Cyber security consultants come in all shapes and sizes – so what parameters should you be considering when it comes to finding the perfect consultant to fit your needs in 2022?
With 2021 behind us, companies are looking at their plans for the coming year and cyber security plays a large part in this. Businesses in the maritime and logistics industry need to give serious thought to cyber security with the rise in attacks on the industry.
In particular, clarity over which cyber security challenges you need to solve, and the resources available to you, are key. A good plan also relies on an outside, industry-wide perspective, which is precisely what consultants can bring to the table.
Let’s break this down.
The maritime cyber security consultant’s role
A cyber security consultant is not simply an expert who provides information, guidance and best practices to supplement your business’s existing knowledge about cyber security. The consultant’s purpose is to improve your decision-making, security posture and response capabilities when it comes to managing cyber risks. Most maritime businesses are actively looking to boost internal capabilities and capacity for cyber security and a consultant will get you there faster. All of this should translate into heightened business resilience following a cyber attack.
At the same time, cyber security consultants play an important role in actually implementing the changes they suggest. They serve as project managers, keeping cyber security initiatives on schedule.
It’s important to note that cyber security consultants are not a replacement for internal accountability on the maritime cyber security front. Accountability always remains with your business; consultants are there to help you meet your accountability requirements.
4 tips for selecting a cyber security consultant
It’s not hard to find cyber security consultants — many are just a Google search away. But how do you find the one who is well suited to support your shipping business?
Tip 1: Specialized focus on your industry ( i.e. maritime cyber security)
The best cyber security consultants for you are ones who have experience working within your industry, as opposed to those who only practice cyber security generically. A consultant versed in your industry can deliver the most actionable recommendations. He or she will also be able to dive in quickly, without having to spend a lot of time understanding your business or its operations before preparing advice.
For example, the maritime and logistics industry faces a variety of unique challenges when it comes to cyber security that just aren’t relevant in other contexts. Do you really have the time to start explaining the nature of your business, why your business is particularly at risk, your set up and stakeholders? While every business is unique, much of the industry is set up similarly and suffers from the same challenges.
A consultant who is a veteran in the maritime and logistics industry will save you a lot of time and energy in explaining and understanding your challenges.
Learn more about how Cyberstar can help with your company’s cyber security challenges.
Tip 2: Know which type of cyber security consultant you need
There are two main types of consultants:
- Those who consult, offer advice, and then move on.
- Those who work with you over the long term, and manage implementation in addition to giving advice.
Most businesses will derive the greatest value from the latter type of consultant. Unless you already have deep maritime cyber security expertise in-house, you need a consultant who will walk you through the steps for establishing a strong cyber security posture and cyber resiliency, not just write a report and leave it to you to act on it.
Having a consultant work with your business over the long term has the additional advantage of keeping you on track. They maintain the project’s timeline, managing the project for you, without letting you get sidetracked by your ongoing daily business. While the consultant’s role is to keep you focused on your business’ cyber security, this does not equate to accountability, which remains solely with you.
Tip 3: Look for customized cyber security consultant resources
When it comes to maritime cyber security consulting, one size does not fit all. The tools or processes that work for one business may be wholly inadequate for another, even if the businesses are in the same industry.
Cyber security is a very broad field. There are consultants therefore, who have extensive experience with tactical issues, or operational skills. Having the technological cybersecurity skills does not necessarily qualify them to offer maritime cyber security consulting that reach the strategic, business level. Some consultants try to retrofit their experiences from other industries and do not realize that maritime and shipping companies face unique challenges that require very specific understanding and knowledge of both the threats and potential solutions.
Companies will often request that the consultant who has helped with their technical solutions play a central role in training employees – however this is problematic. Cyber security is a broad arena; there are consultants who are experienced in technological solutions and those who have more tactical and strategic experience. You need to understand which consultant you need for which type of job.
Tip 4: Level of Experience
Anyone can call himself or herself a cyber security consultant; it’s not a regulated title. There are no exams to pass before you can put the label on your LinkedIn profile.
To derive real value, then, you should look for a cyber security consultant who has been around the block and worked in your industry, preferably in multiple roles throughout his or her career. He or she should have ample experience working with companies similar to yours in terms of company size, threat levels, complexity of organization, geographic spread, similar technology infrastructure etc. .
It is not just a matter of industry relevant experience, it is important to work with a consultant who has actively participated in managing a cyber event or has conducted cyber drills. The value of hands-on experience can not be underestimated when it comes to training your own team.
Conclusion
It’s easy enough to find cyber security consultants. It’s much harder to find maritime cyber security consultants who are actually worth their cost, and who can meaningfully move the needle when it comes to strengthening your shipping business’s security posture and resilience.
That’s why it’s critical to look for a consultant who has integrity, whom you can trust and — most important of all — who actually has an in-depth understanding of the shipping industry. When you find a consultant who meets these criteria, you get a trusted, effective maritime cyber security partner.
Learn more about how Cyberstar can help your maritime business:
