Cybercriminals and malware that threaten to break maritime operational reliability, damage key systems, and delay cargo delivery carry more risks than what we can fathom. Infected systems can compromise navigation or propulsion, threatening ship safety itself as well as the marine environment. Even a medium-sized breach caused by a cyberattack can cripple an operator by imposing a prohibitive recovery cost.
The fact that the four largest carriers in the world have all been attacked in just the last three years underscores the vulnerability of the shipping industry as a whole. Onshore, shipping companies are just as vulnerable as their counterparts having maritime vessels. The decentralized shipping and logistics setup associated with shipping companies that often have a network of subsidiaries and agents most of whom have access to a broad range of information on the company’s servers and in some cases in vessels expands the attack surface available for hackers
The UN shipping agency IMO itself came under attack a month ago. While the nature of malware and cyberattacks are changing, the cybersecurity posture adopted by shipping agencies and offshore companies connected with the Shipping Lanes of Commerce (SLOC) and the extended supply chains that run across oceans or involve a maritime component is not robust enough.
There are several reasons for this. Since the shipping industry was relatively isolated from onshore cyberattacks till a few years ago, the industry didn’t feel the need to evolve and deploy cyber resilience practices. The emergence of state-backed hacker groups or Advanced Persistent Threat Groups has changed the situation. These groups are working hard to targeted shipping companies associated with critical areas of the national economy in several countries.
Combating cyber risks
Addressing these risks begins with knowing your vulnerabilities and being prepared for a constant increase in cyber threats that are omnipresent and potent. The cyber pirates lurking in the depths and anonymity afforded by cyberspace are already targeting shipping companies and stealing their data and demanding ransom. Unlike the real world where navies and maritime defense forces defend SLOCs, oil tankers, and commercial vessels, the onus of asset cybersecurity lies squarely on the shipping company.
To deal with these rising threats, your business needs to be protected at various levels. Your cyber posture and cyber resilience strategy need to be deep and pro-active to not just defend but also to deter cybercriminals. You need to act to defend and convey trust to your stakeholders to ensure that your cargo moves from port to port in a secure manner while your vessel is adequately protected in cyberspace.
Only a cybersecurity partner with deep expertise and solutions can help you in that endeavor. We at Subex are already working with global shipping companies to secure their assets. We can help you uncover and address threats while staying cyber resilient.
Proof of Value – get in touch with Natalie.firstname.lastname@example.org to book a no-obligation consulting slot, right away. If you mail us over the next 24 hours you can avail a special package designed for your business. Let’s fight this menace together.
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defence tactics at close quarters.