The news about the Equifax data breach and the long list of data thefts in the previous years was high on everyone’s mind. Upon learning of my approach to cybersecurity investments, someone asked me: Why does it keep happening?
I will focus on a secluded industry, overseas shipping, for an explanation.
A “fingers crossed” cybersecurity plan
According to the BBC, a private security company called CyberKeel was launched three years ago with the idea of raising a higher level of awareness about viruses and data theft. The response from large shipping companies, according to CyberKeel’s senior partner, was: Don’t waste your time. We are quite safe. There is no need.
That is typical. Hacking attacks are like recessions – they aren’t real until one happens to you.
It turns out that a sender had a virus in his computer system that added a hacker’s bank account number every time the shipping company’s providers requested an electronic payment.
The hack extracted several million dollars, according to CyberKeel, before the sender realized why their providers were not being paid.
The final straw was the NotPetya ransomware attack this summer. The giant Danish shipping company Maersk recently said the attack forced it to halt operations at 76 of its ocean terminals around the world, leading to $ 300 million worth of business disruptions.
The CEO of Maersk told the Financial times that the attack was so damaging “we ended up having to use WhatsApp on our private phones [to communicate]. Frankly, it was quite a shocking experience. “
The point is that big cyberattacks keep happening when computer security is not a priority for a company.
It’s also a key reason why cybersecurity actions will continue to be big winners for years to come.
The big challenge, even now, is getting companies to take the threat seriously.
If we own a physical business, a house or a car, safety is always a priority, right? We make sure we have strong locks on the doors.
It doesn’t prevent a robbery, of course. But a good lock, fortified doors, and shatterproof windows make the thieves’ job that much more difficult.
We pulled on the door handle a couple of times just to make sure the latch is in place. We tell our employees and children to be sure to lock the doors when they leave.
Why is “Game On” for cybersecurity actions
However, taking the shipping industry as an example, most companies do not do such a thing. Today’s shipping relies heavily on on-board computers and automation. That’s why ships that once needed crews of dozens in past decades can now operate with as few as 13 people.
And yet, when a British consulting firm surveyed 2,500 merchant seamen about cybersecurity at sea, they found:
-
Forty percent of the ship’s officers said they had sailed on a ship infected with a computer virus or malware.
-
Eighty-seven percent of the ship’s crews had no cybersecurity training.
-
It takes an average of 146 days to detect a data breach on board.
-
Seventy percent of data breaches on board go undetected.
Surveys like the one above show why cybersecurity actions will continue to drive the wave of spending in this sector, as company after company and industry after industry realize the threat.