-1.5 C
Hamburg
Monday, January 13, 2025
Home Industry Opinions Practicing good ‘cyber hygiene’

Practicing good ‘cyber hygiene’

Phishing, malware and ransomware attacks against shipping companies increased by 400% through the first months of 2020, as reported in the Allianz Shipping and Safety Review 2021, and all four of the world’s largest shipping companies have now been hit by cyber-intruders. Given the impact of these attacks on the big four, the number of smaller organisations across the maritime space targeted by cyber criminals continues to grow and the industry as a whole is now very much regarded as a vulnerable target for cyber criminals.

It is of significant concern that attacks mounted by cyber criminals against shipping companies are not only increasing in frequency, but are becoming more sophisticated and well-informed, too. Attackers understand the ins-and-outs of how maritime companies operate and what the wider supply chain impacts of any malicious attack can be. For this reason, cybercrime must be understood as an evolving threat. The widespread disruption and damage from such attacks will only grow further given the increased interconnectedness and interoperability demanded of IT systems and smart software as the maritime industry digitalises further and further.

Understanding what you are up against  

The most common type of cyber-attack experienced by shipping companies is a malware attack. This is when hackers create malicious software that’s installed on someone’s device without their know. The malware allows them to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and trojan horses – all now recognisable terms, but not necessarily widely understood.

It should be stressed that malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS. They are particularly insidious because they can escape detection in most cases until it is too late. More so, with so many people working from a range of devices and mixing work and personal accounts and applications, all interconnected, the ability to identify weaknesses within an organisation is now even greater.

To reduce the threat of cyber-attack, all shipping companies must, as an absolute minimum follow what we in the industry refer to as good ‘cyber hygiene’:

  • Follow recognised guidelines: the Open Web Application Security Project (OWASP) details a globally accepted basis for testing web application technical security controls as well as providing a list of requirements to ensure safe development. Compliance with OWASP means your software has been developed and tested to a globally accepted standard for web security – check all your software applications are OWASP-compliant.
  • Utilise cloud-based software: the cloud is significantly safer than hosting your systems and data in house. Within the cloud, your data will be ring-fenced and protected, access will be limited and tightly controlled. Change your passwords frequently.
  • Implement awareness training: effort should be invested in implementing global compliance rules and ensuring they are robust, followed to the letter and regularly updated as cyber threats continue to evolve.
  • Carefully select software/storage options: work with your IT departments and third-party software service providers to develop robust fail-over alternatives, including automated and continuous back-up and archiving of all use of web-based storage systems and modular software solutions.
  • Stress-test your response plans: use your technical partners to perform regular penetration tests based on OWASP guidelines to verify your level of protection. As routine, you should check that adequate firewalls are in place and vulnerability test are undertaken regularly.

More than a quick health-check

To try and force shipping companies into taking action, there has been increased regulatory requirements aimed at encouraging far better cyber hygiene across the industry, both onboard and ashore. In January 2021, not long after the International Maritime Organization (IMO) was itself the target of a cyber-attack, IMO Resolution MSC.428(98) came into effect, requiring cyber risks to be addressed in Safety Management Systems (SMS). The European Union’s Network and Information Systems Directive also extends to ports and shipping and places further impetus on ship owners, operators and managers to manage cyber risk, too. The pressure is not only regulatory, too – there has been an increased emphasis on encouraging uptake of cyber insurance policies. All of this should be welcomed as each partner you work with, each organisation you engage digitally represents a potential entry route for criminals to gain access to your own networks and devices.

Yet, despite these positive developments, as a leading provider of software solutions to the liner shipping and ship agency segments, our concern is that there is still a significant divide between those organisations that are treating cyber security mitigations as a tick-box exercise and those that are – rightly – considering it a business-critical undertaking. This latter cohort recognise not just how, but why they are a target, and understand the potentially catastrophic impact a cyber breach can have on their business.

All shipping companies should lean on the expertise and guidance of any software providers that they work with to ensure that resilience is built and regularly. Taking the opportunity to prepare in advance will ensure that your company is not the easiest target to reach for. A good software services provider will work closely with you to tailor a cyber security management plan to suit your needs and ensure that you are more resilient to this evolving threat.


Author of the article: Lars Fischer, Managing Director, Softship Data Processing, Singapore

Lars Fischer is the Managing Director of the Asia Pacific headquarters of software solutions provider Softship.

Lars began working for Softship as a software engineer in 1994. He became a business consultant and project manager in 1996 and has headed-up Softship Data Processing, Singapore, since 1998. He is responsible for Singapore’s commercial and technical staff of 25 and for the group’s sales & marketing strategy worldwide.





Latest Posts

The United States Eases Sanctions on Syria

Following the ousting of Bashar al-Assad, the US Treasury has eased some sanctions on Syria to facilitate humanitarian aid and the provision of essential...

Scienco/FAST joins forces with UniBallast for innovative container idea

Scienco/FAST, in collaboration with UniBallast B.V., based in Rotterdam, announced the launch of the portable InTankFITT® Container. This innovative containerized version of the groundbreaking filterless...

Visy Oy acquires Autepra UAB

Visy Oy, a provider of process automation IT solutions, including AI vision technology, has acquired Autepra UAB, a prominent IT systems integrator for container...

ABP secures landmark agreement with UK’s Ministry of Defence

Associated British Ports (ABP), the UK's largest port operator, has announced a new strategic partnership with the UK's Ministry of Defence (MoD) aimed at...

CMA CGM to revamp AMERIGO service

CMA CGM announced the new configuration of its AMERIGO service, which will connect the Mediterranean and North America starting 10 February 2025, with the...