Industry needs to develop cyber defenses
When the term cyber risk is mentioned, this typically invokes one of three different mental associations with most people. Either it signals that this is a highly technical area on which they have little or no influence, or that this is the realm of writers of action movies featuring geeky characters or finally that this is something which only happen to someone else. This behavior is replicated for the majority of business industries, including the maritime sector.
CyberKeel has just released a whitepaper analysing the current status of cyber risks and cyber security in the industry.
The three typical reactions mentioned all lead towards the same behavior. Most people get to the conclusion that cyber security is the responsibility of the IT department, and apart from that there is nothing they can really do. Unfortunately this has a direct, and negative, impact.
Certainly some aspects of cyber security requires technical knowledge and skill, but need to be seen in the context of several other aspects which tend to be non-technical in nature.
First of all, management need to be involved in making decisions pertaining to the level of security a company wants, as very often increased levels of cyber security comes at the price of having to modify business processes in such a way that daily business operations might be impacted. It is then a clear strategic risk decision which has to be made, and not a specific IT decision.
Secondly, the most vulnerable attack point related to cyber security is people. Hacking into company systems using only your computer from afar, whilst possible, is often quite difficult if the company has good cyber defense systems. However, getting employees to do things online, which they should not do, or attacking the employees smartphones while they are at conferences, or getting physical access to an office and installing your own devices into employee computers, is much easier. Hence a defense strategy pertaining to cyber security can only be effective is it includes careful consideration as to how you want your people to behave, as well as how you actually get them to comply with any rules you establish.
The maritime industry is of paramount importance to almost all countries globally. Cyber attacks within this sector does therefore not only have ramifications for the companies involved, but also have national security implications as well as the ability to impact the finances of entire nations. Our aim with this whitepaper is to illuminate the current status in the industry, in order for the industry to use this as a starting point for increasing cyber defenses.
Further details may be found by reading the withpaper Virtual pirates at large on the cyber seas issued by CyberKeel.