What are the biggest cybersecurity threats to yachts, captains, crew, and owners, and what sort of training can increase their defences?
Cyberattacks are increasing in frequency and complexity within the marine industry. Earlier this year, MarineMax disclosed in a company filing that they were the victim of a cyberattack, but they’re not the only victims. Management companies, builders, suppliers, and even yachts have suffered attacks to varying degrees. Unfortunately, most experts believe the maritime industry is about 10 years behind other industries when it comes to putting measures in place to mitigate cyberattacks.
The most common attacks within the yachting industry are ransomware and man in the middle. A ransomware attack occurs when nefarious software is introduced into a computer system, encrypting the files, and taking the system hostage until the hackers receive a demanded ransom payment. A man-in-the-middle attack occurs when an attacker inserts themselves into the communication between two parties, typically via email. They will then use that position to divert money or payments into another account.
Ismael Valenzuela, the vice president of Intelligence and Threat Research at BlackBerry, says they are seeing three major threats globally. Ransomware, infostealers (currently targeting healthcare and financial sectors), and critical infrastructure attacks.
“We have essentially seen an increase in volume, speed, and impact when it comes to attacks in the last few years,” Valenzuela said. “Exploits related to heavily utilized legitimate software such as ConnectWise ScreenConnect, GoAnywhere, and multiple genuine Ivanti products have been weaponized by threat actors at an alarming rate to deliver a whole host of malware to unpatched victim machines.”
These types of threats will continue to evolve as both hackers and cybersecurity companies work to integrate artificial intelligence into their operational models.
“Artificial intelligence is rapidly changing the way we live and work, and this is also true for threat actors. Unique malware is being created and launched at an astonishing rate as generative AI helps speed its development,” Valenzuela said.
Valenzuela and his team at BlackBerry have uncovered evidence that attackers are now using nearly 5.2 unique pieces of malware per minute to target organizations.
As the threat landscape continues to develop, the types of training available for yacht crew are growing with necessity. Several in-person and online training organizations are offering some form of cyber-related training for large-yacht crew. Currently, there is no mandatory training for crewmembers, but experts strongly advise that crew attend either in-person or online training on cyber threats at least yearly.
A unique cyber training tool is making its way into the large yacht market — a cyber escape room. Amy Stokes-Waters has developed cyber escape rooms to encourage crew to work together to solve technical cybersecurity problems.
“Our cyber escape rooms provide interactive learning that makes security awareness training engaging. Through the use of hands-on activities, users are able to experience cyber security in an active environment and receive positive reinforcement, which differentiates it from the often-tedious online learning experiences currently in use,” Stokes-Waters said.
Stokes-Waters has been conducting cybersecurity escape room training in other industries, but is now working with a partner to bring this training to the large-yacht industry. This training provides a unique opportunity for crew to work together as a team to solve a potential issue. It takes about an hour and is a great addition to a larger cybersecurity training course.The cybersecurity landscape will continue to warrant additional training for yacht crew as the threats evolve in regularity and difficulty.
Source: Triton