Rory Macfarlane Partner
Cybersecurity. Wannacry; now Petya. What steps have you taken to protect your business?
Yesterday’s Petya ransom-ware attack highlights again the serious effect that cyberattacks can have on all companies operating in an increasingly digitalised and interconnected marketplace. Although the full scope and scale of this attack will emerge with the fullness of time, events like this will only become more common if companies within the shipping and transport sectors remain unprepared.
Ransomware attacks such as this one – and WannaCry earlier this year – provide potent examples of how widespread and costly these attacks can be. To view losses from these attacks purely in terms of “ransoms paid” is a mistake. Losses incurred in terms of business interruption, rectification and reputation will be extensive and will continue to grow as these attacks become more and more common. The early signs with Petya are that decryption may be problematic for those affected, thereby increasing the potential business interruption and reputational losses. Cyber-criminals will often maintain a ‘watching brief’ for as long as 6 months after an initial breach, waiting for the most opportune moment to strike in order to maximise their gain. It may well be that your business is already more at risk than you would care to think. Ince & Co is working with the leading cyber-security team at Navigant to provide a cyber-security health check which will assess and evaluate your regulatory and contractual obligations, IT systems and internal protocols to help minimise the risk of a cyber-breach and the losses that would follow.
Click here for information on our London service, or here for Asia.
No business is immune from this threat. Whilst we must be mindful of the cyber-threat to our vessels and other operational assets, the shipping and transport industry must not lose sight of the need to protect its shore-side systems as well. The best form of defence remains a proactive approach to minimising the risk of successful cyber-breach. This requires more than just changes in technology. It requires a change in behavior on the part of executives and chief technology officers across the industry. Protocols have to be implemented and observed; emergency response plans prepared and tested. “Drilling” is the watch-word here. Our employees should be as well drilled in the cyber-response protocol as a ships’ crew are in relation to, say, an engine room fire. The IMO’s decision to include cyber-security in the ISM code in 2021 is to be welcomed. However, waiting until 2021 to implement an appropriate cyber-security protocol would be unwise.
Improving cyber protection need not be costly. Significant improvements can be made for a modest investment. As with any form of crime the perpetrators are looking for the easy victim; the low hanging fruit. Ensuring that your business is better protected than the guy next door would be a significant step in the right direction. Prevention is better than a cure, and a pro-active, top-down culture of cyber-security is absolutely essential if companies are serious about mitigating the threat of cyber-crime.