While the rest of the world has been actively fighting cybercrime for 20 or more years, the marine industry is slow to join the battle. The reasons for this vary, but are due in part because for years, marine assets have largely been protected by isolation at sea and limited internet connectivity (until about five years ago). Traditionally, our industry has also valued experience over automation, leaving many maritime companies underserved technologically. And, perhaps most importantly, the majority of marine companies own very little consumer or financial information of commercial value to a cybercriminal.
These protections, however, are not enough, as proven by recent attacks – including one that occurred within a well-known maritime company's IT infrastructure – because times and cybercrimes are changing.
Per Verizon’s 2017 Data Breach Investigations Report, 66 percent of all cyber security incidents are attributable to the human error of clicking on or responding to malicious emails, techniques known as pfishing or waterholing. As maritime companies adopt new technologies to operate and manage their vessels and businesses, they offer cyber criminals new doors (and data) to unlock. With an unsuspecting employee's single click, viral spread is now amplified through his address book, which the viral program uses to spread to other employees and the company's shared systems.
Case in point: a recent Reuters article addressed the still-fresh cyber-attack experienced by the well-known maritime company referenced earlier. The article stated that the fact that the well-known shipping giant " ... Had been affected rang alarm bells for the whole shipping industry, as [the company] was regarded as a leader in IT technology." It went on to say that the attack proved that the shipping industry is lagging behind other industries in terms of cyber security.
Additionally, recently published international law firm Norton Rose Fulbright transport survey results show that 82 percent of respondents from the shipping industry believed cyber-attacks would increase over the next five years – a level higher than their counterparts' predictions in the aviation, rail and logistics industries.
The information is sobering. But the good news is that today's technology also provides businesses with many tools to fight against these intruders. Some of these include:
- Software that identifies a virus' behavior rather than profile, stopping it before it gathers information or does damage;
- Tools that allow employees to access only safe or approved websites from company-owned computers, rather than try to identify and block all risky destinations; and
- Systems that use biometric assets, such as a fingerprints, to protect sensitive data.
But even with the technologies mentioned above, the risk still exists if an employee can’t identify a phishing email and doesn't know how to quarantine it. Because of this, security awareness and education is one of Crowley’s core strategies for defending against cyber-security incidents.
While no defense is ever fully fail proof, it’s clear to us at Crowley that educating employees about recognizing and responding appropriately to threats is the most powerful tool we possess in preventing cybercrime. As the cyber world continues to evolve, it is our hope that the entire maritime industry embraces increased awareness, makes employee education a priority and utilizes strong virus-prevention technologies so that no one will experience cybercrimes in the future.
Authors: Crowley's Amiee Cords, director, technology, and Maria Hope, manager, technology