November 6 - International law firm Ince & Co has advised shipping and transportation companies to prepare for more cyber attacks in the wake of recent high-profile incidents.
Following the widespread impact and disruption caused by the WannaCry and NotPetya attacks earlier this year, a spate of incidents in recent weeks has highlighted the evolving threat to not only shipping companies, but other parts of the supply chain, says Ince & Co.
According to the company, the root cause of this challenge is that increasing digitalisation, advances in satellite communications, and a drive towards greater technological efficiencies all increase the risks for owners and operators rushing for the benefits, without considering the side effects.
Rory Macfarlane, partner at Ince & Co Hong Kong, commented: "Throughout 2017, we have seen attacks occur with growing frequency and severity. A number of high-profile companies have already fallen foul of the risks posed by the increasing digitalisation of our industry.
"As new technologies emerge to streamline operations, cut costs and increase efficiencies, evolving and expanding threats also emerge. It is imperative that shipping companies act to mitigate their cyber risk now, before they become the next victim of a major breach."
Macfarlane advocates a proactive approach for concerned owners and operators: "To be sure in the security of their systems, companies must begin to develop comprehensive security and response plans as soon as they can. The response plans should outline the steps to take in the minutes, hours, days and weeks after a breach. We also recommend that companies engage with a multi-disciplinary team that is ready to step into action, including IT teams, compliance experts, fleet managers and shoreside staff."
Ince & Co says the focus of the debate needs to shift from cyber security to cyber preparedness. Working with the cyber security team at Navigant, Ince & Co offers a cyber 'health-check', which creates a written assessment of IT policies and procedures, protocols, regulatory and contractual obligations, and insurance cover against losses following a cyber attack, and evaluates the cyber response plans.
"The message is simple: improving your cyber protection need not be costly," adds Macfarlane. "Significant improvements can be made for a modest investment. But prevention is always better than a cure, and the creation of a culture of cyber security is essential."