Are your crew letting Hackers onboard?

The real threat these days to companies, the wealthy  and their yachts is  no longer the con artist or burglar seeking to break in as it is just too hard for them and assets are much harder to make off with these days. 

Today the threat to yachts is intruders into a companies or a vessels IT network.  That is one reason why Penetration Testing is so popular – by ensuring that cyber security systems have no overt gaps within them for attackers to exploit, that Owners, Captains and their Management Companies can sleep soundly in the knowledge they are protected.  But there is one way to circumvent every piece of security on the planet – that is for someone to let you in.

Cyber criminals can make it on board, in the cyber sense, in a variety of ways.  They can send phishing or spear fishing emails designed to manipulate the person that opens the email into clicking on a link or opening an attachment.  Cyber criminals can piggyback on a crew member, guests or contractors laptop, phone or iPad  prior to them boarding the yacht by compromising it – once it connects to the wifi they are inside your network. They can distribute memory sticks with embedded invisible malware to compromise the yachts cyber security.  What would you do if you woke up after a heavy night out at a bar and found an expensive looking memory stick labelled, “Salaries”, “Redundancies” or “2017 Yacht Itinerary”? 

In one memorable incident the Director of HR found a CD marked salaries in the company toilets and uploaded it onto her PC, thinking that she had been circumvented for some upcoming Salary Reviews.  I myself would normally feel like I am completely immune to this level of deception – a level of confidence that almost certainly means I can be compromised; and I was. 

It was the middle of a busy work day and an email arrived in my inbox with the WhatsApp branding asking me to click a link for a voicemail, without any conscious thought I went ahead and clicked the link exposing my laptop and my companies network to compromise.  I regularly used WhatsApp, I was very busy and I was trying to get through the day – luckily the software I downloaded was designed for a Windows PC so I had a lucky escape and a very inexpensive lesson.

Cyber security requires a technical solution, in the same way that we apply security to our physical possessions, our family or ourselves.  But there is also the same element of human responsibility and vulnerability that can be exploited.  Just as we lock doors, set the alarm and don’t allow strangers in to our homes we need to take responsibility for keeping our networks safe.  This is why we are producing this newsletter.  There is a knowledge gap about what cyber security really is, from CEO’s and Managing Directors at the top of companies right to the contractors and crew office staff at the very foundation.

It is a gap that we need to fill before a cyber criminal slips through.