Maritime companies can no longer be passive when it comes to cybersecurity, and applying software patches and updates must be a top priority. Again, the Petya cyberattack from late June specifically targeted specifically exploited vulnerabilities within unpatched systems and networks. It has taken weeks for Maersk’s ship and port enterprise to fully return to normal operations, and analysts suggest that the attack will cost the company $50 million.
Vulnerabilities and other exposures can leave organizations and users susceptible to compromise or attack, according to Cisco. Weak security practices, such as not moving swiftly to patch known vulnerabilities and leaving infrastructure and endpoints unmanaged, must be addressed before they become impossible to manage. In its 2017 Midyear Cybersecurity Report, Cisco discussed increases in client-server vulnerabilities over the past year. The increase was more prominent in server-side vulnerabilities because hackers have realized that by exploiting vulnerabilities in server software, they can gain greater access to enterprise networks.
This realization is troubling for maritime companies because a majority are not applying patches to fix such vulnerabilities. Cyberkeel, a maritime security firm, conducted a survey in 2014 following the Heartbleed and Poodle data encryption cyberattacks using a sample of ports and shipping lines. The results, as was the case a 2016 IHS Fairplay survey, were sobering: 70% of the sample had not used the patches to protect their systems. Following the Maersk attack, Cyberkeel repeated the survey and found that after two-and-a-half years, 10% of lines and 20% of ports had still not applied the patch protection against Heartbleed and Poodle. Moreover, 44% of the top 50 lines displayed weaknesses in their cybersecurity.
Gnostech’s VulnX solution can help maritime companies protect their systems from cyberattack exploitation. A cloud-based automated patch management solution, VulnX is designed specifically to address cyber challenges in the industry’s operational environment:
- Automated, cloud-based solution that deploys published patches and remediates software and system vulnerabilities
- Secures systems against cyberattacks without interference to mission critical operations
- Applies select patches and upgrades to specific across assets and facilities
- Allows you to easily review and assess your organization’s security posture and compliance levels
- Customizable solution to meet specific organizational needs and requirements
- Designed for use in the maritime industry and environment
With regards to his firm’s surveys, Cyberkeel CEO Lars Jensen concluded, “There were areas where Maersk’s contingency could be improved, but Maersk is one of the few [maritime] companies that is assigning resources to the problem.” He said it should serve as a warning to vessel operators that are less equipped to deal with a cyber breach. An automated patch management solution should be in the arsenal of every maritime company that is not already applying resources to mitigate cyber risk, and VulnX can suit those needs.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.