The Maritime Industry Is Not Immune to Cyberattacks
As cruise ships begin to introduce more technology for guest enjoyment, they also increase their risk of a cyberattack. Therefore, the maritime industry must be just as vigilant as the hospitality industry when it comes to cybersecurity. A recent ransomware attack on Danish shipping giant A.P. Moller-Maersk proves that ships are not immune to this danger. The attack, incidentally, cost the company $300 million.
To minimize the risk of an attack, Walid Salem, Chief Cyber Security Officer at Digi117, recommends in his article "Best Practices for Finding Cyber Threats and Vulnerabilities" that maritime companies conduct a cybersecurity risk assessment to identify vulnerabilities. This includes speaking with employees, completing a third-party audit, and allow a third-party to conduct extensive penetration testing of critical IT and onboard infrastructure.
Salem also recommends reviewing common vulnerabilities which include things such as obsolete and unsupported operating systems, outdated or missing antivirus software, lack of security for critical equipment or systems that are always connected to the shore, and inadequate security configurations.
Finally, he recommends that senior management – not IT professionals – should be held responsible for accountability and ownership of the risk assessment. Why? Enhancing cybersecurity protocols could impact standard business procedures and operations and many initiatives will be related to business processes and training, not just IT systems.