Page 15: of Maritime Reporter Magazine (December 2017)

“

According to Vircom (2017), human error was responsible for 52% of data and security breaches. Thus, humans are the weakest link in any organizations’ defense-in-depth strategy. error was responsible for 52% of data working sites that they do when they are Antwerp. The drug smugglers used this and security breaches. Thus, humans are faced with the fence. The phrase “out of access to locate the shipments within References: the weakest link in any organizations’ sight, out of mind” can ring true and have the port and have their own drivers pick

Brooks, Chuck. April 5, 2017. De? n- defense-in-depth strategy. For recent serious consequences if end users are not them up. According to Trend Micro, this ing and Addressing the Growing Cyber noteworthy examples of how humans well educated. Security awareness needs attack could have been much worse if

Insider Threat. Retrieved from https:// can wreak havoc, users can turn their to be brought to their attention in various the hackers decided to manipulate Auto- www.alienvault.com/blogs/security- attention to the NSA and CIA. The cul- forms because all end users learn differ- matic Identi? cation System instead. This essentials/de? ning-and-addressing-the- mination of these malicious insider at- ently. A successful cyber security pro- could have caused signi? cant physical growing-cyber-insider-threat. tacks landed numerous sensitive docu- gram must include a strong educational and economic damage.

ments and hacking tools on Wikileaks, component on proper use, but it must

Verizon Enterprise. 2017. 2017 Data which is an organization that publishes bring about awareness of consequences Finding the Right Formula

Breach Investigations Report, 10th Edi- news leaks, sensitive information and that are as clear as the fence. It is evident that the current security tion. Retrieved from http://www.verizo- things alike. If malicious insiders are We are taught from a very young age formula is inadequate for the future nenterprise.com/verizon-insights-lab/ not enough to get an organization’s at- not to accept candy from a stranger, but of maritime cyber security. Perhaps a dbir/2017/.

tention, think about when an employee we continually open emails and attach- strong cyber security awareness train- who prepares taxes for someone wants ments from people that we do not know. ing program that links behavior to con-

MTI Network. Taking Maritime Cy- to take work home with them via a USB We understand that the candy could con- sequences might prevent the next Not- ber Security Seriously. Retrieved from drive, but drops the drive in the park- tain poison and make us sick, but we Petya cyberattack or drug smuggling http://www.mtinetwork.com/taking- ing lot. Accidental insider breaches can rarely think about the implications of operation in your organization. Adding maritime-cyber-security-seriously/.

cause an organization to lose a tremen- opening the email or attachment from that education piece to the de? nition of dous amount of money because of the the stranger because we cannot link the security will only strengthen the overall

Vircom. February, 2017. The Human carelessness of their employees. consequences to the action. This was ex- security posture of maritime organiza-

Factors in Cyber Security and Preventing empli? ed in the Port of Antwerp case, tions. In the end, the fence is only useful

Errors. Retrieved from: https://www.vir-

The State of Cyber Security where drug smugglers recruited hackers if people know its purpose.

com.com/blog/human-factors-in-cyber-

According to the 2017 Verizon Data that used phishing techniques (infected security-preventing-errors/

Breach report, more than 800 breaches emails) to successfully gain access to the

SECURITY = HARDENED TARGET + that occurred in 2016 were the result of digital tracking systems for the Port of

PERIMETER DEFENSE + EDUCATION a social attack, such as phishing. Phish- ing relies on the end user to click a link, download an attachment, or someone disclose data that normally would not be made public. Not only are hackers sending phishing emails to steal pass- words, they are packing the emails with malware that can tear through a network undetected. Over half of all breaches in 2016 included malware. In June of 2017, the NotPetya cyberattack hit the Maersk

Line, APM Terminals, and Damco. This cyberattack has been estimated to have cost the company up to $300 million.

These are the threats companies are tak- ing, and without the proper education, end users will not be equipped with the necessary knowledge needed to help stop such threats.

Actionable Security Awareness

The human security risk is very real, in part because of the lack of education and training about cyber security. This is exacerbated by the lack of perceived consequences for violating cyber secu- rity. Cyber security professionals have to keep in mind that typical end users do not see the same consequences in check- ing personal email or visiting social net- www.marinelink.com 15

MR #12 (10-17).indd 15 MR #12 (10-17).indd 15 12/6/2017 11:15:50 AM12/6/2017 11:15:50 AM