Written by Rune Larsen, Product Marketing Manager | 22 January 2021
IMO and the classification societies require shipping companies to keep their email traffic on ships secure. The only way to do this is to implement advanced, multilayered email threat protection explicitly built for the maritime industry.
Ever since 2017, the IMO resolution has been a talking point in the maritime industry. Now the cybersecurity rules have taken effect. By the next annual verification of your shipping company’s Document of Compliance, you are mandated to ensure that cyber risks are appropriately addressed in your existing safety management systems (as defined in the ISM Code).
In practice, this means you as an owner or manager need to have a comprehensive cybersecurity management programme in place within your organisation and on your ships. This includes having the appropriate tools to prevent malware and other malicious content from reaching your vessels.
Consequently, you need to secure the most commonly exploited vector for cyber attacks – email.
Read on to learn how Dualog® Business Mail helps you comply with IMO 2021, by protecting your business and crew accounts from a multitude of email-borne cyber threats.
Shipping companies have gotten good at educating their staff and onboard crews about the risks of phishing emails containing links to malicious websites. But despite security awareness training, humans will make mistakes. There will always be crew members in a hectic maritime shipping environment that click on links or attachments without thinking about it.
Once clicked, they lead to harmful downloads such as viruses or malware that cybercriminals use to get into ship systems and steal business-critical data.
According to security researchers at IBM and their X-Force Threat Intelligence Index, individuals lured via phishing attacks represent one-third of inadvertent activity that leads to a security breach.
Training can only go so far to prevent your onboard crews from being tricked by infected email messages that potentially end up wreaking havoc on the entire ship network.
Even though IMO compliance calls for awareness and training to be an essential part of your cybersecurity risk management processes, deceptive email attack strategies are challenging to mitigate without reliable technological solutions in place.
Hence, the only way to keep your fleet email fully secure is to implement a multilayer email security gateway that security checks email messages before they land in crew members’ inboxes.
In a previous blog article, we detail how Dualog® Business Mail secures your fleet email. Each message sent to your ships goes through an extensive security check in the Dualog® MailDefence email security gateway.
Read more: How Dualog's email solution adds value to your company
To be ready for management systems audits and deemed IMO compliant by the classification societies, you must put the NIST Cybersecurity and Risk Management Framework into practice across your fleet.
This means that IMO requires you to have an email solution that provides comprehensive protection against email threats – that is, a layered security strategy able to stop spam, phishing emails, malicious links, and malicious attachments before they are delivered. The email solution must detect and eliminate advanced spear-phishing emails, prevent domain spoofing, and protect users from malicious internet content.
This is exactly what Dualog® Business Mail does. Purpose-built to detect and block phishing, spoofing, malware, ransomware, zero-day viruses and other malware, the service mitigates any attack relayed by email and helps ensure continuity of shipping operations. Doing so, it addresses the first and second IMO compliance demands, which are ‘Identify’ and ‘Protect’.
Combined with the full spectrum of Dualog’s maritime-optimised cybersecurity solutions, implementing Dualog® Business Mail – in conjunction with MailDefence – moves you toward the cybersecurity certifications necessary to achieve IMO compliance.
Read more: IMO2021 is coming fast – which boxes do Dualog’s solutions tick?
Email is still the number one threat vector, with more than 90% of attacks starting with an email. Ransomware and phishing are the two most commonly used hacking techniques. Training is vital, but having a robust email protection solution is essential.
The International Maritime Organization and classification societies require shipping companies to have a multilayered cybersecurity approach, with tools to stop or minimise the occurrence of spam and other malicious content from reaching your vessels.
With Dualog® Business Mail and MailDefence, you can rest assured that you have state-of-the-art email protection in place, with robust monitoring that ticks all the boxes in your cybersecurity audit.
Rune Larsen is Product Marketing Manager in Dualog. Educated in business strategy and marketing from the Arctic University of Norway, he has more than 25 years of experience in the creative industry, where he worked as a writer, consultant, graphic designer, and creative director in various advertising agencies and design studios. He's been orchestrating brand identity projects, design work and brand building campaigns for a wide range of organisations. He brings a passion for great design to the team, never compromising on the importance of the 'experience' part of UX. When not at the office, he enjoys hiking with his wife or is busy being a football coach for his youngest daughter. His fitness regime involves either running or cross-country skiing. Rune is an avid reader of business-related books, and he loves the occasional bottle of Barolo.
