The main purpose was to increase awareness about possible real-life threats, and train staff on how to make a difference and prevent threats where possible to enhance cyber security. Indeed, everyone makes a difference. Often, the first line of defence are people, as the users of technology.
The seminars were conducted by Group IT Manager and Chief Information Security Officer from HQ in Limassol, Manos Manoli, together with the support of the local office. They form part of a wider approach to security assessment, risk management and strategy in cyber security within our organisation, with plans to also roll out the seminars in other Marlow locations around the world.
Cybersecurity remains a significant challenge for the maritime and shipping industry on the whole, especially due to the sector’s increasing reliance on digital technologies, automations and interconnected systems – such as those controlling navigation, crew management, communication, cargo management, and safety operations. We continue to witness major security threats, both at sea and ashore; Last year alone, a cyber-attack occurred every 39 seconds!
The industry’s digital transformation, while enhancing efficiency, also expands the attack surface for cyber threats. Hackers can exploit vulnerabilities in outdated software, unsecured networks, and inadequately protected systems, potentially leading to disruptions in operations, financial losses, and even major safety hazards.
The industry also faces unique challenges due to the complexity and diversity of global operations. Ships operate in international waters, moving between different jurisdictions, each with its own regulatory frameworks and cybersecurity standards. This makes it even more difficult to establish consistent and effective security practices across the industry, hence the importance of having a wider organisation policy and strategy.
Moreover, the industry has generally been slower to adopt comprehensive cybersecurity measures compared to other sectors. This is partly due to the perception that maritime operations are less vulnerable to cyberattacks, a notion that has been proven wrong by many recent incidents.
As cyber threats continue to evolve, the maritime and shipping industry, and us here at Marlow, must continue to prioritise cybersecurity by investing in modern technologies, ongoing training of personnel, and developing robust policies and infrastructures to safeguard against these growing risks.
MARLOW AMBASSADORS!
As a seafarer and employee at Marlow, you are vital to our organisation’s cyber security. If you ever encounter something suspicious or a possible online scam, such as on a website or social media, report it immediately to your line manager or to our office.
Common forms of cyber-attacks – Always Be Aware!
Phishing: Phishing attacks involve tricking individuals into revealing sensitive information, such as login credentials or financial details, by disguising malicious emails or messages as legitimate communications. These attacks often target individuals within organisations to gain access to corporate systems.
Ransomware: Ransomware attacks involve infecting a system with malicious software that encrypts the victim’s data. The attackers then demand a ransom payment in exchange for the decryption key. This type of attack can paralyze operations and lead to significant financial losses.
Malware: Malware is a broad category of malicious software that includes viruses, worms, Trojans, and spyware. Malware can be used to steal data, disrupt operations, or gain unauthorised access to systems. It can be introduced through infected files, email attachments, or compromised websites.
Distributed Denial of Service (DDoS): DDoS attacks flood a targeted system, network, or website with a massive amount of traffic, overwhelming its resources and causing it to become unavailable to legitimate users. These attacks are often used to disrupt business operations or extort money from the victim.
Man-in-the-Middle (MitM) Attacks: In MitM attacks, cybercriminals intercept and manipulate communications between two parties without their knowledge. This can lead to unauthorised access to sensitive information, such as login credentials or financial data, and is often used in attacks on public Wi-Fi networks.
SQL Injection: SQL injection attacks target databases by inserting malicious SQL queries into input fields, such as login forms or search bars. This can allow attackers to manipulate the database, extract sensitive data, or even gain administrative control over the affected system.
Password Attacks: Password attacks involve attempting to gain unauthorised access to systems or accounts by cracking or stealing passwords. This can be done through brute-force attacks, where attackers try numerous password combinations, or through more targeted methods like keylogging or credential stuffing.
Insider Threats: Insider threats occur when employees or other trusted individuals intentionally or unintentionally compromise security. This can involve leaking sensitive information, misusing access privileges, or failing to follow security protocols, leading to vulnerabilities that attackers can exploit.
