My Account

Profiled Partners

  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Be Cyber Aware at Sea
    Start the Course now!
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.


Good cyber hygiene organisations are the most protected ones

Safety4Sea, June 2019 
June 10th 2019
Safety4Sea, June 2019
In June's edition of Phish and Ships, John Donald, Cyber Adviser at AXIS Capital, compares two different forms of attack; The 'physical' one, coming from a military point of view; The 'digital' one, meaning cyber attack. He highlights why the cyber attacker has an advantage when attacking and the industry's vulnerabilities to attacks. You can read the article online here.

Specifically, Mr Donald notes that a rough rule of thumb in military circles is that an attacker needs a 3 to 1 advantage in manpower and firepower in order to successfully defeat a defender. Defenders, not attackers, typically have an advantage because it is normally easier to protect and hold than it is to move forward, to destroy and to take.

On the contrary, in the cyber worlds, it is common that the attacker has the advantage; Today's vulnerabilities when it comes to cyber attacks is mostly because the Internet's goal was primarily to share information, and not prevent its flow. 

Cyber attack is a common phenomenon due to the fact that it's low-cost and high payoff.

Moreover, the attacker has an advantage as the Internet and IT systems have a complex software, enabling the attacker move inside the cyber world and the user facing difficulties. 

The attacker and the defender are looking for open windows to find vulnerabilities, either to attack, or to be protected from. Yet, the number of vulnerabilities grows exponentially with the size and complexity of the system. The defender has little chance of finding every single vulnerability and patching it before the attacker finds one to exploit

Mr Donald, on the contrary highlights that: "Offensive techniques can be used for defensive purposes since the skill sets required are the same. Malware becomes obsolete quickly (hence the value of zero day exploits) and once it has been identified it can be rapidly defeated."

In light of Internet development in a fast pace the defender is now able to succeed, being protected from factors such as authentication, password managers and keychains, disposable ʻone-offʼ credit cards, cloud computing and faster patching cadences.

Although no organisation is fully-protected from attacks, those with a good cyber hygiene, educated users and well-configured systems can increase an attackerʼs costs significantly.

"In cyberspace, defence is more about best practice than best products."