The COVID-19 pandemic made people realize the severity and the power of technology, as well as how easy it is for a cyber-attack to happen; The pandemic led to a digitally connected world, with more and more people working from home, discovering what cyber risks are and how they can protect themselves and the organization they are working for.
As already said, technology comes with great risk. The shipping industry has many times faced the challenges arising from digitalization. However, things are, now, more sensitive than ever as the majority of employers and employees are working from home. For instance, NYK Group announced in early January that has implemented a revised work plan and ordered all of its staff to work from home until further notice.
Step 1: Learn the unknown cyber risks
In general, shipping companies are aware of the cyber threats that exist and take the measures needed to stay protected, either by training and educating employees or by keeping close relations with their IT teams to know what’s next on cyber security.
Yet, with employees working from, shipping companies and the IT must be more alert.
Already known cyber threats | “New” threats |
| Phishing emails and how to detect them | Remote workers are the new targets: Work-from-home systems can be targets for cyber criminals simply because they are often much easier to infiltrate. Keep in mind that hackers potentially can use the home worker’s access information to log into critical business systems remotely. |
| USB sticks and the risks | Man-in-the-middle attack: In cryptography and computer security, a man-in-the-middle attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. |
| COVID-19 scammers asking for money | Denial-of-Service (DoS) attack This attack is meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users, for instance employees, members, or account holders, of the service or resource they expected. |
| Outdated or missing antivirus software and protection from malware | |
| Upgrade and software maintenance | |
| Easy passwords: According to OneLogin, cyber security company, if a password is equivalent to using a key to open a door, a brute force attack is using a battering ram. A hacker can try 2.18 trillion password/username combinations in 22 seconds, and if your password is simple, your account could be in the crosshairs. |
Step 2: Change the mindset
If the first step of understanding the cyber threats and learning to recognize them is achieved, the next step would be to change your mindset around cyber security.
Tyler Cohen Wood, cybersecurity expert and former senior intelligence officer with the Defense Intelligence Agency, explained that the top priority for enterprise is to manage threats that have grown due to work-from-home measures.
She commented that
As a society, we went from being 90% reliant on technology to about 99.9%. The whole world had to shift to this new method of working very quickly, and it took a while to get some of the kinks out.
Moreover, it is important to understand that no matter how many tools a company has, cyber security won’t keep up with the challenges, unless the security itself focuses on people.
For people to succeed in 2021 and beyond, Wood notes that cybersecurity awareness must transcend the company and touch upon every level: personal, family, national and global.
Overall, cyber security should be the centre of attention from now on; Complacency is an attribute that hackers look for in their potential targets. Those who work from home remain a vulnerable target.
