, is the ability of the businesses to not only prevent and protect themselves against cyber-attacks, but also to adapt to the changing environment so that they can detect the next one.”
Moreover, Jim McKee urged that people and staff need to be aware of the risks and well-prepared on how to react. “Companies need to provide on-going training to their employees, look very carefully everything that comes through, ask questions and alwayss follow protocols”.
Concluding, Mark Sutcliffe stressed that shipping players must stop trusting each other, anonymize and share their experiences from a cyber incident and most importantly train their people.
See the SMART4SEA Talk herebelow: