Library

Cyberattacks targeting vessels - A vulnerable maritime industry

Written by Globetech | May 29, 2019 1:28:00 PM
Study finds increasing numbers of unrecorded cyberattacks on public and private norwegian businesses. The maritime industry is particularly vulnerable, expert says.

The latest Unrecorded Statistics Study from the Norwegian Business and Industry Security Council shows an increasing number of unrecorded cyberattack events aimed at public and private Norwegian businesses.

Despite the rising numbers of unwanted events, focus on cybersecurity is still not on top of the agenda of business leaders, according to Stein Erik Andersen, Chief Technology Officer at Globetech. 

- We see a lot of cybersecurity incidents today that aren`t talked about in the open. This can cause companies to downgrade the importance of cybersecurity, because the potential risks and consequences aren’t being raised, Andersen says.

Businesses face a different set of cybersecurity risks today. One aspect is loss of company data, which can cause significant challenges and concern to the company. Another scenario is the infection of malware on core IT infrastructure. This can cause computers and servers to shut down, affecting the entire business operation.

- Without the awareness of such major risks it is easier for business leaders to think «cyberattacks will probably not happen to my company», which is a bad strategy, he explains. 


Vulnerable Maritime Industry

Andersen considers the maritime industry as particularly vulnerable to cyberattacks - even though the industry has made some progress in the last few years. 

- But the general awareness is still not good enough. For example, the IT systems and infrastructure onboard an average vessel is often very fragile and easy to attack.

As an example, a dialogue-thread from Twitter shows hackers discussing how they “easily” took control of a ship through its VSAT system.

- This is quite dramatic, he says, before underlying that a cyberattack on a shipowner and vessel(s) could also potentially result in loss of ship patents - or even worse, ship drawings and other sensitive information vital to the company.

- Data breaches can lead to the spread of cheap duplicates in the market, and malware could also cause an entire ship to shut down all its operations. Such a scenario would be critical to avoid, as it would lead to vast consequences and potential loss of revenue for the shipowner.

 

Prevent the Risk of Human Error

Andersen urges shipowners and maritime leaders to deploy an operational and hands-on focused safety culture to avoid cyberattacks.

- Do not let the company attention on cybersecurity grow static. Implement a strong and dynamic focus on cybersecurity throughout your organisation. This is really the only option in order to keep pace with potential threats, he says. 

He also urges the importance of building a cybersecurity awareness culture throughout the organisation, from onshore offices to offshore personnel.

- The reason behind this is that most security breaches occur due to human error. If a company builds a security awareness culture, such human errors could be, if not eliminated, drastically reduced.

Estimated 90% of all cyber security breaches are a result of human errors, and therefore Globetech provides services such as the “Security Awareness Program”.

- We have in addition to technical solutions provided services such as the “Security Awareness Program” to shipowners and their employees in order to reduce the risk of cyberattacks and breaches. The program has been an essential factor in order to raise the knowledge and awareness of cybersecurity among leaders and the entire organisation, and thereby reducing the risk of cyberattacks, he says. 

Read the full Cybersecurity report from The Norwegian Business and Industry Security Council here.