Phishing emails continue to be one of the greatest threats to a port’s cybersecurity.
In 2021, ports and shipping stakeholders ranging from liner HMM to South African port infrastructure owner Transnet’s online systems were rocked by cyber-attacks, stalling operations and risking financial and data loss.
Port and maritime systems have never been more under threat: in 2020, security firm Naval Dome said that reported cyber-attacks had risen by a staggering 900% since 2017.
As ports have become digitalised, introducing Internet of Things (IoT) assets to its network, concerns have grown about increasing vulnerabilities and ‘attack points’ for a cyber criminal.
But social engineering – taking advantage of an employee on the other end of the keyboard to gain access – through methods such as phishing emails continues to be one of the largest threats to a port’s cybersecurity strategy.
The pandemic-driven increase in remote working has also led to a significant rise in phishing emails: Barracuda Networks found that phishing emails globally surged by a stunning 667% in March 2020.
Billy Marsh, Chief Information Security Officer at the Port of San Diego, told PTI that ports and terminals still face considerable threats through social engineering.
“Social engineering remains one of the greatest threats across all industries, most notably phishing,” Marsh said.
“When a specific industry gets successfully attacked, it is like blood in the water and attracts the attention of ‘the sharks in the water.’
“There are always scans being performed for vulnerabilities by those who are looking to exploit them – and when a key vulnerability is discovered, it becomes a race to find and exploit that vulnerability first.”
The Port of San Diego reported a ransomware type of cyber-attack named ‘SamSam’ on 25 September 2018, at the hands of a state-sponsored hacker operating inside the Islamic Republic of Iran.
The port was credited for quickly responding to the ransomware attack, and Marsh highlighted that rapid communication is a “key factor” in keeping the port secure to prevent future attacks.
“The sharing of information is a critical component to inform our area of the attacks we are observing in the wild and that information could help prevent an incident from occurring,” he said.
The port is now working with several state and federal agencies to increase awareness and facilitate the sharing of information, he added.
Moving forward, Marsh said working with local assets to “train and drill” simulated attacks would increase employee and industry awareness to prevent cyber threats from becoming attacks.
“We’re all in this together and we need to ally against the barrage of attacks that are more and more organized with the passing of time,” he said.
“With the ability to run through simulated attacks the local groups could share their response capabilities, those with mature response programs could serve as a lighthouse for the other entities that are still developing their security model.
“By working together and providing guidance where needed, the sector as a whole would improve their security posture.”