Ince & Co: Shipping Should Prepare for More Cyber Attacks

Shipping and transportation companies have been advised to prepare for more cyber attacks in the wake of recent high-profile incidents.

Following the widespread impact and disruption caused by the WannaCry and NotPetya attacks earlier this year, a spate of incidents in the recent weeks has highlighted the evolving threat to not only shipping companies, but other parts of the supply chain, according to the international law firm Ince & Co.

Shipping company BW Group revealed last month that it was hacked in July, causing its computer systems to go offline. The incident followed a large-scale cyber attack on Danish A.P. Moller-Maersk on June 27, which shut down IT systems across multiple sites and business units owned by the company. The attack has cost the company up to USD 300 million.

In addition, so-called ethical hackers claimed to identify security flaws in the onboard satcom boxes of satellite communications company KVH, whilst a cyber security specialist reported on vulnerabilities in Inmarsat’s shipboard communications platform. Both KVH and Inmarsat have since responded to these claims.

Ince & Co informed that the root cause of this challenge is that increasing digitalisation, advances in satellite communications, and a drive towards greater technological efficiencies “all increase the risks for owners and operators rushing for the benefits, without considering the side effects.”

“Throughout 2017, we have seen headline-worthy cyber attacks occur with growing frequency and severity. A number of high-profile companies have already fallen foul of the risks posed by the increasing digitalisation of our industry,” Rory Macfarlane, Partner, Ince & Co Hong Kong, said.

Macfarlane added that “what we see now is the tip of the iceberg.” The size of the threat is underplayed due to a reluctance within the industry for victims of a breach to share their experiences for the collective good.

To be sure in the security of their systems, companies must begin to develop comprehensive security and response plans as soon as they can. In the world of cyber prevention, by far the best form of defence against cyber crime lies in a concerted, top-down effort to planning and prevention.

“The message is simple: improving your cyber protection need not be costly. Significant improvements can be made for a modest investment. But prevention is always better than a cure, and the creation of a culture of cyber security is essential,” according to Macfarlane.

“Shipping is on the cusp of dramatic evolutions in how business is conducted, goods are moved and deals are sealed. But as we embrace all of the benefits new technology has to offer, it is only right that we also examine the risks, lest we fall foul of them ourselves.”

Macfarlane informed that it may be time for the focus of the debate to shift from cyber security to cyber preparedness. As the amount and sophistication of attacks increase, and the digital and human attack surface expands, “the chances of permanently keeping threat actors out of our businesses is diminishing month on month.”