According to the IMO, maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
The importance of training
There has been great discussion around cyber security and what the industry can do to remain safe and resilient; Every discussion concludes to the utmost solution: training.
Back in 2017, a study conducted by NSSLGlobal revealed that 84% of crewmembers claimed to have received limited or no cyber security training from their employers. The survey was conducted among 571 crewmembers and reported that despite the fact that 64% of crew accepts the responsibility for security of on-board IT systems, the vast majority of maritime employers do not help crews understand the risks they face, and how to parry them.
Today, cyber security is more crucial than ever, keeping in mind the latest cyber attacks that took place, with the one that caught the world’s eye, against the IMO.
Key topics for training
The following can be topics for training to ensure that onboard and ashore crew are aware of cyber-attacks and will be able to deal with challenging situations:
#1 Different forms of cybersecurity threats:
The first step is to educate employees of the various ways that a threat can present itself. It is crucial to identify and present potential security breaches, and this can be achieved by understanding the signs of a potential attack.
#2 Importance of password security:
The simple passwords are vulnerable to cyber-attacks. They can be easily unlocked.
Make your employees understand the critical role of a strong password. The employees must be aware that a strong password should consist of a combination of symbols, letters and numbers.
The Korean Registry informs that a hacker in order to obtain an account for a user, they try all the character combinations of usernames and passwords by repetitive manner until the user's account are matched to get the account information.
The infographic below, was issued by the UK National Cyber Security Centre (NCSC), to present how a password can be hacked.
#3 How to identify and report cybersecurity threats:
When the employee is educated enough to understand the signs of an attack, such as clues about a lurking malware, virus, password hack or a phishing scam, the next step is to educate them how to report the red flags and who to rapidly inform about the suspicious intrusions.
#4 Email, internet and social media policies:
Emailing and browsing habits of an employee can expose the company to attacks. Consequently, it is crucial to include policies and guidelines in your training for using email, Internet and social media platforms.
#5 Implement a cyber security awareness program
Creating a program specifically for cybersecurity training is a valuable way to mitigate many of the risks associated with malicious attacks.
Plan a quarterly or biannual review with all employees to discuss emerging security trends, potential risks to personal and business security, and the steps that should be taken to avoid being targeted.