Ship & Boat International: eNews April 2019
The marine sector is too complacent when it comes to shielding itself from critical cyber-attacks, Israel-based security solutions provider Naval Dome warned this month. Speaking at the Singapore Maritime Technology Conference, hosted during Singapore Maritime Week, Itai Sela, Naval Dome CEO (pictured), opined that the maritime industry “still believes it is enough to have a Level 1 solution to protect against a Level 4 threat”. The ‘threat levels’ referred to are set out by the global standard IEC 62443 and range from Levels 0 (no threat) and Level 1 (casual or coincidental violations) to Level 4 (intentional violations, “using sophisticated means with extra resources…and high motivation”, the standard states).
“The maritime industry is just not prepared,” Sela told delegates. “All a hacker has to do is infiltrate a system at the ship manager's or OEM’s head office and wait until someone sends an infected email to a person aboard the ship – the attack is delivered. It spreads. It’s autonomous.” Sophisticated viruses capable of wreaking Level 4-type havoc can be obtained from the dark web “for a few thousand dollars”, he added.
Meanwhile, a report issued by cybersecurity firm ProofPoint has identified “lower-level employees” as the most likely company members to fall prey to cyber-attacks. Focusing on data gathered in Q3 2018, ProofPoint claims that 67% of all “highly targeted attacks” involving phishing or malware are typically carried out against personnel in this category, while 40% of attacks are carried out against “contributors”.
ProofPoint’s data suggests that staff employed in “upper management” make up 27% of the most targeted emails. However, despite this lower percentage, the Reboot Digital Marketing Agency has argued: “Given that upper management accounts for a smaller proportion of businesses, [the report] suggests that those in C-level positions – directors and department managers – may be targeted disproportionately more often.”
