Encrypted Traffic - a Trojan Horse for Your Vessel
Your trust in encrypted data is just what the bad guys are banking on.
When encrypted traffic can be used as a shield for malware and ransomware, and the encrypted traffic is flowing unchecked onboard your vessel and fleet, it’s almost impossible to detect before it is too late.
An estimated 90 per cent of CIOs indicate they have experienced or experience a network attack using SSL encryption, and 87 per cent say their security defences are less effective today due to cybercriminals using encryption to hide their attacks.
Approximately 90 per cent of all activities in a digitally transforming organisation relies on the protection of data encryption. Thus, trust in encryption runs high. And that’s just what the bad guys are banking on.
With the amount of encrypted traffic and more targeted attacks towards the maritime industry, this open highway can and will be used as a trojan horse if you do not prepare for it.
SonicWall logged over 2.8 million encrypted malware attacks in 2018 with a 27% increase from 2017 and has already registered 2.4 million encrypted attacks this year, marking a 76% year-to-date increase.
Encryption is the new normal and may be IT security’s next biggest threat.
A vulnerable maritime industry being targeting
Norway is the world’s 5th largest shipping nation with 229 BNOK in total revenue in 2018. When we discuss an increase in targeted cyber-attacks throughout encrypted traffic, it would be naive to not expect and prepare for this within the maritime industry.
The Norwegian Shipowners’ Association’s Business Cycle Report 2019 states that cybercrime is the most serious security threat, and The Norwegian National Security Authority (NSM) considers that the maritime sector has been the target of targeted campaigns. NSM ask shipowners to take the necessary precautions for the vessels and the fleet.
Campaigns have had a global scope, but the US, Europe and the Middle East stand out as particularly targeted regions. NSM, the Norwegian Shipowners 'Association and the Norwegian Maritime Directorate consider all types of ships, as well as the shipping companies' land-based infrastructure as vulnerable to cyber incidents. Shipping companies operating in areas with elevated security levels (ISPS / MARSEC) should be especially vigilant.
So how can you protect your vessels and your fleet? Implementing the necessary technical solutions is of course vital, but basic awareness is a key factor, both onshore and offshore. Downplaying potential cyber risks is dangerous and can result in immense consequences. You will often find that small measures can significantly reduce risk for your vessel, fleet and offices.