Somebody’s Watching You! 15 Things The Maritime Industry Needs To Know About Cyber Security

17 Dec

Advancement in broadband technologies and the move towards ‘Big Data’ and ‘Ship Intelligence’ could leave the maritime industry vulnerable to cyber-crime unless it develops a better awareness of ICT (information, communication technology) security and adopts security best practice, says leader in Cyber Security for Maritime and Critical Infrastructure, ESC Global Security.

According to these experts, the loss of sensitive data through breaches in system security is the single most important challenge that faces the maritime industry today.

To help those companies operating in the transportation sector in particular, ESC Global Security has published a White Paper, entitled “Somebody’s Watching You” that explains what companies need to do to protect themselves and their data.

In this week’s spotlight we examine the white paper and present fifteen things that the industry needs to know about safeguarding data and cyber security.

Download the Original White Paper here

1. 2015 Has Been A Busy Year For Cyber Criminals

The past year has been a busy one for cyber criminals, with over 500 data breaches and more than 150 million records exposed in 2015. This includes the disclosure of 21 million U.S. Office of Personnel Management (OPM) records, the 70 million medical records at Anthem and the 37 million user details at infidelity site Ashley Madison.

The retail, technology, financial and governmental sectors head the list of business areas that were the most targeted throughout the year, though we are seeing an increase in attacks against companies operating in the transportation and critical infrastructure sectors.

Advanced Persistent Threats (APT’s) are on the rise, while “ransomware” and the use of targeted phishing attacks are being used for financial blackmail and to gain access or leak sensitive, confidential information. No one is excluded from these threats and no company or individual is too small to be a target.

2. The Festive Season Might Render Your Company More Vulnerable To Cyber Attacks

The staff slowdown in the run up to the festive season could leave companies vulnerable to a cyber-attack, according to ESC Global Security.

With staff frequently away from their desks or, after a turkey lunch, a mince pie and a glass of mulled wine, asleep at them, it is important that companies remain cyber-conscious over the holiday period.

Highlighting how the festive period is traditionally bonanza time for the cyber-criminal, ESC Head of Cyber Security Joseph Carson said: “January is usually the biggest month in terms of major security breaches and with the end of the year looming – always a period given to an increase in data breaches – it is vitally important to remain cyber-conscious and implement protective measures.”

3. The Smart Shipping and Ship Intelligence Era Raises This Industry’s Cyber Threat Level To High

Cyber security in the maritime industry is such an immense concern due to a lack of security awareness or accountability while increasing use of new, sophisticated communications technologies raises the threat level to high.

With the potential for sensitive customer data leaks via ECDIS, AIS, RFID and GPS, it is important that security procedures and processes are in place so that operators know how to identify a potential security threat or have been trained to respond when a cyber-attack is in process.

4. Hackers Active In The Maritime Industry Are Mostly Interested In Financial Gain

The adversaries active in the maritime industry are mostly interested in financial gain, looking to gain access, stay hidden and extract financial profit from their targets. However, accessing and extracting sensitive information or intellectual property can also help criminal or terrorist organisations whose motive is to use the industry to transport hazardous materials or weapons.

5. Understanding How The Hackers Operate Will Give You Cyber Advantage

In an advanced threat, the attacker will spend a large amount of time researching a list of potential targets, gathering information about the organisation’s structure, clients etc. Social media activity of the people in the target company will be monitored to extract information about the systems and forums favoured by the user and any technology vulnerabilities assessed. Once a weakness is found the next step the hacker will take is to breach the cyber security perimeter – the basic security most companies adopt – and gain access, which, for most attackers, is easily done.

6. Once Cyber Perimeters Are Breached Hackers Can Move Around Undetected

Once inside an organisation’s systems, the attacker maps the network in order to gain access to higher value assets and to elevate privilege access rights so he/she can move more freely around the company undetected.

7. The Biggest Risk Is Employee Computer-Based Systems

The biggest risk is from employees using computer-based systems since security prevention mechanisms within the network itself are rarely implemented in the mistaken belief that perimeter defences are all that is required.

This, however, is where most companies need to invest more; to detect when these types of activities are occurring and reduce the breach “dwell time”. This is the period, currently averaging 205 days, before an attack is detected; a time in which the attacker has gained access, avoided detection, taken information and left without a trace.

8. Patch Management Can Mitigate 80% Of Cyber Attacks

Another major concern is the ever growing and increasing complexity of patching systems and applications. This is typically more complicated in the maritime industry due to distribution, remote access and limited bandwidth available as well as poorly trained end-users operating these technologies.

The importance of “patch management” is huge since it can mitigate more than 80% of cyber threats, leaving only those nasty zero days to deal with. Vulnerabilities are growing each year and out of the exploited vulnerabilities in 2014, 99.9% of them had a CVE (Common Vulnerabilities and Exposures) published.

9. Don’t Give Employees Local Administrator Accounts Or Privileged Access

Passwords and privileged accounts should be a major concern for many organisations. These can be the difference between a simple perimeter breach and a cyber catastrophe..

Companies should provide suitable training for employees on best practices for password choices, normally a very complex password is required though many employees revert to writing them down due to difficulty in remembering them or use the same password for corporate and personal social accounts. This leads to a possible external threat which companies should continuously assess.

If your company is giving employees local administrator accounts or privileged access then this seriously weakens the organisation’s cyber security. This can mean the difference between a single system and user account being compromised and the entire organisation’s computer systems. In all Advanced Persistent Threats the use of privileged accounts have been the difference between a simple perimeter breach and a major data loss, malicious activity or financial fraud occurring.
Organisations should quickly ensure that they continuously audit and discover privileged accounts and applications that require privileged access, remove administrator rights where they are not required and adopt two factor authentication to mitigate user accounts from easily being compromised.

10. Got Tech Or Computer Users In Your Office? Get Them Cyber Security Awareness Trained

ESC Global Security recommends that companies operating in the maritime industries put cyber security awareness training at the top of the agenda for users of technology and computer resources.

This is one of the most effective ways of reducing a company’s exposure to cyber security threats and increases both detection and incident response at the same time.

It is highly recommend that training starts at the top of the organisation, working down. It is also recommend that a company appoints a cyber/security ambassador within each department to assist in the detection and incident response for potential cyber security threats and risks. This helps expand the efficiency of any IT security team, while ensuring that there is someone in the organisation who is responsible and accountable for implementing and maintaining cyber security measures.

11. Establish An IT Security Policy And Acceptable Ase Policy

It is also important that each company has an IT Security Policy and Acceptable Use Policy to ensure that employees and users within each company understand how company resources and data should be used. This also ensures that standards are consistent, understood and adhered to. These are important steps in developing a company-wide cyber security awareness culture.

Subscriptions to security bulletins and alarms are equally important so that any new security threats are proactively evaluated and the required risk mitigation considered and rolled out where applicable.

12. Undertake Asset Management, Discovery And Lifecycle Management Of All IT Assets And Resources

Companies must ensure that asset management, discovery and lifecycle management of all IT assets and resources are performed. A major but typically under utilised cyber security threat mitigation is the disposal of legacy, old systems and those with security vulnerabilities. Having an end of life policy and adhering to this will help companies keep legacy systems from exposing serious security threats and risks.

This will not only reduce unnecessary costs but improve the security posture.

By patching systems on a regular basis and measuring the current patch and vulnerability state will help identify where an attack might occur next. This information should prompt you to consider increasing your detection techniques in those areas or systems.

13. Perform Continuous Cyber Security Assessments

Performing continuous cyber security assessments is another key factor in mitigating risks. While these assessments are often considered as a “checkbox” means of passing or complying with regulations, they should be approached as a method to evaluate the state of cyber security. They can be used also to evaluate incident response capabilities, detect if an active breach is in progress, and to keep the company security conscious.

14. Be Deceptive, Be Unpredictable

A very important recommendation is to be deceptive, be unpredictable. Most organisations look to automation to help assist in their cyber security defences but in many this lends itself to predictability: scans are run at the same time every week, patches take place once per month, assessments once per quarter or per year.

Companies that are predictable are very vulnerable, so should establish a mind-set in which systems are updated and assessed on an adhoc basis. Randomise your activity. This will increase your capability in detecting active cyber attacks and breaches.

15. Seek Expert Advice

And finally seek expert advice from companies like ESC Global Security. Security experts can perform Risk and Vulnerability Assessments, provide Cyber Security Awareness training, undertake patch management assessments, discover and identify privileged users and accounts and mitigate those risks where possible.

Download the Original White Paper here

Share article:

Dedicated topic pages >>

Other news >>

STAY INFORMED

Stay On Top Of The Transformation Of The Shipping And Maritime Sectors With Our Weekly Email Newsletter.