Cyber Resilience Planning for Maritime & Logistics Companies

Most organizations already recognize the importance of cyber security protection and monitoring. They devote the bulk of their security resources to these activities.

Cyber resilience, however, is often overlooked. Businesses today too often become overly confident in their defenses, and fail to make a plan for what happens when the cybercriminals do get through.

That’s a huge mistake, because unmitigated attacks can lead to huge financial losses. The average cost of a breach is about $3.8 million, according to IBM. And the larger your business, the more you can expect an attack to cost you. Billion-dollar enterprises can easily lose millions of dollars per day if cyberattacks disrupt critical, revenue-supporting systems – such as those that drive logistics operations in the maritime industry.

Components of a cyber resilience strategy

Protecting your business against risks like these requires making cyber resilience a top-tier part of your overall cyber resistance strategy.

In practice, cyber resilience means having a plan, involving specific procedures and practices, allowing you to respond quickly and effectively to attacks when they happen. Instead of expecting to formulate a response plan once you discover a breach, you should develop playbooks that define how your organization will respond to different types of attack scenarios. This will enable your organization to keep running (in some capacity), minimizing operational and business downtime as much as possible.

Just as important is practicing those playbooks ahead of time by performing cyber drills. You don’t want to wait until an attack is underway to discover that your playbook doesn’t address a critical requirement or requires resources or communication channels that you didn’t identify beforehand.

Ultimately, the goal of cyber resilience should be to build the capability to manage all aspects of a cyber crisis to reduce business disruption, while maintaining a certain level of operational continuity and customer support even during an active breach. Doing so means not just addressing the security incident in a technical sense, but also working with all stakeholders across your organization to keep business processes functioning.

Cyber resilience means having a plan, involving specific procedures and practices, allowing you to respond quickly and effectively to attacks

The goal of cyber resilience should be to build the capability to manage all aspects of a cyber crisis to reduce business disruption

Why cyber resilience is even more important today

Cyber resilience has always been critical, but in the era of Covid-19,
cyber resilience has assumed unprecedented importance.

Additional Risk:

Cyberattacks against ports, shipping and logistics companies have surged during the pandemic – by rates as high as 400 percent.

At the same time, the increased complexity of the global supply chain – and the critical role that maritime companies have played in keeping goods moving during the pandemic – has upped the risks and potential financial losses associated with cyberattacks against the industry.

400%

Cyberattacks against ports, shipping and logistics companies have surged during the pandemic – by rates as high as 400 percent.

More at stake:

The global footprint and highly dynamic nature of logistics businesses also makes cyber resilience especially important for these businesses. Unlike industries where cyberattacks primarily affect only software resources, security threats in the maritime and logistics business can additionally disrupt critical physical systems. Those systems are often more difficult to recover following an attack, as you can’t simply replace them with new instances or log into them from a remote location, as you can with compromised software resources.

Security threats in the maritime industry can disrupt physical assets, which are more difficult to recover.

Greater complexity:

Of course, many systems in maritime businesses consist of both physical and digital components, which are integrated into sophisticated systems that require complex software to operate. This combination of physical and digital resources creates a broader attack surface. This makes attacks even more difficult to prevent and makes cyber resilience even more important as a means of mitigating the risk that threats pose to business operations.

The combination of physical assets and digital resources creates a broader attack surface.

Embracing cyber resilience:
A step-by-step guide

An effective cyber security strategy is founded on three main pillars:

1

Prevention

The most basic step in maritime cyber security is to prevent as many attacks as possible. You can’t stop all the attackers all of the time, but you should deploy the tools at your disposal – like access control protections, end-to-end encryption and OS-level hardening tools (like AppArmor or SELinux) – to make it as hard as possible for attackers to breach your environment.

2

Monitoring

No matter how many layers of protection you put in place, it’s a safe bet that the cybercriminals will be constantly probing for weak points that allow them into your environment. That’s why it’s critical to monitor your IT estate continuously for signs of breaches and attempted breaches – such as portscans against your network or unusual traffic patterns.

3

Resilience

No amount of investment in cyberattack prevention and monitoring can guarantee that the attackers will never get through. You’re always at risk of oversights that leave gaps in your defenses, or of new types of attacks that you just didn’t anticipate and therefore didn’t protect against. Resilience allows you to mitigate the impact of a successful attack once it is underway, to get back on your feet as quickly as possible.

Given the tendency of most businesses to focus on cyber security protection and monitoring rather than resilience, integrating the latter into cyber resistance strategies requires a deliberate, multi-step process, extending across the organization.

5 steps to change
your mindset

The first step is philosophical: Businesses need to adopt a mindset that focuses on cyber resilience, rather than protection and prevention.

This doesn’t mean you shouldn’t do your best to prevent attacks. You certainly should. But you need to shift your thinking in a way that assumes that attacks will inevitably occur – and that preparing to mitigate attacks once they are underway is the best means of protecting your business.

There is a paradigm shift behind resiliency that needs to happen; from after an attack to before, from passive to active, from operations shut down to running alongside the attack. This shift is a different view of cyber risk and while being challenging, is a change that needs to happen.

1. Make cybersecurity everyone’s concern

Cyber resilience requires coordination between a variety of stakeholders:

  • Technical teams
  • Customer support teams
  • Operations teams
  • Executives and more

This makes cyber security a collective, organization-wide responsibility. In other words, businesses shouldn’t leave it to the CISO or a team of cyber security experts to build company resilience. Everyone needs to be plugged into resilience planning and cyber drills – all hands on deck!

2. Invest in preparation

Building cyber resilience is about much more than just ticking boxes or setting up certain tools. You need instead to develop a comprehensive plan that addresses how you’ll shift from business-as-usual operations, to emergency operations during a cyberattack. You need to designate a crisis management team, processes for maintaining communications even if systems like email are disrupted by an attack, plans for disclosing the breach to partners and customers and so on.

3. Develop contingency measures

It’s not always possible to resolve a cyberattack immediately or restore access to disrupted systems quickly. To address this risk, you’ll need a contingency plan that defines how you’ll work around disruptions to critical systems and maintain operations, even if some of your digital or physical resources are compromised by attackers. Don’t settle for a resilience plan that assumes you can remediate an attack quickly.

4. Involve management in crisis planning

All members of the organization have a role to play in resilience planning – including managers. The best way to involve managers is to have them perform cyber crisis drills that demonstrate the impact of cyber incidents on their business and allow them to practice the role they will plan in responding.

5. Leverage third-party expertise

Many businesses lack the in-house expertise required to formulate and optimize the complex components of a cyber resilience strategy. For that reason, it’s wise to consult a third-party expert – one who understands the maritime sector and has experience managing real-world cyber security incidents in this space.

Optimizing cyber resilience

Optimal cyber resilience plans minimize risk, strengthen organizational processes
and ensure that when an attack happens, recovery is as fast as possible, with
minimal disruption to business.

There are four stages to building an optimal resilience plan:

1.

Assessment

Determine where your greatest risks lie and prioritize response plans based on them.

2.

Planning

Formulate plans that are flexible enough to handle different types of attacks, yet also precise enough to mitigate disruptions effectively.

3.

Practice

Run cyber drills to ensure that your plans work as required, and to develop “muscle memory” that helps your teams react swiftly to emergencies.

4.

Respond

When an attack occurs, use your plans and drills to respond quickly and effectively.

Don’t forget cyber security drills

Of these four stages, perhaps the easiest to overlook – or underinvest in – is practice.

Don’t make that mistake. Cyber drills are the most effective measure to make sure that cyber security is perceived as not just a purely technological issue, but a shared responsibility for which all members of the organization are accountable. In turn, they ensure that your organization can connect cyber security risks to business risk, and mitigate them accordingly.

Drills also allow you to test current plans and capabilities in order to develop the muscle memory

Cyber drills are the most effective measure to make sure that cyber security is perceived as not just a purely technological issue, but a shared responsibility for which all members of the organization are accountable.

Drills also allow you to test current plans and capabilities in order to develop the muscle memory that ensures you can react as rapidly as possible when threats arise. You won’t waste time reading through playbooks or figuring out details because you’ll have committed that data to heart during cyber drills.

Finally, cyber drills allow you to expose existing gaps within response playbooks and operational continuity capabilities. They let you discover ahead of time that you “didn’t know you didn’t know” about certain risks or challenges.

How Cyberstar Can Help

Most companies devote the bulk of their cyber security resources to attack prevention and monitoring.

But ideally, an equal share must be invested in cyber resilience. There’s no such thing as complete protection against attacks, but there is such a thing as being well prepared to respond when a successful breach does eventually occur.

By helping develop and practice cyber resilience strategies, Cyberstar’s consultants help ensure that your organization can rebound quickly following an attack. We help you create the procedures and contingencies that harden critical processes, then work with you to create a structured methodology for navigating cyber incidents.

There’s no such thing as complete protection against attacks, but there is such a thing as being well prepared

Menu