IHS FAIRPLAY

Danish Maritime Days 2016

Issue link: http://read.uberflip.com/i/739182

Contents of this Issue

Navigation

Page 25 of 27

26 | October 2016 | Fairplay.IHS.com cybersecuritydownthechaintoITspecialistsinstead ofmakingitaboardroomresponsibilitywouldleadto cyberissuesbeinggivensecond-levelattention.Few chiefexecsappeartorecognisethethreattheseattacks canposetofinances,operations,andreputation. Aboutone-quarterofattackersarethoughttobe disgruntledemployees,breakingintoknownsystems tocauselimited,althoughinconvenient,damage.The restarearangeofmalcontents,fromteenagerstesting themetaphoricaldoorstoseeiftheyopentocyber terroristswithanarmouryofmalware,hacking techniques,andphishingscams.Fewofusknowabout SmurforPingofDeathattacks,orzombiecomputers andzero-dayviruses.However,cybercriminalsdo,and theyhavelittleregardforwhotheyhurtintheprocess. Sowhatcanbedone?Thefirststepmustbewide- spreadeducationabouttheproblem,bywhichIdon't meanthebreadthanddepthofcybercrime,ratherthe failureofthemaritimesectortotakeitseriously.The nextstepistoacknowledgethatagreatdealofthe answerliesinrestrictingaccesstocriticalsystems, buildinglayersofprotection,andupgradingprotection asoftenasisnecessary.Thisconferencewastoldseveral timesthatthereisnosuchthingasafullysecure system,howeverhackerswon'twastetimeattempting tobreakintowell-defendedcompanieswhenthereare softertargetsunawareoftheirvulnerability.Ittakes justasingleweaknessinsoftwaretojeopardisea company'sentirebusiness-criticalsystems. Agoodthirdstepshouldbetoadmitthatacyber attackhastakenplace,butonlyafterthevictimhas investedinmuch-improvedsecurity.Untilthat happensthereislittlechancethatotherswillfollow.A directoroftheUSFederalBureauofInvestigationsaid thereweretwotypesofcompany:thosethathave beenhackedandthosethatwillbehacked.Thereal vulnerabilityisnotsoftware,ratherit'sexecutives whoignorecybersecuritywarnings. ↘ Shipping's awareness of cyber security lies somewherebetween'low'and'non-existent'.Wehave allheardofit,weknowweshouldbedoingsomething aboutit,howeverasyetthere'snoappetiteinaweak markettotackleissuesthatprobablywon'taffectus. Seniormanagementisn'ttakingitseriouslyandthere areveryfewreportsinthemediaofcompetitorsbeing hit.Solet'swaituntilthere'sabitmorecertainty,and alotmoremoneyinthebank,untilweputcyberat thetopofouragenda. It'strue:therehaven'tbeenmanyreports–and there'sagoodreasonforthat.Toadmityouhavebeen victimofacyberattackleavesyourcompanyvulnerable tocopycatattackers,aswellasgivingsignalsto charterers,insurers,potentialfinancialbackers,and evenemployeesthatsecuritysystemsarelessthan robustinsomeway.Evenasmallbreachcandamage reputation,so,toavoidquestions,pushitundercover. However,therearehundreds,perhapsthousands,of attacksknowntothesecurityexperts–oilandgas installations,bankaccounts,personaldataattelecoms firms.Ononeoccasion,ashipinNewYorkharbourhad itsECDISaffectedbyavirusthatemergedfroma seafarer'scellphoneoncharge.Elsewhere,ahospitalin Hollywoodwashitbyransomware,atypeofmalware thatrestrictsaccesstoacomputeruntiltheuserpaysa ransomtohaveitremoved.Airlinebookingsystems havebeenbroughtdownandbusinessoperations' softwaresystemsbrokeninto.It'sglobal,indiscrimi- nate,andanonymous. SokratisKatsikasfromtheNorwegianCentrefor CyberInformationandSecuritytoldanexcellent conferenceinNicosiaon11Aprilthatthetopvulner- abilitywaslackofcybersecurityawarenessand trainingamongemployees,thencameremoteworking, followedbylimitedcybercultureamongvendors, suppliers,andcontractors.Andit'snotjustrecent employees:seniormanagerswerewarnedthatpushing 'To admit you have been the victim of a cyber attack leaves your company vulnerable' Shutterstock Taking cyber security seriously FAIRPLAY Industry insight

Articles in this issue

Links on this page

Archives of this issue

view archives of IHS FAIRPLAY - Danish Maritime Days 2016