Mitigating Cyber Risks At Sea

/in


Cybercrime is a growing threat to all Internet-connected businesses. 2023 has seen a doubling in the growth of ransomware variants, with a staggering 67% of companies having been victims of such an attack. 93% of organizations have experienced an intrusion targeting their operational technology (OT) infrastructure between mid-2021 and mid-2022, with 83% falling victim to more than three attacks. Attacks like these cost an estimated $600 million in the first half of 2022.1

The rate of cybersecurity breaches in the maritime industry has mirrored this trend. Attempted attacks on maritime information systems rose by 400% in the first few months of the pandemic.2 A report by Cyberstar claims that in 2021, attacks targeting ships increased in frequency by 33%, which came on the heels of a 900% increase in cyber breaches on vessel and port systems in 2020.3

The commercial maritime industry has historically been more conservative than other industries and slower to adopt new and emerging technology, including cybersecurity measures. As a result, commercial fleets and operations have suffered some of the most prominent and costly cyber-attacks, including attacks on the port of Houston, Japan’s “K” line, DNV, Carnival Cruise Lines, and many more.

Attacks come in three basic formats:

  • Ransomware breaches:  Cybercriminals breach a company’s digital infrastructure and use malicious software to steal data or shut down all or part of its online systems and hold it for ransom.
  •  Man-in-the-middle intercepts: Increasingly popular among cybercriminals, a hacker intercepts a genuine supplier invoice email to a company and then uses it to trick that company into sending payments to a different bank account.
  •  Malware: Malware attacks are triggered when a user clicks on a link to a site containing malicious software (malware). This new code enters a company’s digital infrastructure and disrupts the network, potentially stealing or leaking information onto the dark web or locking genuine users out of their computer systems.

The International Maritime Organization (IMO) issued Resolution MSC.428 (98), which requires all vessels to include cyber risk management in their safety…

Source…