Lloyd's Register
The American Club
Panama Consulate
London Shipping Law Center
Home HRCommunication Cyber Security in Action

Cyber Security in Action

by admin

Andrew Fitzmaurice (left) and Alan McCarthy.

Cyber Security in Action – IMIF hears of fight against attacks on businesses

A stark warning of a new plague of technology-enabled criminal attacks on companies and individuals was delivered to an audience of maritime executives, financiers and lawyers in London. Covert ploys by attackers include a revival of traditional tricks such as the ‘honey trap.’

Unscrupulous gangs and nation states are exploiting careless entries on social media and surprisingly sloppy failures to secure physical offices and data, said Andrew Fitzmaurice, chief executive of Templar Executives.

A challenge to the IMIF audience

He was speaking to a meeting on April 5 2017 of the International Maritime Industries Forum. The event was hosted by international law firm Watson Farley & Williams.

Templar Executives is a London-based group that advises FTSE 100 companies and other interests on implementing a holistic approach to their cyber security programmes to fend off system breaches and lapses, innocent and deliberate, by outsiders and employees.

Mr Fitzmaurice said that the maritime sector was among industries that needed to give greater priority to cyber security. A major factor was the human element, which tended to be forgotten. For instance, “good old-fashioned honey traps are coming right back into fashion,” he declared. Honey traps refer to the luring of people in possession of valuable information or influence into compromising situations or relationships so that they are vulnerable to extortion.

The connected (and hacked) universe

Alan McCarthy, a veteran expert in marine finance and investment, who chaired the IMIF event, had expressed doubt whether cyber security was yet taken fully on board by the shipping industry. He said that what was known to the public about this matter was the tip of the iceberg. On the day of the meeting, a joint report from the UK National Cyber Security Centre, BAE Systems and PwC had referred to alleged widespread theft of intellectual property of global companies by state-sponsored hackers in China. This was said to have put even Kremlin hackers in the shade.

Mr Fitzmaurice agreed that “the Chinese, Russians, Iranians, everybody is trying to get into our systems all the time.” He urged his audience to remember that implementing cyber security was “just part of good business.” He said: “It affects every element of your business. It also says the government cannot do this by itself.”

IMIF networking.

He praised the UK as one of the first countries to have a national strategy on cyber-crime. The country had “put our money where our mouth is,” and since 2011 had been quite successful, he said.

He emphasised the role of the National Cyber Security Centre, which was officially opened by the Queen in February 2017, as part of a £1.9bn budget up to 2020 to combat attacks. The centre is a part of the UK government intelligence and security organisation GCHQ, and Mr Fitzmaurice quoted its leader Ciaran Martin, on its aim to “make the UK the safest place to live and do business online.” The NCSC is tasked with responding round the clock to businesses reporting or suspecting serious cyber breaches. The outreach includes educating 14 to 18 year olds on the problems.

Mr Martin has said: “We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet through technological improvement and advice to citizens and organisations.”

Watson Farley & Williams building.

The internet was unregulated, Mr Fitzmaurice underlined, and was “just going to grow.” In India, prime minister Narendra Modi was keen for the entire population of 1.2bn to be connected by 2020.

Every organisation needed to review its cyber-resilience. Damage by criminals, hackers, hacktivists, spies and employees could among targets hit a company’s share price. The tools for an attack could be bought for a few dollars on the internet.  “The temptation to use them for a nefarious purpose is too strong for a lot of people,” but innocents and insiders could be the biggest threat.

Criminals could pick up a mosaic of information sent between colleagues, for instance clues could be put together to learn when a maritime company was going bust.

Mr Fitzmaurice showed a photo of a shipping company operations room where staff were absent, equipment was left accessible, wi-fi unsecured, a draft manifest was in the waste bin, there was information about ship movements and a live feed on the position of vessels in the Middle East Gulf. “We tend to get fixated about a ship being taken over. Far better to protect the details about your insider database,” he commented.

A company should be careful to observe employees who might be unsettled: a typical insider who might commit cyber-crime was a male of 31-45 years old going through a mid-life crisis. Managements should ensure that information at all levels was being secured properly.

Mr Fitzmaurice expressed considerable concern over the use of social media sites, which were an open door for the miscreant to troves of information. People who gave their details to such sites were risking impersonation. A single entry on one of the major sites had been replicated under false identity 17 times, “so social media is the way [fraudsters are] going to attack you.”

Watson Farley & Williams: good storeys.

A video-clip of customers buying take-away coffee showed that they were unaware that identifying themselves even by just their first name was letting slip “data to go.” One client was about to give his name, when he was stunned to be told by the assistant: “We know everything about you.”

Another video was filmed on a shopping street. Random interviews as shoppers passed by showed how readily people divulged their passwords to strangers – and the passwords themselves (names of dogs, grandmothers, password1234) showed a sorry naivete.

The Templar Executives chief illustrated the power of technology giants and others to gather detailed information about individuals. How many people waded through the “terms and conditions” they were asked to sign? Accepting them meant “you are going to sign over virtually everything you have got.” Too often smart phones, which could collect information and divert it to ‘the cloud,’ were taken on to the bridge of a ship and other critically-sensitive areas. In this context, he advised strongly against anyone being allowed to take smart phones into a company boardroom.

The ‘dark net’ was another area of huge worry. Organised crime was so involved in the deep web that it even had its own KPIs (key performance indicators) for its nefarious practices.

Normal due diligence was not enough. “Who watches the watchers? Who watches the administrators who have all the access to your ‘crown jewels’.” Those men and women, and those who moved jobs within an organisation might have the opportunity to commit systematic fraud.

Despite initiatives including a cyber summit by BIMCO in November 2016, the maritime industry was “not doing all that much about it,” and unfortunately it was not alone, although the bar to instilling effective policies was high. “There is a little bit of ‘it is never going to happen to me,’ an attitude that is not unusual. I think the maritime sector has just got lucky so far.”

Thanking Mr Fitzmaurice for his wide-ranging survey of the risk landscape, Mr McCarthy said that with shore people loading information on lap-tops, containers being handled by computer systems and companies dealing with millions of pieces of data, it was vital that the shipping industry which was a linchpin of global trade should not be compromised.

He thanked the hosts for the event, Watson Farley Williams, for their welcome and hospitality. For several of the guests, it was their first visit to the elegantly-refurbished client meeting and conference area of the Appold Street office.

Among his contributions to promoting high standards of cyber-defence, Mr Fitzmaurice established a Cyber Academy whose courses are accredited by GCHQ, the Institute of Information Security Professionals and the Chartered Institute for IT. His background includes 18 years in the military specialising in air command and control.  Collaborative projects encompass the members of the Cabinet Office, GCHQ, other government departments and the private sector. Templar Executives was named as Cyber Security Firm of the Year 2015 by European CEO magazine.

You may also like

Leave a Comment