Page 24: of Maritime Reporter Magazine (February 2025)

DIGITALIZATION © photostockatinat/AdobeStock

CYBER SECURITY

Technical Security alone is not a solution; Human

Factors have a critical role in managing cyber risk.

By Angeliki Zisimatou, Director of Cybersecurity Research for ABS egardless of size, nature of business or company that control anything from port cranes to a ship’s engines or position in the energy supply chain, if your busi- navigation systems. Each port might have different systems ness utilizes IT/OT operations, a cyber-attack may - a container terminal for example, will have more systems

R occur. Threat actors seek vulnerabilities to breach supporting the movement of shipping containers, whereas a systems security and networks, aiming to gain access to data cruise terminal will be focused on supporting the movement for a variety of reasons, including potential ? nancial extortion of people. As new technologies are developed, they are often and ? nancial gain. The urgent realization is that cyber-attacks added as enhanced ‘bolt-on’ functionality to legacy company are high risk situations that may occur at any moment, and systems, yet these additions often lack the rigorous security cybersecurity cannot be achieved by software solutions alone. testing applied to secure-by-design systems. These systems

Angeliki Zisimatou is ABS’s Director of Cybersecurity and are often connected to the internet to provide stakeholders is responsible for leading ABS’s efforts through the participa- with remote access to control the systems. While the increas- tion in cybersecurity and autonomous research projects and the ing digitalization and automation of systems and processes development of ABS’s rules and guides. In this article, Ange- may deliver the opportunity for greater ef? ciency and com- liki reveals why training and the human factor element are key petitiveness within organizations, it can also create greater cy- components in the battle for ultimate cybersecurity protection. ber risk exposure through increased potential ‘attack surfaces’

Cyber protection is reliant on human awareness and an un- – the ways in which cyber-attackers can penetrate systems. derstanding of how a single action could escalate a cyber-re- The CISCO Cyber Threat Trends Report 2024 outlines the lated incident. Human intervention backed by training, simu- three most seen threat categories: (1) Information Stealers lations, drills, and robust insights is critical in the journey to (246 million); (2) Trojans (175 million); and (3) Ransomware future-proof your business and its operation. (154 million). Each of these categories had average monthly blocks in the hundreds of millions.

Three Critical Threat Actors As the report highlights, information stealers are malicious

As port facilities and shipping vessels become increasingly programs designed to collect various kinds of personal and interconnected, the risk of cyber incidents continues to grow. ? nancial information from an infected system. Trojans are a

Businesses can be impacted in many ways. Across the U.S. type of malware that mislead users of their true intent. An- there are many ports, terminals and facilities, including ves- other common installation tactic is when a user gets a mali- sels within the commercial, civilian, government, and mili- cious link, like an email attachment disguised as an invoice, tary sectors that have thousands of interconnected systems that once clicked on can enable cybercriminals to spy on you, 24 Maritime Reporter & Engineering News • February 2025

MR #2 (18-33).indd 24 1/28/2025 9:50:48 AM