Welcome
Summary
Course
Exam
Certificate
Library
News
Verify
Support
My Account

Profiled Partners

  • Be Cyber Aware at Sea
    Start the Course now!
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
 

 
 

Industry collaboration will be essential for tackling cyber threats

Lizzy Foster, July 2017 
July 21st 2017
Lizzy Foster, July 2017
A recent regional survey of 500 professionals has unveiled that only a third of companies in Singapore have shared information on cyber threat incidents with their industry peers. This is lower than the 44% average in Asia-Pacific and half of the Chinese statistics.

An article reporting on this in Today Online by Tan Weizhen, outlines the key reason why firms are so hesitant:

Fear of being seen as a victim of data breaches  - subsequent reputation damage, loss of confidential details and company downtime

Palo Alto Networks, who conducted the study, found that 'The publicity that comes along with the failure to prevent a cyber attack appears to have a greater negative effect on an organisation's reputation, going beyond financial impact.'

While their fears are not unfounded - public trust in a company's ability to protect itself and its, and others', data is easily lost in the wake of a cyber attack and hard-won back - it nevertheless has a worrying effect on the long-term ability of the industry to protect itself. After all, this is a relatively new and expanding area of threat and, just like in a war, industries must ally themselves together to effectively combat the enemy.

What is all the more startling is the same study revealed that 37% of respondents in Singapore had suffered losses of at least S$140,000 due to data breaches in the last financial year. 

In Singapore there is a government led drive to change this attitude in law - a draft Cybersecurity Bill is being put to public consultation which will require critical information infrastructure owners of 11 key sectors to report any cyber security incidents and share these with authorities - these industries include maritime.

For many organisations combating cyber threats is a case of throwing money at the problem - investing in stronger technology-based solutions and expert consultants. Certainly money may help bridge the gap for technological holes and expert assessments will highlight weaknesses.

Cyber security expert: Money not enough to combat cyber threat - share experiences, educate staff and raise awareness

However, it is the belief of Palo Alto Networks - a cyber-security expert - that simply throwing more money at the problem, while useful, is not sufficient.

Organisations must ensure 'employee education is elevated to the top of their cyber security agenda' says Sean Duca, vice-president and regional chief security officer (Asia - Pacific). He puts additional emphasis on collaboration between business leaders: 'A good approach to cyber security requires the buy-in of business leaders and understanding of the threat landscape so they can help design and implement more effective cyber security policies in order to prevent breaches'.

His view is shared by Crowley which recently reported that 'Risk still exists if an employee can't identify a phishing email and doesn't know how to quarantine it. Because of this, security awareness and education is one of Crowley's core strategies for defending against cyber-security incidents'. 

If companies operate 'in the dark', tackling their own threats without sharing the information with their peers then the landscape remains murky for everyone. Only by having a clear view of the extent of the frontline - what weaknesses have been exploited, what methodology was utilised and how, etc - can industries start building a stronger defence system.

Current information sharing initiatives recently launched - CSO Alliance encouraging transparency on threats to strengthen industry

Initiatives are already underway in the maritime industry, led by CSO Alliance (the alliance of Company Security Officers in the maritime sector). In June they launched their initiative to combat global cybercrime with the Global Cyber Incident Reporting Portal , supported by BIMCO, North P&I and the DNV GL.

Appreciating the concerns highlighted in Singapore, their online portal will be 'a confidential forum' which 'will allow communication between members, the exchange of experiences and the sharing of advice on dealing with particular threats.'

'The website will provide a tool for analyzing malware and, perhaps most critically, it will allow for the anonymous reporting of incidents. This feature can eliminate worry about consequences to an organisation’s reputation, while enriching data on types of threats and enabling rapid alerts on emerging risks to the entire industry.'

The portal is being trialled over summer 2017 but we would encourage any maritime organisation concerned about industry cyber security to show their support for the initiative.

Industry-wide collaboration is going to be one of the key tactics to outsmart cyber criminals - lets start today.

Sources: CSO AllianceToday OnlineSafety4Sea