Beyond the buzz word - Cyber risk
To explore risk-readiness, attitudes and to address the main challenges, Globetech joined K-Line Offshore, Gard and BW Offshore at the Cyber Security Seminar hosted by YoungShip Sørlandet at Gard’s head office in Arendal on 30 October.
While press headlines constantly remind the industry of cyber risk imminence, global surveys point to maritime industry as ill-prepared and slow to address the cyber issues, how do the maritime companies at Sørlandet, operating on worldwide scale, perceive the cyber risk? Has it become another buzz word the industry is threatened with?
The attendance could indicate that cyber security would not be the top risk priority for local businesses, however an engaged audience from maritime tech companies, shipowners, offshore business, marine surveyors and local port representative throughout the evening proved the opposite. As an imminent risk it should be addressed and discussed sooner rather than later.
While the largest cyberattacks gain global attention and multimillion losses on company books, most of the incidents taking place daily, go unreported. As attendants learned, maritime business is under constant cyberattack.
- It is about time to start talking about what is happening openly and share the experiences, says Jarle Fosen, Senior Loss Prevention Executive at Gard.
Stein Erik Andersen, CTO and founder of Globetech has a clear invitation to the industry;
- Cross-business experience -and knowledge sharing is crucial in order to reduce risk for shipowners and management companies. Together we can help each other preventing cyber-attacks and reducing the risk of breaches".
Though most of the incidents taking place go unreported and is not spoken about, there is a change and companies are starting to share more on the subject showing a development in maturity. The audience was fortunate to be able to listen to Operation Manager Lasse Dahl Nilssen from K – Line Offshore that shared an incident that occurred last year:
- Communication blacked out on one of our vessels and we were without communication means for a few days. We learned a lot and have made alterations within the organisations as a result of this incident. A drastic approach was change of supplier, but we also needed increased training of crew and onshore staff to reduce the risk of reoccurring events, Nilssen explains.
While real cases and illustrative examples brought by speakers, make it very real. The importance of human factor in cyber security chain were highlighted throughout the evening.
- The element of human factors and errors are crucial, says Fritz Ekløff, Head of IT from BW Offshore.
- Awareness training is and will be critical in order to reduce risk for cyber incidents, and this includes the entire organisation, onshore and offshore, he continuous.
With a comment from the audience Ekløff stated;
- Not using two factor identification is like driving without a seatbelt, you will be hacked.
It is 30 October, the end of cyber security awareness month and still a lot of questions from the attendees. The evening proved too short to address all questions from the audience. This is a clear sign that cyber security needs to continue to receive a high focus, and it was concluded that more such events are necessary as the technology advances and cyber threats become ever more advanced.
Participants reflected a uniform attitude, advising to be proactive rather than reactive to cyber risks. To remain vigilant, cautious and be prepared by having good cyber safety routines, would enable companies to stay cyber-safer.
Fosen states that it is important to understand that cyber security is complex and ever-changing. It is impossible for all of us to be experts; even IT professionals sometimes fall victim to cyber fraud. The most important thing Is to treat uncertainty the right way:
- Be prepared and thing and ask before you act, says Fosen.
- A ship will never be 100% cyber safe, so having a contingency plan and having back-ups, data logs to track changes is very important when faced with a cyber crisis, he continuous.
Advance of technology implies that the cyber threats become more refined and we all together must act as cyber security experts. Regular awareness campaigns and training of people were underlined as crucial. We encourage everyone to report and share experiences related to cyber risk.