Corey Ranslem, CEO of the IMSA, discusses the lack of cyber security in the superyacht industry…
Stakeholders in the superyacht industry are falling victim to cyber-attacks at an increasing rate. While it is a relatively new threat when compared to yachting’s rich history, the cyberthreat has been continuing to grow in scale for a number of years now, and still many vessels wait until it is too late before bolstering their defences against hackers, regardless of the sums of money at play and the types of risks that exist. In comparison to other industries such as health, banking and finance, the superyacht industry falls well below the standard. However, the industry also presents some unique challenges, for example, the fact that there are crew members living on board who lead a life blended by professional responsibilities and personal freedom. So how can the industry tackle this issue?
Corey Ranslem, CEO of International Maritime Security Associates, believes cyber security deserves more attention, “Superyachts focus mostly on what they need to do to ensure that passengers and guests on board are having an awesome time. And so, there's a lot of things that I know get pushed to the side. Also, when you look specifically at larger yachts, you know that there is only a limited number of hours in the day. There's a limited number of things that the crew members can do on board.”
It seems obvious to say that cyber security education and training would go a long way in reducing the impact of hacker attacks. Technophobia isn’t exactly rife in the superyacht world, and indeed, the wider public perception of the necessity for cyber security is a particularly hot topic at the moment. Ranslem has found that there is too large a gap on the spectrum of security measures utilised by private yachts.
“You'll see there's a lot of large yachts and management companies that do a great job with cybersecurity, where they have more than what you would consider the requirements to be.” Ranslem went on to explain the opposite end of the spectrum where, “you have people that basically don't even have a firewall or any type of protection on their vessel or with their business.”
In May earlier this year, cybercriminal gang DarkSide launched a ransomware attack on the colonial pipeline in the US which affected fuel stocks in marinas along the east coast. Such attacks, according to Ranslem, will become more frequent. The dispute was eventually settled by a payment of $5 million to the criminal gang.
However, Ranslem believes that relying on the safety net of ransom money is not justifiable, “There's no guarantee that when you pay that ransom that you'll get any data back. I've known companies and people who've had data taken hostage. They followed the instructions of the attacker. They paid the ransom in Bitcoin and never got any of their data or information back and then they were basically stuck with nothing.” The Blackberry Mobile advocate and CEO went on to explain how, “once you pay the money for a ransomware attack, that gets out all over the internet, and now you've just made yourself a target for subsequent ransomware attacks. Therefore, once you pay ransom to one group, you're basically putting a sign up to say you’re willing to pay ransom to get your data back because you’ve done it once already.”
Some individuals in the superyacht industry have called for a social media and cybersecurity training course for crewmembers. Ranslem stated that, “Software systems are good, good up to a point where you have the human intervention, and then the human intervention piece is really the most important. And I am a big advocate of training people to understand how to use those systems, but also training people to understand what the attack vectors look like. You can train someone to do it within a couple of hours, and that's something you can do a few times a year, just show people how cyber criminals are looking to attack vessels.”
A recent report by Accenture Security highlighted that 68% of business leaders feel that cybersecurity risks are increasing. Moreover, in a recent interview with SuperyachtNews Lloyd’s Register expert, Peter Sponer, revealed how hackers are adapting and becoming more clinical in their criminal activity against superyachts. However, through involving people and technology, a solution can be reached to ensure superyachts don’t become sitting ducks in the eyes of cybercriminals and hackers.
Click here to become part of The Superyacht Group community, and join us in our mission to make this industry accessible to all, and prosperous for the long-term. We are offering access to the superyacht industry’s most comprehensive and longstanding archive of business-critical information, as well as a comprehensive, real-time superyacht fleet database, for just £10 per month, because we are One Industry with One Mission. Sign up here.