As we quickly approach the end of this unusual year, one thing is for sure: the global pandemic has left businesses of all kinds vulnerable and scrambling to protect themselves as day-to-day operations were abruptly forced to change on a variety of levels. A phenomenon happening in almost every industry, the maritime and offshore sectors are no exception. As a matter of fact, according to Israeli cybersecurity specialist Naval Dome, “there has been a massive 400% increase in attempted hacks since February 2020 coinciding with a period when the maritime industry turned to greater use of technology and working from home due to the Coronavirus pandemic.”
But, why is this?
Covid-19 Cyber Attack Trends
There are a few factors at work here. First, the changes in the general work atmosphere, from on-site to at home, have left the maritime and offshore industry especially vulnerable. The Maritime Executive explains, “the new remote-work alternatives to standard operations like surveys and marine superintendent spot inspections have created new vulnerabilities for shipowners. Remote working has been identified as a major risk for security, as the attack surface is broadened.”
Then, couple social distancing work rules with the economic recession brought on by COVID-19 and the resulting budget cuts as well as adaptations to systems--the susceptible state of security for this sector is at an all-time high. Nautilus International explains, “as budgets are cut and in the absence of service engineers, we are seeing ship and offshore rig staff connecting their OT systems to shoreside networks, at the behest of Original Equipment Manufacturer vendors (OEMs), for brief periods of time to carry out diagnostics and upload software updates and patches themselves. This means that their IT and OT systems are no longer segregated and individual endpoints, critical systems, and components may be susceptible.”
Just weeks ago the French container shipping line CMA CGM was hit by a ransomware attack and was forced to shut down some of its technology systems. The hacker requested the French carrier to contact within two days “via live chat and pay for the special decryption key”.
Swiss shipping giant Mediterranean Shipping Company was also hit by a malware attack back in April of this year. According to the company, the malware attack targeted the vulnerability in its IT systems.
Another noteworthy example of an attack came this May on the computer systems at Iran’s Shahid Rajaee port facility at Bandar Abbas. Although it was stopped before massive damage could be done, the attack still left disarray, briefly knocking down computers.
So, if the risks are this high, how can vulnerabilities be minimized or at least managed?
It may come as no surprise, but according to Astaara, an UK-based risk management firm, “the way to fight back is to practice basic cyber hygiene and to invest an appropriate amount in security. Currently, cybercrime nets around $2 trillion per year for criminals worldwide--compared with the $150 billion a year spent by companies and individuals in protecting systems.”
Changing passwords and putting up firewalls is of course always a good practice, but in times like this, implementing cautionary measures while investing in security is what the Maritime and Offshore industry need to do. Cybercriminals are not worried about COVID-19 or the stress operations are under; therefore, protection measures should be put into place with rigorous regulations.