Press release Hong Kong, 6 November 2017 – Leading international law firm Ince & Co has advised shipping and transportation companies to prepare for more cyber-attacks in the wake of recent high-profile incidents. Following the widespread impact and disruption caused by the WannaCry and NotPetya attacks earlier this year, a spate of incidents in the recent weeks has highlighted the evolving threat to not only shipping companies, but other parts of the supply chain.
Shipping company BW Group revealed last month that it was hacked in July, causing its computer systems to go offline. In addition, so-called ethical hackers claimed to identify security flaws in the onboard satcom boxes of satellite communications company KVH, whilst a cyber-security specialist reported on vulnerabilities in Inmarsat’s shipboard communications platform. Both KVH and Inmarsat have since responded to these claims.
According to Ince & Co, the root cause of this challenge is that increasing digitalisation, advances in satellite communications, and a drive towards greater technological efficiencies all increase the risks for owners and operators rushing for the benefits, without considering the side effects.
Rory Macfarlane, Partner, Ince & Co Hong Kong, commented: “Throughout 2017, we have seen headline-worthy cyber-attacks occur with growing frequency and severity. A number of high-profile companies have already fallen foul of the risks posed by the increasing digitalisation of our industry. As new technologies emerge to streamline operations, cut costs and increase efficiencies, evolving and expanding cyber-threats also emerge. It is imperative that shipping companies act to mitigate their cyber-risk now, before they become the next victim of a major breach.”
Recent incidents
Rory Macfarlane points to the WannaCry and NotPetya ransomware attacks as examples of the type of threat facing the shipping industry:
“The effects of the NotPetya and WannaCry ransomware attacks proved a potent example of how costly a large scale, sophisticated cyber-attack can be, but for those working within cyber-security, these attacks did not come as a surprise.
“With operations impacted, there was an obvious financial cost to these incidents. But the reputational damage could prove more serious. We have seen hard-earned track records for compliance and operational excellence all but evaporate in the event of a public breach. While the costs of this type of damage are hard to quantify, it adds yet another reason to invest in appropriate cyber-security systems and employee education.”
