Cyber security is a hot topic right now across many industries. With the recent guidelines issued by the major industry associations, cruise companies are having to revisit, or in many cases develop, their methods for preventing security breaches. However, it is a daunting task, and in many cases reading through the guidelines issued can raise more concerns for many companies.
This guide will talk through how and why to ensure you have cyber security in place, as well as helping those with security already in place to ensure it remains up-to-date.
WHY DOES IT MATTER?
Firstly, Cyber security is not an IT issue, it is a business issue and is ineffective if not fully understood and backed from CEO level down. A targeted cyber attack could close your business down, ruin your reputation or leave you with severe debt due to large fines.
Cyber Attacks usually have one of 4 main functions.
- To cause major disruption to normal operations
- To steal large amounts of data and personal information
- To setup a ransom demand to release data
- To steal money from your bank or from Credit Cards
The more devices that are connected to the internet leads to more cyber crime requiring more cyber security to defend ourselves. It should also be noted that Cyber Crime is personal: you, your family, your business, your employees and your clients are all under attack. The Internet of Things (IoT) will generate 50 billion devices connected to the internet by 2020 and every one of these has the potential to be hacked and attacked. These devices control our physical lifestyle meaning when hacked can actually cause injury and possibly death. Previously the threat was commercial or reputational.
WHAT DOES THIS MEAN IN CRUISE?
Cyber security is a threat to all organisations of every shape and size. The on land operations are threatened in much the same way as any other business. The cruise industry also has a unique setup on board that needs to be protected.
In a world where we are becoming more and more connected, cruise ships have had to ensure good internet access on board cruise ships for its passengers. This means that whilst out at sea, users are accessing a whole host of sensitive data from their own devices, including online banking and email services, for example.
It is important to realise that cyber security attacks are not always specialised attacks on a company or individual. The most common breach is caused by someone with legitimate access to data allowing that to fall into the wrong hands, either by sending something to the wrong person, often accidentally, or by misplacing a phone or laptop on board.
Add to that, the credit card details stored in the on-board Property Management systems on cruise ships, or the numerous credit card transactions, which take place on board ferries, registered throughout various pointof-sale locations, such as in shops, bars, and restaurants. In both these environments, even with PCI compliance, the POS devices or the PMS solutions are still open to attack.
WHAT CAN I DO?
So now we know cyber crime is occurring and where it is occurring, what should we be doing about it?
Ensure there is an agenda point on each Board Agenda and each Senior Management team agenda to review and report on the Cyber Security Status.
This is critical as it proves the decision makers and key stakeholders understand and recognise the threat.
If this item is not on the agenda, get it on there and employ an expert to explain the threats in the context of your business.
Do not assume your current IT team are experts.
Use your Cyber Security expert to run workshops to interview the IT team from CIO down to find out what they know and then produce a Cyber security knowledge gap analysis.
Implement the recommendations
This is critical as Cyber Security reports often look like they were written by a purveyor of Doom however all of the gaps identified are potential entry points to your systems. Usually these gaps are risk analysed and can be dealt with in risk order.
As long as you require internet connected devices and systems you have to be persistent with keeping the Security up to date.
Cyber threats are changing daily and your protection software will help to ensure devices are protected if they are kept up to date. What is really important is to ensure that you budget for IT and software development includes enough to ensure that the security element is catered for.