Written by Kristian Olsen, Product Manager | 23 July 2021
Stay up to date!
* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.
As the old cybersecurity maxim goes, users are the weakest link in the chain.
However, does this hold water in 2021?
We have heard for so long that the user is always the weakest link in cybersecurity that when someone gets hacked, we impulsively blame the victim.
“They probably clicked ‘yes’ when the antivirus kicked in.”
“They had a weak password that they reused across websites.”
“Did they even think before they clicked? A more security-conscious person would never have made that mistake.”
And so on. It was always the user’s fault. They simply weren’t ‘cyber aware’ enough.
Crew actions vs. systemic weaknesses
The reality of cybercrime has long since shifted. Yes, it is still true that your crews are a crucial part of the first line of defence. Negligent and poorly trained crew members represent a typical interlink for common attack vectors such as viruses, email attachments, web pages, pop-up windows, instant messages, chat rooms, and deception.
Crew culture and mindset are important in order to make your fleet less of a target. However, more and more cyber incidents do not involve any crew action, intentional or not. Cunning cybercriminals are increasingly exploiting systemic shortcomings and vulnerabilities. In many cases, “user cyber awareness” would not make a difference in preventing a breach.
What, then, is the best way to keep your crew cyber secure?
A resilient infrastructure
If the weakest link in cybersecurity is no longer the user, then what is?
The answer is the infrastructure, which increasingly controls personal and corporate data without giving any of your crew members a chance to do anything about it. In fact, if you have a resilient infrastructure in place, even eventual lapses in user behaviour will not cause severe consequences.
You must then have the best technical solutions, policies and procedures in place.
An important step in protecting your crew against cyber threats is to make them aware of the new cyber risk reality at sea – and make them take it seriously. You need to embed a culture of cyber risk awareness into all levels and departments onboard your ships. Train your crew properly and make them understand what good cyber hygiene looks like – and the risks of getting it wrong.
Crew members need to learn how to recognise when there might have been a security breach, and how to determine what is suspicious.
Plus, teach them to...
Think before they click
Research the facts behind emails and attachments
Make sure external drives and USBs are clean
Be aware when third parties access their systems or data
Protect their passwords
Never connect personal items to the ship's critical systems
Never use external WiFi for company emails or downloads unless the network is safe
Learn how back-up and restore is done on their ships
Always report errors and mistakes
Moreover, the critical importance of continuous and flexible cyber risk management needs to be communicated at all levels of your organisation – C suite included. C-level cybersecurity awareness is key, as corporate boards and executives will ensure that attention and budget are properly allocated.
The result should be a flexible cyber risk management regime that is in continuous operation, enables optimal use of resources, and is constantly evaluated through effective feedback mechanisms.
Editor's note: This article was originally published in August 2019 and has been revised and updated for accuracy and comprehensiveness
Written by Kristian Olsen, Product Manager
Kristian Olsen is a member of the Product Management Group at Dualog. A true Dualog old-timer, Kristian has served in several roles at the company, ever since it was founded in 1994. He holds a Master’s Degree in Information Technology from UiT The Arctic University of Norway. Kristian likes to “get in the zone” both onshore and offshore, as he is an avid cross country skier as well as a windsurfer with several national championships under his belt.