Astaara
  • Home
  • Risk Management
    Marine CyberstaartAstaara Cyber SMS ReviewAstaaraCyber
  • Underwriting
  • Resources
  • News
  • About
  • Contact

Prevention better than cure, as hackers get more sophisticated

Friday, March 26th, 2021 in: News

Being cyber secure is one of those things that every ship owner and terminal operator wants, but some don’t understand what it means or how to achieve it.

In this article we lay out the risks, what an attack can do to an operation and most importantly, how to avoid one.

The bottom line is that hackers are sophisticated, swift and continually changing their approach. It has been reported many times in recent years that cyber incidents are on the rise. One survey by Naval Dome, an Israeli defence company, estimated that there had been a 400% growth in attempted attacks on maritime targets between February and June 2020.

An attack often comes out of the blue, and the results can be devastating. Plus, size of enterprise appears to be no deterrent.

A burglar, for example, will case a joint before entering, taking what they want, perhaps making a mess, and leaving. Vital information may be stolen. In the cyber world it is the same, except the ‘mess’ may be harder to spot, more difficult to clear up and may go much deeper and be more damaging to a business. If a hacker accesses a ship’s digital core, it could prevent any internet-enabled activity. A ship without the ability to communicate could quickly be deemed ‘off hire’ by a charterer or lose its class certification.

Furthermore, studies show that companies less than five years old that are hit by a cyber-attack increase their risk of going bankrupt within the next six months by 60%.

In the last few months numerous container majors and even the IMO have been victims and Covid-19’s social restrictions have seen the increased use of remote connectivity by OEMs, technicians, and others to service ships. This is likely to have widened the possible attack surfaces and increased the number of incidents further still.

IMO guidelines

The IMO guidelines are designed to create a system of continuous improvement for cyber-risk management. Shipowners and operators must now be able to demonstrate that they have taken cyber risks fully into account in their SMS and that they are improving their risk management and adapting their procedures and processes as the complexity and danger from digital attacks evolves.

The first steps to take when updating your cyber risk management are to specify which of your systems are critical, what vulnerabilities do they have, and who will be responsible for administering and supervising those systems. Once that is complete, risk control processes must be regularly tested, and where there are lessons to be learned, these should be embedded within ongoing resilience and contingency planning.

Cyber-insurer Astaara has analysed the new rules in depth and can explain the new processes and obligations in more detail.

Where Astaara comes in

Failure to comply with IMO cyber recommendations can have huge consequences. If an owner of a vessel cannot show that it has performed appropriate due diligence in managing its cyber risks in line with the new guidelines, the vessel may be detained or ultimately found to be unseaworthy.

Similarly, many financing agreements require compliance with all elements of the ISM Code. It is therefore possible that a breach of the Code could put a borrower in default on his loan contracts.

Astaara Risk Management can successfully guide shipping companies through the five fundamental stages of compliance. Using a three-stage delivery model (discovery, verification and report) the Astaara Cyber SMS Review provides shipping companies and their ships with a review of their cyber capabilities against Astaara’s Cyber IMO SMS Maturity Model. We provide a gap analysis and report back showing your cyber posture relative to the IMO standards, and where you can improve.

Categories

  • News

Recent Posts

  • Astaara in the running for Newcomer of the Year award
  • Deciphering the real story behind a press statement post-cyber attack
  • Prevention better than cure, as hackers get more sophisticated
  • An attack on one is an attack on all…
  • The US Coast Guard revises guidance to ensure cyber security is given more importance
Astaara

Get In Touch

About

Astaara London Limited is an appointed representative of Ambant Underwriting Services Limited, a company authorised and regulated by the Financial Conduct Authority under firm reference number 597301 to carry on insurance distribution activities. Astaara London Limited is registered in England and Wales company number 12570450. Registered office at 7th Floor, 1 Minster Court, Mincing Lane, London, EC3R 7AA.

Enquiries
  • robert.dorey@astaara.co.uk
  • william.egerton@astaara.co.uk
  • james.cooper@astaara.co.uk

Navigation
  • Privacy Policy
  • Cookie Policy
  • Website Terms of Use
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settings Read More ACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

Vote for Astaara