Written by Walter Hannemann, Product Manager | 07 August 2019
As the old cybersecurity maxim goes, users are the weakest link in the chain.
However, does this hold water in 2019?
We have heard for so long that the user is always the weakest link in cybersecurity that when someone gets hacked, we impulsively blame the victim.
“They probably clicked ‘yes’ when the antivirus kicked in.”
“They had a weak password that they reused across websites.”
“Did they even think before they clicked? A more security-conscious person would never had made that mistake.”
And so on. It was always the user’s fault. They simply weren’t ‘cyber aware’ enough.
The reality of cybercrime has long since shifted, though. Yes, it is still true that your crews are a crucial part of the first line of defence. Negligent and poorly trained crew members represent a typical interlink for common attack vectors such as viruses, email attachments, web pages, pop-up windows, instant messages, chat rooms, and deception.
Crew culture and mindset are important in order to make your fleet less of a target. However, more and more cyber incidents do not involve any crew action, intentional or not. Cunning cyber criminals are increasingly exploiting systemic shortcomings and vulnerabilities. In many cases, “user cyber awareness” would not make a difference in preventing a breach.
What, then, is the best way to keep your crew cyber secure?
If the weakest link in cybersecurity is no longer the user, then what is?
The answer is the infrastructure, which increasingly controls personal and corporate data without giving any of your crew members a chance to do anything about it. In fact, if you have a resilient infrastructure in place, even eventual lapses in user behaviour will not cause severe consequences.
You must then have the best technical solutions, policies and procedures in place.
Read more: How to secure email traffic on ships
An important step in protecting your crew against cyber threats is to make them aware of the new cyber risk reality at sea – and take it seriously. You need to embed a culture of cyber risk awareness into all levels and departments on board your ships. Train your crew properly and make them understand what good cyber hygiene looks like – and the risks of getting it wrong.
Crew members need to learn how to recognise when there might have been a security breach, and how to determine what is suspicious.
Plus, teach them to...
Moreover, the critical importance of continuous and flexible cyber risk management needs to be communicated at all levels of your organisation – C suite included. C-level cybersecurity awareness is key, as corporate boards and executives will ensure that attention and budget are properly allocated.
The result should be a flexible cyber risk management regime that is in continuous operation, enables optimal use of resources, and is constantly evaluated through effective feedback mechanisms.
Read more: Dualog® Protect – easily explained
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.