SANS Institute recently released a new cybersecurity trends report that focuses on the latest security hygiene and common success patterns that will prevent organizations from falling victim to cyber breaches.  Those behind cyberattacks find new ways to exploit vulnerabilities on networks and systems on a global level.  This is particularly true for the maritime industry.
Three trends in the threat arena will be particularly relevant in 2017, including:

• Known vulnerabilities continue to dominate.  While attacks that exploit zero-day vulnerabilities tend to get the most press coverage, data shows that attacks that exploit well-known vulnerabilities cause the vast majority of damage to businesses.  80% of cybersecurity attacks exploit known vulnerabilities.  The quantity of zero-day vulnerabilities will increase simply because of the increasing number of products and operating systems that will be in use.
• Breaches aren’t the entire story as ransomware attacks show high growth.  At the start of 2016, ransomware attacks occurred across the world approximately every 20 seconds. By the end of September, the attacks increased to every 10 seconds. On the business side, one in five small and medium-sized businesses that paid a ransom never got its data back.
• Fourth-party attacks are increasing as attacker trends are moving further out in the supply chain to include subcontractors, outsourcers and more.

On the business side, the report noted that organizations are dealing with the continued adoption of mobility and cloud computing in addition to security concerns related to Internet of Things (IoT) devices, which are expected to quintuple in the next decade.  These trends require security programs to implement new architectures, processes, controls and skills to maintain acceptable levels of cyber risk.

What is the relevance to maritime?  As a growing number of key shipboard systems are now becoming digitized and interconnected, cybersecurity is an increasingly important part of maritime risk management.  Robust cybersecurity, in terms of both technological systems and human behavior, will therefore be critical.

Moreover, the use of off-the-shelf components and big data within autonomous maritime systems means that hackers can leverage their familiarity with the technology. With maritime networks increasingly resembling office networks, all the skills hackers have acquired targeting traditional IT systems can be brought to bear on the shipping industry. Moves toward connected shipboard systems are already increasing cyber risk. By July 2018, all ships will be required by the International Maritime Organization to use the Electronic Chart Display and Information System. Relying on internet-based software and updates, this GPS-based system is clearly open to digital corruption.  Therefore, staying on top of newly released software and hardware vulnerabilities and patching security holes promptly are very important. Regular system upgrades will be vital to avoid obsolescence.

Technology changes rapidly, and the adoption of new technologies invariably brings new vulnerabilities that enable new threats. Understanding and anticipating emerging technologies is a key element in successful security programs, even in the maritime industry. Cyber security trends clearly show that attacks on networks and systems will continue, and many will succeed.

About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration.  For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.