There is a human factor when it comes to cybersecurity and this also holds true in smart port environments. Human error is the leading cause of data and security breaches and estimates suggest it is responsible for 52 percent of such incidents. How a port prepares its workforce to respond to and defend against a cyber incident is therefore vital.
It Takes Smart People to Plan
It has been said that good institutions put their best people in operations, and great institutions put their best people in planning. Comprehensive incident response plans make your port more resilient. This holds true for both physical and cyber incidents. By planning for ‘when’ cyber incidents happen, you can take steps beforehand to ensure that environmental, commercial, and safety impacts are kept to a minimum. Cyber incident response plans allow for rapid and effective procedures to detect an attack and handle an incident accordingly. Examples of such procedures might include predetermined actions to shut down/isolate impacted systems, communication plans, planning for alternative electrical supply, alternative truck routes in and out of the port, moving your IT services to the cloud versus local servers, or having remote work plans for your employees in case they are unable to reach the port. In general, a cyber incident response plan will have the following elements:
2) detection and analysis
3) containment, eradication, and recovery
4) post incident activity
Smart planning allows your organization to have predetermined action plans, adequately operate when a cyberattack is in progress, analyze an attack post-incident and finally reconstitute operations. Smart plans such as this make your port more resilient by preventing your entire port from being affected by a cyber failure and allow you to continue operations with minimal disruption. Include your workforce in response drills and table top exercises to prepare them for a potential cyber incident.
Smart People are the Best Defense Against Cyberattacks
Before a port implements any cybersecurity solution(s), it must first implement smart policy on how it will protect IT and data systems. Smart security managers understand the cybersecurity is not a single, drop-in solution. Rather, it is a matter of layering protections to address vulnerabilities from different vectors. A smart policy must start with identifying what systems are vulnerable to cyber risk and how. It should then address cyber hygiene and daily measures employees must take as mandated by the smart policy to minimize vulnerabilities. This could include specific policies for social media, internet, and emails, use of removable hardware or USB drives, and password security. Cyber hygiene can prevent or avoid many cyber risks, but those best practices must be taught. In other words, leadership must make their people smarter on vulnerabilities and make them part of the cyber hygiene solution, rather than a vulnerability.
A regular, systematic training program of cyber hygiene best practices for your employees will make them cyber smarter. This in turn will make your port smarter and more resistant to cyber failures. Investing in training can reduce the risk of a breach by as much as 70 percent. Introducing such training during the onboarding phase is the first and most effective way to set the tone with new employees. Refresher training should be a regular occurrence, but it is important to note that ‘tick-box’ training has little effectiveness. Collaborative and active learning with real-life examples is the better approach. Depending on how refresher trainings are implemented and the frequency, additional reinforcement may be needed to keep employees’ awareness of vulnerabilities and policies sharp with newsletters, posters, and email reminders.
By implementing a strong awareness and training program for good cyber hygiene, you make your people smarter in securing your IT and data systems. Rather than a situation where you have 99 vulnerabilities and one cybersecurity manager, you can create a smarter culture of one cybersecurity manager assisted by 99 watchdogs.
Ports looking to get smarter must consider potential cyber risks and how its workforce plays a role. With adequate planning and a knowledgeable workforce defending against potential cyber incidents, any port can consider themselves cyber smart.