Coming out of 2016 I think it is fair to say that the cyber threat landscape is more dynamic and disruptive compared to previous years. We have seen nation-state-sponsored cyber-attacks target ongoing geopolitical conflicts, likely attempt to impact country elections, affect major sporting events, and disrupt countries’ key industries and critical infrastructure. If that weren’t worrisome enough, we saw cyber criminals taking their operations to a new level, replicating legitimate business operations by outsourcing and working professionally with suppliers, distancing themselves from potential risks, attribution and prosecution. So, 2016 truly became a year where the kinetic and virtual worlds collided via cyber threats. While it is too early to talk about actual cyberwar, evidence suggests that the increased resources and money made available for offensive cyber operations and cyber terrorism has led to hybrid types of operations where nation-states and organised criminal groups are empowered by anonymity and their offensive cyberspace capabilities to carry out operations in the real world.
Often labelled the Internet of Things (IoT), connected devices and equipment have become an entry path for cyber-attacks. While this digitalisation makes products easier to use, it opens the door wide to threat actors. In 2016, we saw multiple distributed denial of service (DDoS) attacks against service providers, investigative journalists and enterprises. In these cases, threat actors used poorly configured or secured IoT devices to send millions of requests to victim webservers or other infrastructure, crippling them or overwhelming them to the point that they stopped responding. Taking advantage of IoT devices in these types of attacks is not new, but the volume and bandwidth we saw occurring in 2016 was the highest ever. When I look at digitalisation and the cyber threat landscape, there are two key factors that concern me.
- The pace of government digitalisation towards citizens and businesses; and
- The adaptation of equipment, digitalising citizens and potential business critical data.
We are seeing governments, especially in Europe, digitalising communications between respective governments and their citizens. This introduces new potential threats where threat actors compromise an infrastructure containing sensitive personal information for various types of criminal schemes and fraud. Furthermore, the digitalised communication between businesses and governments might appeal to threat actors (potentially sponsored by nation-states), who are seeking out sensitive business information meant to enrich or support local markets or state-owned enterprises. While I do support digitisation and the benefits it provides citizens and businesses, I think it is vital for enterprises, organisations and governments to think about how to protect, store, and securely share data. Historically we have seen too many breaches where citizens and consumers were left vulnerable due to theft of highly sensitive and personal information. At the same time, we have seen business breaches where the potential loss of business-critical data and information has impacted product development or caused financial and reputational losses for the business. The digitalisation and IoT era have done more than expand the surface area for conducting cyber-attacks—it has also encouraged more threat actors to refine their ecosystem for the best possible ROI. This is also probably why malicious payloads like ransomware spiked in 2016 to the highest numbers we have ever experienced; the return on investment from the cybercriminal’s perspective is very attractive. So, what does this mean for the shipping industry? Two things, from my viewpoint:
- The industry needs to rethink how it makes data available. How could it become more agile, while offering better, quicker customer service, automating business processes, and working more closely with its customers and providers?
- From a security standpoint, digitalisation means that the visibility of where data is placed has become more complex. Data no longer resides inside a locked and protected environment; it now lives in the cloud.
Egress points have slowly become obsolete and transparent. We cannot build walls to contain the critical infrastructure and data because it is no longer centrally placed or controllable. That means the industry needs to look at and address the threat landscape differently. The very nature of shipping means working with and transporting goods from a variety of industries and nations, which also means that those targeting the industry will be motivated of a variety of reasons. Some might be motivated to steal information and enrich competitive companies. Others might be motivated to facilitate and transport illegal goods. By tampering with or breaching infrastructure, criminals can hide illegal items weapons, drugs and counterfeit goods. The shipping and maritime industry might also become a pawn in larger and more sophisticated attacks conducted by potential nation-state-sponsored threat actors seeking to disrupt or defeat another nation. It’s possible they might target specific transportation routes or transportation of goods associated with military operations to gain the upper hand in a conflict. Distinguishing between those threats requires a mature cyber security approach. Members of the shipping industry need to protect and defend against these threat actors. They need insight into how the threat landscape affects their business, how quickly they can respond, and what their adversaries’’ tools, techniques and procedures look like. Preparedness is the bottom line. Organisations within the shipping industry must be able to rapidly detect, respond and prioritise events related to cyber threats. The changing threat landscape requires security operations to quickly prioritise and deal with the alerts, events and threats that pose the greatest risk to their businesses and their customers—all while ensuring the business can function, uninterrupted, in a highly competitive space.
Jens Christian Høy Monrad, Senior Intel Analyst, FireEye iSIGHT Intelligence speaks at our KNect365 Maritime #Shipping2030 event. FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. FireEye has over 5,000 customers across 67 countries, including more than 940 of the Forbes Global 2000.