Cyber Security, Tech

May 12, 2023

90% of cyber attacks start with phishing: How cyber breaches have targeted human error and behaviour

Yep, you read that right, 90% of cyber attacks start with phishing, the fraudulent practice of sending emails or other messages pretending to be from reputable companies in order to induce individuals to reveal personal information such as passwords and credit card numbers.

As of January 1, 2021, all ship owners must comply with IMO Resolution MSC.428(98) in order to continue sailing worldwide. This has been well documented in the yachting industry with integrations into ISM and ISPS Codes, and for good reason.

As security hardware and software has become increasingly difficult to infiltrate, it’s no wonder criminals are targeting the chink in the armour, the user. 32% of all successful breaches involve the use of phishing techniques and despite extensive efforts in security programs to educate users on the dangers of, and methods to spot phishing emails, these attacks remain highly successful. 

Creators of ransomware have been targeting yachts for vast amounts of money recently as they have been slow to respond to the growing risk of cyber attacks. With smaller vessels unlikely to employ an ETO or AVIT engineer onboard to create a secure cyber environment or take daily backups of their core servers, it’s much more easy for these yachts to just pay to the ransom to resume normal operations.

I’ve personally heard of ransoms as high as €1 million to regain access to infected core systems which brought the internal IT network of a 50 meter yacht to its knees last year. To make it worse, it was during an owners trip.

cyber attacks start with phishing

The ransom was paid almost immediately but it most likely could have been avoided by teaching a few key principles to all crew onboard, regardless if they’re using boat supplied equipment or their own devices, the same rules apply:

  • Beware of phishing emails
  • Use anti-virus protection & a firewall
  • Use Strong Passwords & Use a Password Management Tool
  • Keep Your Software Up to Date
  • Exercise caution on social media
  • Avoid browsing questionable websites
  • Only download content from legitimate or reputable sources
  • Use Two-Factor or Multi-Factor Authentication

Salvador Technologies recently posted about a Cyber Recovery Unit that allows the user to boot into a temporary operating system to recover important files and documents which is a very handy tool….

However the infected system(s) would still need to be wiped and the source of the malware or ransomware identified and neutralised.

The answer to all of this?… Avoidance. While IT security hardening is vital for any size yacht, crew education is priceless to mitigate the potential for cyber incidents happening in the first place. As cyber security consultants, Virtual ETO’s have the expertise to help safeguard your IT systems and educate your crew on the dangers and risks associated with cyber security. Contact us today to learn how Virtual ETO’s can help you identify vulnerabilities in your systems, develop a comprehensive security strategy, and provide ongoing support to keep your business safe from cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *