We are seeing that big players in the maritime industry require that we have state of the art security mechanisms to meet the new generation of threats. A professional approach to cyber security can become one of Wilhelmsen’s competitive advantages.
Our objective is to minimise cyber security risk and data protection risk and to secure employees’ active contribution to a risk prevention culture.
Cyber security is in essence IT security and what we have been doing for a long time. This includes technical measures like security patching of known IT vulnerabilities as well as anti-virus and firewalls. It also includes employee awareness and vigilance against fraud for example. These basic hygiene measures will need to continue, but at the same time we see new attack vectors and more sophisticated attacks which means that we need to step up to stay ahead.
Cyber / e-mail attacks
We continued to experience external fraud attempts through cyber/email "attacks" with various degrees of sophistication. Also, the more typical whaling (CEO) fraud attempts occurred where the fraudster takes the identity of one of our business leaders requesting bogus payments.
We continue to make sure that our organisation, on a regular basis, are reminded about these fraud attempts and the various scenarios that have occurred. These reminders, in addition to making sure we stick to our internal control procedures with regards to payments, are of paramount importance to avoid losses. In the most risk exposed geographical areas we operate, we frequently also remind our customers about the danger of fraud attempts. We believe that our awareness efforts and our increased focus on security measures is moving us in the right direction.
Cyber security onboard vessels
Cyber security onboard vessels require several strategies to be implemented. Ship management conduct training for crew as a mandatory and high focus area to mitigate human error that may lead to cyber security breach. There is also an established and enforced cyber security policy, onboard cyber security awareness training, training videos and frequent periodic updates on cyber security measures.
Working closely with ship owners is the way to enforce and build strong cyber protection. Owners are as aware as ship managers that any breech of cyber security can lead to potential damage in the delivery line. In tandem with the reliance of automation and digitization onboard, we see growing risks and implications of cyber security breech.
- Implement a cyber security framework with continuous assessment on both where we are and where we need to be when it comes to cyber maturity
- Increase employee competence in cyber security and data protection risk prevention behavior
- Strengthen operational measures in cyber security