The attack "highlights again the serious effect that cyber-attacks can have on all companies operating in an increasingly digitalised and interconnected marketplace," said partner in Ince & Co's Hong Kong office Rory Macfarlane in an article.
"Although the full scope and scale of this attack will emerge with the fullness of time, events like this will only become more common if companies within the shipping and transport sectors remain unprepared," he cautioned and further warned that with early signs suggesting that decryption may be problematic for those affected, there could be an increased risk of potential business interruption and reputational losses.
Macfarlane also added that cyber-criminals will often maintain a “watching brief” for as long as six months after an initial breach as they look out for other opportune moment to strike in order to maximise their gains.
"It may well be that your business is already more at risk than you would care to think," Macfarlane said, adding that Ince & Co is working with a cyber-security team at Navigant to provide a cyber-security health check which will assess and evaluate companies' regulatory and contractual obligations, IT systems and internal protocols to help minimize the risk of a cyber-breach and the losses that would follow.
Macfarlane also noted that while the shipping and transport industry especially would naturally be looking at their vessels and other operational assets it "must not lose sight of the need to protect its shore-side systems as well".
"The best form of defence remains a proactive approach to minimising the risk of successful cyber-breach," he reiterated. Macfarlane pointed out that a new approach does not mean just changes in technology but should extend to behavioural change on the part of executives and chief technology officers across the industry, with protocols being implemented and observed and emergency response plans prepared and tested.
“'Drilling' is the watch-word here. Our employees should be as well drilled in the cyber-response protocol as a ships’ crew are in relation to, say, an engine room fire," Macfarlane emphasised.
While he welcomed the IMO’s decision to include cyber-security in the ISM code in 2021, he suggested that waiting until 2021 to implement an appropriate cyber-security protocol in shipping firms would be unwise."
As with any form of crime the perpetrators are looking for the easy victim; the low hanging fruit. Ensuring that your business is better protected than the guy next door would be a significant step in the right direction," he concluded.
Copyright © 2024. All rights reserved. Seatrade, a trading name of Informa Markets (UK) Limited. Add Seatrade Maritime News to your Google News feed.
