Employee training and IT security investment are shipping’s best defences against cyber criminals, Martin Wallgren, Chief Information Officer at GAC Group, reports.
While the pandemic temporarily curtailed many aspects of life, cyber criminals continued their online activities unabated. In fact, there was a significant uptick in this type of crime when COVID lockdown restrictions were in place around the world with 30 billion data records stolen in 2020. According to tech market analysis firm, Canalys, that is equal to more than the past 15 years put together.
In addition to the growing number of attacks, cyber risks have diversified. Deloitte’s Cyber Risk Team identified several types of perpetrators that are of growing concern to global business. Among them, there are “hacktivists”, better known as the people fighting for social and political issues through technological means, and “script kiddies” that comprise of junior hackers probing organisations’ cyber defences in the hope of gaining access to earn credit from like-minded individuals. While this new breed of cyber attackers begins to make their mark on businesses, behaviour patterns and tactics of experienced hackers is also evolving, with criminals testing the data security measures that are more vulnerable in a home working environment.
When it comes to cyber security attacks, it’s not a case of ‘if’ an attack will happen, but rather when. As remote working and increased reliance on technology become entrenched into working life, being prepared is more important than ever.
Staff – the first line of defence
At GAC, we believe that the human link represents both our greatest weakness and potentially our greatest protection. That’s why we put a premium on training and equipping people for the changing world of work. Businesses must be quick thinking and flexible, and have a business continuity plan that all staff understand and can put in place in a worst-case scenario.
Raising awareness and giving staff and their customers the tools to spot potential warning signs is key in preventing a catastrophic cyber-attack. Training homeworkers is a top priority, as they may be more vulnerable to suspicious emails without instant feedback and the chance to sense check content with peers ‘in the room’.
Boosting IT security resources is also critical to countering the threat from cyber-attacks. The security level organisations select must be relevant to their businesses. One of the universal challenges across the shipping industry is that off-the-shelf security solutions are often simplistic, easy to understand, and therefore sell well. However, critically, they do not always meet the needs of maritime companies. Those selecting cyber security systems and staff need to understand what they are trying to protect and what hackers need to have to get past the security systems that are in place.
Tailored approach
Ultimately, as social engineering techniques by cyber hackers have become more sophisticated, the shipping industry needs to respond with a business-by-business approach. Understanding and preparing for cyber risks specific to individual organisations is imperative, as is a thorough understanding of how cyber threats will change as the pandemic continues to redefine global enterprise. With the new Omicron variant taking hold in many regions, business leaders cannot afford to delay new cyber security measures and resources to protect their staff and businesses.
The views presented hereabove are only those of the author and do not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
