Yacht Cyber Security - Preparing for IMO2021

Cyber Security - it’s a hot topic these days with the new IMO legislation coming into effect on 1 January 2021. Experts expect global cyber crime costs to grow by 15% year on year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.

This exceeds the total annual cost of damage from natural disasters and profit from the global trade of illegal drugs combined. It represents the greatest movement of money in history. 

Kapersky, leaders in cyber security solutions, define cyber security as “the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing.”

Hacks take place every 39 seconds, on average 2,244 times per day and vessels and crew are more vulnerable than most of us realise. With IMO2021 regulations looming, it’s the perfect time to conduct a full audit to ensure your yacht is compliant and fully protected. 

Important considerations include:

• Network security: It’s vital to secure a computer network from intruders, both hackers and malware.

• Application security: This includes software and device security which begins at the design stage, so make sure it remains free from threats.

• Information security: It’s important to protect your data wherever it is stored and wherever it is transferred or shared.

• Operational security: This includes the protection of data assets, and the processes and decisions around access to data, for example, when granting user permissions.

• Disaster recovery and business continuity: This refers to the way an organisation responds to an incident that leads to loss of operations or data, and how they plan to function without certain resources.

• End-user education: More than ever, it’s vital to develop a greater awareness of cyber risks and to teach crew how to identify any threats on board. 

What is the aim of a cyber-attack?

There are many reasons hackers would want to infiltrate your personal/sensitive information. For crew, you are vulnerable to attacks on your bank accounts, identity theft or extortion. Vessels are susceptible to much more. We’ve all heard of GPS hacks steering yachts off course, leaving crew and guests at the mercy of their attackers. Superyachts are obvious targets, with large amounts of money constantly moving in and out, so extra caution needs to be taken especially around fake invoicing which is a common tactic.

Owners are also huge targets for extortion and their families are vulnerable to kidnapping. Information such as location, photos, personal files, email addresses and bank account details must be highly protected to mitigate the chances of this happening.

Preparing for IMO2021 Cyber Security Regulations

The initial step is a full cyber risk analysis to identify all potential threats and vulnerabilities and what the impact of a cyber-attack could mean. Once this is complete, the owner and management can develop tailored policies and procedures that outline roles and responsibilities for those on board to make sure these new processes are understood, upheld, and followed.

By being generally more aware, there are also steps you can take to protect yourself and your vessel, such as being cautious around hardware and software and making sure all your accounts are as protected as possible. Always ensure your anti-virus and malware software is up to date.

Fraudulent emails are also very common these days, so it’s important to know what to look out for. More than likely they contain an impersonal greeting, such as “Dear Valued Customer”. Check the sender’s email address – even if it contains a legitimate name, on closer inspection it’s likely to be something arbitrary and suspicious.  Spelling and grammar may also be notably off.

Never click on links from an unfamiliar source. If you’re unsure it’s always advisable to preview the link first. And never click on buttons asking you for your sensitive information such as updating your credit card details. If this is being requested by a company that you are familiar with, be sure to contact them first to double check.

If you find a random USB laying around, give it to your ETO or have it properly checked out by an IT specialist before plugging it in to your pc. Anything that can be programmed can be reprogrammed! Fraudulent chips can also be embedded into public USB ports, for example at the airport, so always charge your phone through a plug.

Finally, never use default passwords - the more complicated your password, the better. In a world where we all have a million passwords to remember, you might want to consider using a password manager so you can keep track and keep safe. Some great examples are 1Password, Bitwarden, Dashlane, KeePassXC and Nordpass.

Virtual Pursers are proudly affiliated with Pelion Cyber Security, experts in assisting vessels with compliance to the new IMO2021 legislation. They provide the full range of cyber security solutions for superyachts and assets ashore.

For more information on cyber security, check out our previous post here: Cyber Security in the Superyachting World.