Thu, Apr 2, 2020

Stacy Scott Discusses the Need For Cyber Security on the High Seas

In 2019, James Fisher and Sons (JFS) joined a growing list of marine service providers that fell victim to bad actors who breached their computing system. While the maritime space might not be a traditional prime target, Stacy Scott, Managing Director in Cyber Risk practice of Kroll, a division of Duff & Phelps, said to Insurance Business America, “I have done assessments on oil tankers and different ships, and seen the technology they use. It’s old and not kept up to date because it hasn’t had to be, but also when they do have connection to the internet, they have a lack of controls. That means they could download anything, which could then be transferred to their charting system, which is not only the map on how to get from point A to point B, but are there storms, are there things you want to avoid that could have a catastrophic effect?”

Marine organizations need to stay vigilant for the data that a ship or port holds in its systems that might not be financially sensitive or personal, but could be operational, or intellectual property. As companies within the sector start to think about cyber security, Stacy advises that organizations should make a checklist for on-ship staff to check that systems are up to date and configurations are still the same, and to make sure people are logging off and not leaving open personal email sessions in their browsers. She further highlights that while we may not be able to protect every aspect of our system, we should focus on detection and containment. 

Read the full article here.

 


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Data Protection Officer (DPO) Consultancy Services

Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.


Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.