A recent survey by AMNITEC revealed that some of the major obstacles identified to cyber preparedness in maritime included IT department workloads, insufficient budgets and a lack of management commitment to security. With cyberattacks being a key threat to the industry, here are some measures necessary to build cyber resilience for shipping companies.
Traditional Cyber Security Is Not Enough
With the ramping up of modern technology and digitalisation in all industries, traditional cybersecurity is insufficient to keep businesses protected against modern cyber-attacks. Building cyber resilience takes more than that and is a combination of cybersecurity and business resilience.
While security systems such as firewalls and detection systems are still a vital precaution measure, they are enough to defend businesses against more sophisticated attacks. What every shipping company today needs is a proactive cybersecurity risk management regime.
This comes in line with IMO’s regulation, which requires all shipping companies to assess their risk exposure and develop measures to include in their Safety Management Systems to mitigate cyber threats.
Critical Enquiry
Platforms offer the exchange of digital information to help maritime professionals make more informed and efficient decisions. However, it also increases the risk of communication and information dependence.
In ‘The Future of Maritime Cyber Security’ Report by Lancaster University, it recommended ship commanders and system operators to further develop and consolidate their capacity to question the veracity of the data received, including spotting errors on the radar screen and questioning the accuracy of the source.
Security Awareness Training
No technical measures are fool-proof and even the strongest setup may be compromised through everyday behaviours such as entering passwords in a public device or open network, leaving a token unattended in the office or careless browsing. A cyber culture needs to be built and it is important for management to establish the team’s technical and procedural abilities to contain and respond should an attack happen. Every employee should be informed on how their online presence may cause a vulnerability for the business and how to identify and react to a cyber threat. After all, building resilience comes from within.
Photo Source: Adi Goldstein on Unsplash