Every day your organization does not have a robust cybersecurity program, there is the potential risk of losing hundreds of millions of euros from a single click by an employee who introduces a malware or ransomware attack into your infrastructure and systems. One of the biggest shipping organizations in the world, was hit with ransomware, and while they didn’t disclose their recovery costs, if they are like other similar enterprise organizations, it would be upwards of 200 to 300 million euros in its recovery efforts. Organizations must focus on having cybersecurity programs that support their infrastructure and the security culture for their employees.
Like many industrial, maritime and shipping companies, their cybersecurity programs have a more concentrated focus on the availability of services and operations in shipping versus worrying about a layered security model or human security awareness and training.
The cybersecurity program must include a defense-in-depth security program over their shipping logistics systems, finance, and GPS tracking systems. Over the past several years, GPS systems with radio and router communications were configured with default passwords. Unfortunately, these passwords were not changed by the owners, and most of them fell victim to an attack where cybercriminals were able to log in change system settings, causing disruptions, which lead to nonconformance costs and loss in revenue.
The security monitoring systems need to protect, monitor and act quickly to any cyberattack. Technology can only be truly successful with human engagement. A robust security awareness and training program can ensure that employees can make smarter security decisions that will help protect an organization from the various attacks.
Security awareness and training programs are crucial as the employees can be encouraged to feel part of the security solution and not a hindrance. With security awareness, organizations must consider making cybersecurity a part of the culture. Like, health and safety within the shipping industry, they strive to avoid potential events, accidents, and the unfortunate event of death.
These incidents are driven by educating, informing, and encouraging the culture every day to every employee. The same program needs to occur with cybersecurity. Consider the communications, information security, and the health and safety teams collaborate and drive the employees’ ideals and procedures where it becomes second nature for them to make secure decisions.
There are two options, consider a line item in the organization’s budget for 300 million euros for a data breach or spend a fraction of that on educating your employees in security awareness and increasing your security culture. Organizations do not want the impact of dealing with a breach, but the risk is reduced when employees are aware and educated to work as human firewalls. Take the next step and create that security culture within the organization.
Click here to see more, use the FREE tools or request a demo.