Question

Using a Web search engine, find an article from a reputable source, published within the past six months, that reports on the risk coming from inside the organization compared to the risk coming from outside the organization. If the article notes that this relative risk is changing, how is it changing and to what is the change attributed?

Answer 1

I found an article titled, Cyber Security at Sea: The Real Threats which appeared on the Maritime Executive’s website. The article addresses the internal and external cyber threats in the maritime landscape. External threats include phishing and spear phishing. Also, hackers breaching into the network to take remote control of the vessel. The article points out that the most prevalent threats to maritime cyber security are internal threats. “Rather, the real threats on the water come from a lack of crew training and awareness and a culture which turns a blind eye to crew using their own devices at work and plugging them into ship systems to charge them, thereby possibly releasing a malware they may have been inadvertently carrying onto the vessel.” The article also references a survey done by the Maritime Association to its members. The survey shows that only 66% of organizations surveyed had an IT security policy in place. Only 47% consider their staff to be a security risk. As a result, there is minimal security awareness training. The security changes that the article spoke of was the upcoming enactment of the GDPR. The General Data Protection Regulation is a mandate handed out by the E.U. GDPR requires any entity that collects data from citizens of the E.U. to have strict control of the data. The GDPR will have a huge impact on the maritime industry due to the lack of IT security provisions in place.