In the third part of the series on thoughts, we will look at another answer widely given "It's not a big topic for us right now"
Burying your head in the sand will not stop you being attacked
Maritime companies have many concerns these days, with various regulations coming into effect, combined with a period of general slowdown experienced over the past couple of years in global transport, leading to companies merging to survive and many vessels being sold off for scrap.
Those struggling companies look to address those topics first and cut budgets towards IT and haven't even given Cybersecurity a place on the boardroom discussion table to date.
Unfortunately even with all these other concerns, this does not stop hackers and automated attacks such as ransomware from targeting your company. In stressful & competitive times like these having your companies office and vessel based systems become unavailable for days would be a disaster.
How long could you survive?
When looking at the Cybersecurity topic and costs for technology and training. The following question should be asked "How long can we operate without any systems?"
This can be broken down into various important systems such as Fleet management, Email, Cargo management, Booking systems, and on-board systems like ECDIS. In each case assess the impact if that system becomes unavailable for;
- 1 hr
- 1 day
- 1 week
And then put a $€£ on those risks versus the cost to reduce those risks with technology and training. For those using ship management companies to operate your fleet, something worth considering and asking them to respond to.
The last point Unrecoverable could be not just related to Cybersecurity but general lack of Business Continuity planning & testing.
Proactively protect your company
By looking at your Cybersecurity risks you can make informed decisions on what is acceptable and what is unacceptable and address those.
Plan to be hacked
With all the technology and training in place, this reduces risk but does not eliminate the possibility of being hacked. So you must ensure you have plans in place to respond to a hack, including time to recover, how you will recover and what steps would be taken to ensure this doesn't happen again.
Don't leave it till it happens, panic will set in, mistakes can be made and the situation can spiral out of control quite quickly, even giving the attacker more access than they already had!
How can we help?
Cybersail offers a catalog of services which can utilized alone or combined as part of a more comprehensive Cyber Defence Strategy .
We work on both the technologies in place, IT security polices, procedures and user education on Cyber threats.
Technology + Awareness = Security