Cyber security
Contents:
Our approach
Cyber/email attacks
Cyber security onboard vessels
Our approach
Our objective is to minimise cyber security risk and data protection risk and to secure employees’ active contribution to a risk prevention culture.
Cyber security is in essence IT security and what we have been doing for a long time. This includes technical measures like security patching of known IT vulnerabilities as well as anti-virus and firewalls. It also includes employee awareness and vigilance against fraud for example. These basic hygiene measures will need to continue, but at the same time we see new attack vectors and more sophisticated attacks which means that we need to step up to stay ahead. The Maersk incident in 2017 is a reminder of the cost associated with recovering from an attack.
Cyber/email attacks
In 2018, we continued to experience external fraud attempts through cyber/email "attacks" with various degrees of sophistication. Also, the more typical whaling (CEO) fraud attempts occurred where the fraudster takes the identity of one of our business leaders requesting bogus payments. We have during 2018 continued to make sure that our organisation, on a regular basis, has been reminded about these fraud attempts and the various scenarios that have occurred. These reminders, in addition to making sure we stick to our internal control procedures with regards to payments, are of paramount importance to avoid losses. In the most risk exposed geographical areas we operate, we frequently also remind our customers about the danger of fraud attempts. We believe that our awareness efforts and our increased focus on security measures is moving us in the right direction. In 2018, we had no substantial financial losses related to cyber/email attacks.
Cyber security onboard vessels
Cyber security onboard vessels require several strategies to be implemented. Ship management conduct training for crew as a mandatory and high focus area to mitigate human error that may lead to cyber security breach. There is also an established and enforced cyber security policy, onboard cyber security awareness training, training videos and frequent periodic updates on cyber security measures.
Working closely with ship owners is the way to enforce and build strong cyber protection. Owners are as aware as ship managers that any breech of cyber security can lead to potential damage in the delivery line. In tandem with the reliance of automation and digitization onboard, we see growing risks and implications of cyber security breech.