Pirates have always sailed the high seas, including in modern times. It seems unlikely that in our civilized world there are still brigands wreaking havoc in the oceans, but there are. The World Shipping Council reports that in 2011, there were 439 pirate attacks and 45 merchant vessel hijackings. The issue “poses a significant threat to world shipping” and the greater freight industry.
Now, a new kind of pirate has emerged, and these dastardly criminals never even smell the salty air. Cyberpirates have taken to attacking freight ships and ocean-based shipping companies, and they’re doing it remotely.
Does it sound like a fantasy to you? Think again. In 2017, Maersk experienced a cyberattack that caused one of the most significant disruptions ever in the global shipping industry. The resulting infection caused the company to shut down operations in more than 76 terminals globally. It cost them more than $350 million in damages, and to fix the problem, users had to update more than 40,000 devices.
And it will likely happen again.
How Is Cybercrime Related to the Ocean Shipping and Freight Industry?
Nearly everything today is becoming more modernized through digital solutions and advanced technologies. That’s exactly what’s happening in the freight industry. The ships and transports of today are becoming smarter and more connected, thanks to the likes of GPS and location tech, IoT and advanced control systems.
With an IoT-enabled sensor, for example, a freight company can track and remotely monitor nearly everything about a ship. An administrator can see a vessel’s location, its current condition or maintenance issues, potential hazards nearby and even real-time status updates from the crew aboard. The technologies in place are similar to how shipping via trucks works.
The root problem is that these systems are connected not just to a local and private network, but a more open one. All those systems are communicating and transferring data across a network, and it all flows back into a central access point. That’s where the bad guys come into the equation. By taking advantage of vulnerabilities or holes in security, they can tap into those data streams.
In some cases, the targeted systems have no relation to the greater operation of a company or team, yet the repercussions are immense. The attack that hit Maersk, for instance, involved their payment and invoicing system. However, it still forced the company to cease operations for a time on a global scale.
Inexperience and Rapid Adoption Can Lead to Poor Security
Even with the associated risks, however, you cannot blame the systems or technology. Yes, opening your sensitive data and information to a more accessible network is dangerous, but with the appropriate security in place, you can mitigate that risk.
As we’ve seen in many industries, companies adopt and deploy newer technologies almost too rapidly. It’s not just about the speed with which the systems get developed and installed. It’s also the subsequent security and protections that get implemented, which almost never receive the necessary priority.
According to the Department of Commerce Internet Policy Task Force, nearly 67,000 new malware threats go live on the Internet every day. That amounts to 45 new viruses, worms, spyware and digital threats created per minute.
To keep up, security must be the foundation of any new system or platform. Once deployed, security must also continue to be both a concern and priority for all involved. Sadly, that’s not the case in many industries, which is why we’re seeing so many high-profile attacks playing out.
Just look at the Equifax breach. You’d think a company responsible for the sensitive financial and personal details of millions of American citizens would have their security in order. Wrong. The massive breach happened because the company did not update their web-application software — yet they had ample time. Furthermore, it’s likely the company had no additional security measures in place to protect the retrieved data, such as advanced encryption.
Although Equifax is largely unrelated to the freight and shipping industry, their negligence should serve as an example to everyone. Security is a necessity in today’s landscape when it comes to digital systems and information. You must have appropriate protections in place, and you must be willing to maintain all systems.
In the end, cyberpirates will continue to be an increasing threat, especially as today’s ships evolve and incorporate newer technologies. So long as security remains a key focus, companies will be able to mitigate attacks, and maybe even prevent them entirely.