Across every industry, the act of improving cyber security has become a common trend. It’s been a huge focus for us at here Helm Operations over the past year: we’ve been taking educational courses, identifying gaps in our processes, and creating policies and procedures to strengthen ourselves against the threat of cyber attacks. But as several companies in the maritime industry have experienced recently, even if you think you might be safe, you could be hit with a professional cyber attack.
In light of these recent cyber attacks in the fleet ship management software industry, we decided to attend the Cyber Risk Management webinar from the American Waterways Operators (AWO) and left with two key takeaways we felt were worth sharing.
1. The best way to start improving cyber security in your organization is through education on the core four threats (passwords, software updates, phishing, and USBs) and the creation of policies and response plans around them.
This first takeaway came from The Cyber Readiness Institute‘s presentation by Lessie Longstreet on the fundamental steps you and your business can take to become more protected against cyber threats and why it’s so important to do so. The first step The Cyber Readiness Institute (CRI) suggests taking is focusing on changing human behavior, particularly around four core issues: passwords, software updates, phishing, and USBs. Why these four issues? Here are some important numbers shared by the CRI:
- 63 percent of data breaches result from weak or stolen passwords
- 77 percent of attacks in 2017 exploited gaps in software already on computers
- 91 percent of all cyber attacks start with a phishing email
- 27 percent of malware infections originate from infected USBs
Being aware of where cyber threats are most likely to come from can help you create policies and procedures that create a culture of cyber readiness within your organization. To help with this process, the CRI has developed two free resources:
- The Starter Kit is a great initial step to take to get general guidance about protecting yourself against the risks of cyber threats. This option explains what threats you need to be aware of and how you can talk to your employees about cyber security.
- The Cyber Readiness Program provides five easy steps you can take to evaluate the current state of your cyber readiness and how to improve it by creating a culture of awareness within your company. This course covers everything from learning about the core four issues, to developing policies and response plans around cyber threats, to rolling it out to the workforce and measuring success.
2. If you’re already aware of where the most common cyber threats come from and have policies and procedures in place to mitigate them, then you might consider contacting the Coast Guard’s Cyber Protection Team about their proactive services to test your organizations strength against cyber threats. They can also run reactive tests to make sure a threat hasn’t unknowingly entered your network.
Using the resources provided by The Cyber Readiness Institute is a great start to improving the security of your organization. But if you want to take security even further, or if you think you’ve experienced a breach of security, you can reach out to the Coast Guard’s Cyber Protection Team (CPT) for help. In his presentation, LT Nate Toll outlined both the proactive and reactive measures the CPT performs to enhance the cyber resilience of maritime companies.
Proactive measures, such as network penetration or phishing tests, are designed to identify the vulnerabilities and gaps in your organizations critical infrastructure before they can be exploited by a malicious cyber threat. Once identified, the CPT will provide guidance on how to secure the network to better protect it from future threats.
The CPT can also take reactive measures to hunt and clear a cyber threat if you suspect there has been a breach of security. They’ll connect to your network to look at network traffic and install end point collection and response tool software on workstations to collect data and look for an adversary presence there. Then, if an adversary presence is found, they’ll clear it and provide recommendations on how to clear any potential malicious activity it caused. To learn more about the Coast Guard’s Cyber Protection Team and the services they offer, you can contact them by email at maritimecyber@uscg.mil.
Thank you to the AWO for hosting this insightful webinar! We hope this summary provides you with some new resources to help protect your organizations from cyber threats. However, it’s just a summary so, if you’d like all the details on any of these topics, you can watch the full webinar recording below:
Stay safe out there!