A fourfold increase in cyber-attacks on the maritime industry has occurred since February during the time the shipping business has become reliant on remote working and information technology as a result of lockdowns from the coronavirus pandemic.
The trend of cyber attacks is upwards, cyber insurance and risk management firm Astaara, in which West of England protection and indemnity club has made a significant investment this month, said in a white paper.
In one high profile attack last month, on 9 May, computer systems at the Shahid Rajaee port in the Strait of Hormuz were attacked, creating delays in shipments. It is understood the attack came in response to a failed Iranian cyber-attack on an Israeli water facility last month.
Astaara said attacks from criminal groups are far more common than suspected state-based or ‘hacktivist’ incidents, but the global cyber security market which is expected to be worth £182bn by 2021 will still be only around 10% of the value lost to cyber-attacks each year.
“More than ever, the advantages of digitisation should be capable of being realised, but only if the corresponding management resilience and recovery plans are in place and practiced to ensure those digital control systems and data flows are uninterrupted and uncorrupted,” said Robert Dorey, chief executive of Astaara.
“Processes need to be continually reviewed and updated as necessary, training provided, and new approaches to monitoring assessed and adopted.”
Marine companies are at increased risk of attacks, as scammers prey on the disruption to activities that now have to be done remotely due to Covid-19 restrictions, he added.
As crew changes, marine warranty surveys or superintendent spot checks will be done differently or may not happen maritime business become more vulnerable due in part to their complex supply chain relationships, said Dorey.
Remote working has been highlighted as a major risk for security, as the attack surface is broadened.
Spoofing to misdirect payments has long being a favourite of cyber criminals, Dorey said, and classically, hackers will plant a virus, enabling them to monitor emails and change the text of a message from suppliers, adding a different bank account.
The Astaara white paper, ‘Managing Ports’ Cyber Risks’, has been launched with The British Ports Association (BPA), as part of The Port Futures thought leadership programme. The paper looks at the ever complications for port operators dealing with increasing risk and regulation.
BPA head of policy and external affairs Mark Simmonds said: “As port systems become ever more connected and digitalised, it is important that security and resilience is built into processes and training. Cyber security should be a board-level issue for all ports.”
The BPA represents over 100 port and 80 associate members.
