Tue, Dec 9, 2014
This joint article from Kroll and diversified marine insurance provider Skuld was originally published as a Skuld member advisory.
With the international shipping industry estimated to carry over 90 percent of today’s world trade, the temptation for criminals has never been greater. Savvy criminals around the globe are exploiting cyber vulnerabilities to perpetrate a wide range of crimes from longstanding physical ship-related dangers like piracy and smuggling to more recent financial-related frauds like the diversion of payments.
The challenge for ship owners is even more complex because cyber criminals are targeting diverse facets of the shipping industry. For example, there was a well-documented case of drug smugglers subverting an IT system at a major port in order to facilitate the smuggling of contraband in containers.
The rise of targeted piracy and drug smuggling reflects how criminal organizations have become more sophisticated. They will seek detailed intelligence on potential targets and will use modern technology to source information and data to assist in their planning and execution of criminal ventures. Drug traffickers, drug and people smugglers, pirates and fraudsters of all stripes are taking every opportunity to gain information that they can turn to their advantage.
While shipping and logistics companies are expert at maritime transport, they may not have the same experience with IT security. It will be essential to invest time, effort and capital into security measures to ensure these cyber risks are appropriately managed. Companies leave themselves open to great danger when they do not take into account all the potential risks and loopholes when designing and implementing their company-wide cyber security strategy.
Risks posed by technology
Over the past five decades, computer controls have been integrated into innumerable operational and business processes across diverse industries, including the shipping industry, resulting in considerable improvements in safety, accuracy and profitability. There is another side to the digital revolution, however. In the absence of appropriate protection and loss prevention measures, the increased reliance on technology for even the most basic operations can leave a business exposed to business interruption or, in a worst-case scenario, continuity failure.
Cyber security threats today are increasing in variety, frequency and sophistication be it from a Trojan USB stick that introduces malware aimed at acquiring sensitive commercial information… an email with detailed vessel itineraries sent to a large group of unknown people the full-scale subverting of a company’s IT system or the potential compromising of the Automatic Identification System (AIS) and Electronic Chart Display and Information System (ECDIS) on board ships. The number of potential risk scenarios is significant and keeps growing. Fraudsters employ whatever hacking technology works, often tailored to specific targets of opportunity.
Some organizations may be more at risk than others depending on the type and value of data they store. However, experience has shown that hackers will generally gravitate toward the low-hanging fruit of victim networks that are more easily breached. As such, it is essential that companies prepare for and expeditiously address identified vulnerabilities.
Risks posed by insiders carelessness or intentional?
The internal cyber threat is also significant and should not be underestimated, making it urgent for companies to be fully aware of what information they have on their systems, who has access to it, who is accessing it and why. A recent Kroll analysis of client cyber cases across all industries found that 51 percent of breaches were tied to insiders. In many cases, these were not solely malicious people with a company axe to grind, although they are often part of the problem. Employees with the best of intentions may still be careless; data is mishandled and files are disposed of improperly. And even the most sophisticated employees can be tricked into divulging confidential information or authorizing what turns out to be a fraudulent disbursement.
Employees or business associates can also be duped into revealing key information. The most common tactics are phishing or spearfishing emails. The goal is to get victims to open attachments or click on links in an email. While the phishing approach is more scattershot, spearphishing generally focuses on specific people within an organization. Attackers might comb social media sites such as LinkedIn or Facebook to impersonate senders who are either well-known to recipients or otherwise considered trustworthy. Once the victim opens the attachment or clicks on the link, the sender is free to introduce malware, ransomware or key loggers or gain credentials to access confidential information.
While the idea of outsiders taking over critical operational controls may keep management up at night, employees or other insiders like contractors and suppliers often pose a more immediate and equally serious risk. Whether they are negligent, malicious or unwitting accomplices in a fraudster’s scheme, insiders can be the conduit for information coveted by criminals.
Bribery and extortion are other ways that criminals can get insiders to acquire and pass on information that is essential for protecting the safety of the crew and cargo. Disgruntled workers can also betray valuable data for spite or money. A typical internal fraudster’s traits may or may not be spotted by the trained eye e.g., previous offenses, a gambling addiction or financial problems.
Risks in shipping
Be it a problem on the shore side or on board the vessel, shipping companies may be vulnerable to data theft, fraud and even pirate attack if key personnel carelessly or deliberately act against the company’s interest. Following numerous piracy attacks in West Africa as well as South Asia, it has become increasingly clear that some incidents may have been facilitated or assisted by persons who are meant to work for the ship owner. Organizations such as ReCAAP Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia — have started to warn about the risk of crew involvement. Additionally there has been a reported incident of an insider on the shore side assisting in an attempt to divert freight payments using illegitimate bank account details through apparently “legitimate” emails appearing to originate from the ship owner to counterparties.
How to guard against the risk
There are warning signs that an employee might be committing cyber crime. Some of these signs include working odd hours without authorization; disregarding company policies about installing personal software or hardware; taking short trips to foreign countries for unexplained reasons; buying things they can’t afford; and taking proprietary or other information home in hard copy form and/or on thumb drives, computer disks or email.
However, you can’t let your guard down when an employee leaves the company, voluntarily or involuntarily. Strict termination procedures should be in place to ensure that all network access privileges are terminated immediately.
Likewise, just as a company employs security guards to monitor the parameter of a building, to check IDs, to log who enters and leaves, to watch security monitors, or to implement the ISPS Code regulations on board a vessel, the same precautions should be taken for data.
For example, if an employee is logged in from her work computer and the same credentials are used to log in from an external location, a red flag should immediately appear. Similarly, if an employee is uploading or downloading a large amount of data for the first time, those responsible for data security should be alerted.
Other recommendations include:
What to do when fraud is suspected
Whether it stems from a disgruntled employee, a mole planted by an organized crime gang or a sophisticated hacker, when an information security issue is discovered, the proper response depends on first ascertaining:
To avoid spreading malware throughout the network or destroying the trail of evidence, the organization and its IT department should not try to “fix” a suspected problem on their own without the assistance of experts. Experienced cyber security investigators are skilled in conducting interviews and retracing the behavior of people who had access to protected information. Likewise, computer forensics and data recovery specialists help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation.
Because time is of the essence when a breach is uncovered or suspected, establishing a relationship with an incident partner before a cyber attack occurs ensures you will have the experts of choice available to respond immediately to your situation.
Conclusion
Whether large or small, specialist or global player, everyone in the shipping industry will benefit from a greater awareness and preparedness to deal with the challenges of modern IT-assisted fraud in the 21 century.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
When organizations worldwide need intelligence, insight and clarity to take decisive action, they rely on Kroll.
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.