Cyber security threats have grown in reach and complexity, With multifaceted vulnerabilities and cyber-attack scenarios (intended or unintended), the answer to cyber security lies in a multifaceted approach to manage risks.The National Security Agency (NSA) has brought to light several revelations in the recent years that have hinted at various international malware attacks. Despite this, ship owners and managers belonging to the maritime industry are still not treating as a top priority. While it is true that they are far from the biggest targets of cyber attacks, any attack has the potential to cause serious harm and should be protected against. Below, we present two examples of past cyber attacks on the maritime industry and the consequences thereafter.
Incidents of Maritime Cyber Security Breaching
1. The Port of Antwerp
A drug-smuggling gang hired hackers to breach the digital tracking systems of a ship and locate drug-filled containers. The smugglers were then able to dispatch their own drivers and retrieve these containers by sending then ahead of the scheduled collection time.
Fortunately, the severity of the situation was easily seen and with due cooperation, the authorities shut down the smuggling ring within 2 years. Although the maritime companies involved did not suffer any lasting damage, according to security experts, the damage could have been far greater and the companies were extremely fortunate. These criminals could have gained access to and manipulate a vessel’s AIS, giving the impression vessels were in false locations or making phantom structures or vessels appear. The damage could have easily been severe and irreparable.
2. The Hacking of a Drilling Rig
Our second incident of breaching occurred when the maritime internet on a drilling rig was compromised and operations were forced to suspend. Furthermore, during this incident, hacker were able to eliminate an entire database of cargo information associated to a container line. All sorts of crucial information like container location, place of origin, and contents were removed from the system.
Although there have been a number of reported instance of cyberattacks in the maritime industry, there is a remarkable lack of transparency on the issues, as companies involved attempt to hush up their involvement. Thus far, neither the names of companies attacked have been reported, nor have companies come forward with information about the attacks. To date, we are still unsure who has been affected. Of course, this is to be expected as news of cyberattacks related to a company can severely affect trust in their brands. However, this lack of transparency severely hampers attempts to help secure the industry from future attacks.
What Should Maritime Industry Companies Do?
Ultimately, whether a company name gets exposed or not might not be as important as a leak of confidential information from a hacking. Protecting one’s self and one’s customers must take precedent over all else. Therefore, although maritime internet security is not traditionally a sexy issue, it needs to be discussed out in the open and acted upon. The following are some of the preventive measures that concerned companies, ship owners, and managers should take:
- Raise awareness of the cyberattack issues at the executive level
- Adopt good “cyber hygiene” in order to dissuade opportunistic attacks
- Prevent accidental security compromises, develop and implement proper IT policies and maintain a top-down approach
- Regularly backup data
- Maintain strong user access controls
- Set strong network access controls
- Update all software constantly
- Train employees to recognize cyberattacks and seek immediate support to prevent losses
- Develop strong policies regarding external computer storage, such as USB memory sticks and other external drives.
Though few and simple, most companies do not maintain these kinds of cyber policies, though just these would be extremely effective in securing maritime networks from cyber attacks. Often, many attacks and opportunities arise from human error and poor standard procedures on that lead to lapses in judgement. These few simple rules may make ultimately make the difference to your company in the future.
Blockchain is the future of cybersecurity
Blockchain is a non-editable record of data managed by a cluster of computers. The system is not owned by anyone and it acts like a democracy of data. The technology is all about ‘blocks’ of data ‘chained’ in a public database. It’s like an encrypted digital ledger that is shared among a closed network. Blocks can usually store upto 1MB of data. So if you have more transactional information, you have to store it in different blocks and chain them together. Once a block is added to the Blockchain, it turns public for anyone to view. Blockchain offers complete transparency of the transaction but at the same time ensures privacy too. This is why experts call it the future of cybersecurity. Still, critics question the scalability and sustainability of the technology. So is the technology really viable? Let’s discuss!
Why is Blockchain transparent?
You can connect your computer to the Blockchain network and receive updates whenever a new block is added. Since every piece of information is spreading across a network of computers, it is very difficult to manipulate the data. This is because, the hacker will have to hack into the thousands (sometimes millions) of computers in the network and manipulate every copy of the Blockchain. Not that easy!
Is your information kept private?
The blocks contain more of transactional data recorded with a unique user ID called the ‘digital signature’. All your transactions will be stored under this digital signature and not your name. So even if your blocks are on a public database one cannot search for your transactions that easily. For example, Instead of “Roger sent 1 BTC” , your transaction will be recorded like this:
“1MF1bshFLkBzz9vpFYEmvwT2TbjCt7NoJ sent 1 BTC”.
This is how Blockchain ensures privacy and transparency at the same time. Blocks are differentiated from the other blocks using a code called hashes. Each block has a unique hash. The position of a block in the chain is called ‘height’.
Why is Blockchain Immutable?
Also, you can’t stealthily alter a block. If you edit a block, it’s hashcode changes as well. Since blocks are stored sequentially, the changes in one block would affect the hash of the other and this would go on like a chain reaction. So every tiny change you make would be apparent and it is almost impossible to hack these systems. So the bottom line is this “once you add a block to the chain, it is difficult to edit it and impossible to delete it.
So, where is the Blockchain server?
Nowhere! Blockchain is stored in a cluster of computers using peer to peer networking. Having a single server for all the nodes in the network would slow down the process of downloading and uploading. Also, when there is a server failure, it would affect all the nodes in the network. But this is not the case in peer to peer networking. By eliminating the single server system, even if one computer fails, there is always another one to download data from. Peer to peer networking also have the advantage of not being prone to censorship.
What Blockchain means to Cybersecurity?
Apparently, Blockchain is a very viable technology when it comes to protecting data. Here’s a list of top 4 use-cases:
In the data age, there’s nothing as harmful as storing all your data in one place. By decentralising data storage, Blockchain revokes hackers from having a single point entry. Another advantage of blockchain data storage is that even if you give access to third parties, you can revoke the cryptographic access key anytime.
2. IoT security
IoT is becoming ubiquitous in enterprises and every system is networked. If one trivial device like a smart doorbell or a thermostat is hacked, it becomes a doorway to hack the other devices. This is where Blockchain comes in to save the day. With blockchain, devices don’t need to rely on a centralised control system. This way devices can make their own decisions and block necessary data if any suspicious behaviour is detected. Blockchain would also render a safer DNS and private messaging systems.
3. Secure authentication
ID management is one of the most sensitive systems in an enterprise. Passwordsense considering the advancement of hacking systems today. But blockchain systems are reliable because they use biometric data and private keys. According to Facebook, accounts are hacked 600,000 times a day.
4. Automated Updates
Hackers inject malware into the systems in the form of updates. This becomes worse in the case of automated systems where there is no human entity to verify the authenticity of the updates. But blockchain based systems recognise potentially harmful components and block them.
Wrapping it up,
The scope of Blockchain is not just limited to Cybersecurity. The technology is making significant strides in other industries as well. Since it is very secure and transparent, the transactions can be totally done between two parties without needing a middle man. This means you can hire a cab without Uber and book a stay without Airbnb. Cutting out the third party applies to financial institutions too. Blockchain will replace all the operations carried out by a bank. So in the future, bankers would just be mere advisers and not the gatekeepers of your money. Also, Stockbrokers will not be able to earn through commissions. It’s truly going to bring revolutionary changes in the next few years.
Insights on Cyber Security, Types of Cyber Attacks & Their Effect
With the advancement and modernization of technology, the threat of cyber-breaches has reached sky high and somehow we are also responsible for the growth of these activities as proper security steps are not always been taken to restrict them.
However, since last few years due to the increase in the awareness, the security features against cyber crimes has been made strong in both government and private sectors but still there are huge loopholes which is being used to commit these kinds of crimes.
Types of Cyber Attacks, Their Effect and Solution:
DDoS Attack: – Distributed Denial of Services what DDoS means. In this, the attacker takes control of several computers by hacking into the system and creates many zombie computers. Then all the systems are used together to send bulk data to any particular websites or server causing overloading and end result is slower service to the legitimate users and even complete shutdown of the website or the server.
- Solution: – It may not directly affect you, but your system may be responsible for a bigger incident. Below are the steps that can be followed to reduce the chances of anyone taking over your system: –
Install latest version of antivirus.
Firewall is also very effective in restricting the generation of unwanted traffic from your system.
Manage unwanted emails.
Avoid clicking on links or opening attachment sent from any unknown source.
Hacking: – This one is the most common term related to cyber attacks, here someone gains access to your system by unauthorized manner. So after the access is taken, the attacker can get access to any files in the system, like private files, pictures, information and others. Installing Trojan horse allows the person to get access to your system at any point in time.
- Solution: – To secure the confidential data and information, you need to protect your system from getting hacked by:-
Strong and uncommon password.
Update software’s on regular interval to protect from Malware.
Ensure security while making internet phone calls.
Get antivirus for additional security.
Malware: – It is the most common way used to gain access to your system or damage the same. In this process malicious software’s like Trojan horses, adware, virus and others are used to infect the computer. It is same as gaining complete access to your system as do all kind of possible damages.
Cybersecurity market trends – The Past, Present and the future
The privileges of digital transformation bring with them their fair share of cybersecurity risks. According to McKinsey, 47% of companies encountered cybersecurity breaches. This is serious considering the quantum of sensitive data being digitised today. Besides strong passwords and multifactor authentication, experts recommend an insurance too. Some experts say that cyber attacks are more dangerous than nuclear weapons.Keeping privacy private has become a hardwon luxury. So how did these cyber crimes evolve? Do we have enough resources to defend? Are companies future-proofing their data against these threats? Let’s discuss!
The Past: Evolution of cybercrimes
It all started with a failure project
Three decades ago the word cybersecurity did not exist in the IT vocabulary. It all started with an error created by a student of Cornell University in 1980. The project intended to measure the size of the internet by infecting UNIX systems. But an error made all the networks clog and systems crash. This was called the computer worm and is the world’s first cyberattack (though that wasn’t the intention).
“I Love You” Virus and the Mafia Boy
The 1990s introduced the world to more aggressive threats called viruses. Two viruses named “ILOVEYOU” and “The Melissa” had a front seat among the group of viruses. They made headlines for failing the email systems across the world. In 2000s, Michael Calce (a.k.a. Mafiaboy) attacked the e-commerce websites that cost the industry a whopping $1.2 billion. Followed by this was an era of credit card hacking and corporate data breaches.
Yahoo Data Breach
Yahoo is the biggest victim of data breach in history which exposed over 3 billion accounts in just a year. Post this scandal, Yahoo had to sell the company for $4.48 billion, though it was once valued $100 billion. And now, we have reached a point where everything on the internet is at risk!
The Present – What’s happening?
Let’s face the truth: Today’s solutions are not sufficient! Current cybersecurity models don’t operate at cloud speed. Also, there’s a huge talent gap in the industry. Despite witnessing disasters like the Yahoo data breach and Capital one breach, over 60% of the companies don’t update their IT systems. Today, business can lose up to an average of $2 trillion per year due to cyber crimes. IoT insecurity is more threatening than phishing links. Gartner predicts connected devices en route to hit 25 billion in 2021. This equates to a titanic amounts of cyber risks. The entertainment industry is also facing big challenges as hackers leak the content before production companies itself.
The Future: Cybersecurity business is the next big wave!
Where there’s a problem, there’s an opportunity! Yes, Cybersecurity market is getting off the ground. Cyber Crimes have given birth to a whole ecosystem of cybersecurity startups. Companies started offering free cybersecurity software to secure future elections. The catch? Publicity! Just imagine advertising your software company to a whole country. Cybersecurity companies and the government are doing all the heavy lifting to prevent the damages that are estimated to hit $6 trillion in the next few years. This eventually creates a demand for talent which reflects on 3.5 million open positions by 2021. Besides human talent, cybersecurity would need tons of automation. Infact, the cybersecurity industry runs by less than 2% of humans. The rest is automated. The cybersecurity industry is also being empowered by technologies like AI and Blockchain. So the demand for cybersecurity would reflect on the AI, Robotics, automation and Blockchain technologies as well. Cybersecurity business seems to be the next big wave!
Cybersecurity stocks to watch
Digital transformation and cloud are making significant strides in the tech industry. This is one of the major reasons for making the cybersecurity market really lucrative. Here’s a list of top 3 Cyber Security stocks to watch in 2019:
- FireEye: The Milpitas-based start-up provides cybersecurity solutions for enterprises and governments. Founded in 2004, the 15-year-old company has hit a valuation of $2.69 billion (as of 2018). The unicorn has acquired over 7 startups and generates an annual revenue of $831 million dollars.
- Qualys: The Foster City-based company is providing cybersecurity solutions for cloud-based applications and data. The company has made over 3 acquisitions so far and is valued at $360.6 million. The company generates $289.4 million in revenue annually.
- Fortinet: The Sunnyvale-based startup provides integrated and automated cybersecurity solutions. The company valuation has hit a whopping $14.03 billion and generates an annual revenue of $1.08 billion. Fortinet has made 11 acquisitions so far.
Wrapping it up,
Governments and corporations are starting to realize the importance of cybersecurity. Almost all the tech companies have decided on having cybersecurity expert as a board member. Though speculations suggest cyberwars in the future, countries are getting ready to defend. In fact, the National Security Agency (NSA) of the USA has already launched its cybersecurity arm. Also the defence department is creating a Blockchain based cybersecurity shield. Tech giants in the U.S are dumping millions into the industry. New York which is the capital of Media and Finance is trying to become the cybersecurity capital as well. The future looks like a more secure place.