By Caroline Shortland, Superyacht Sales Manager, NSSLGlobal
According to a study by IBM, human error is the major cause of cybersecurity breaches, with trusted but unwitting insiders to blame for the majority of reported attacks. This is a cause of concern for the many industries that rely on IT and communications… and the superyacht market is no exception.
Despite many of the most publicised recent global cyberattacks being land-based ransomware attacks targeted at businesses (e.g. the infamous WannaCry and Petya hacks) it shouldn’t be assumed that being away at sea means you’re safe. The superyacht market needs to be just as wary of human error as any other industry.
A NSSLGlobal survey of a few hundred superyacht crews in 2015 revealed that crewmembers typically carry at least two devices on board. Tally up all your crew’s personal smartphones, tablets, laptops, alongside those brought on board by an ongoing rotation of guests and you clearly have a lot of devices on board at any one time. These devices are all viable ports of entry for cybercriminals, which essentially double the chance of attack.
Treat your personal and guest information like your cash
Superyachts also play host to some of the world’s wealthiest, high-profile people, so they are already seen as an attractive target for cyber-criminals (since money is the primary motive in the majority of cases).
With cybercrime clearly a very real threat to superyachts, and with individual human error usually the weakest link, here are five top tips that crew members, owners and superyacht guests can follow to ensure cybersecurity best practice. These tips are a distillation of the latest cybersecurity at sea video from Fidra Films, of which NSSLGlobal is the lead sponsor.
Treat your personal and guest information like your cash
We’re living in a digital age, where it’s gratifying to upload our latest selfies or Boomerang videos onto Facebook, Instagram or Snapchat. But, if guests or crew members aren’t careful, these could pose a significant cyber threat to the superyacht.
The availability of GPS information through geo-tagging or enabled location services allow these criminals to locate their victims. And, once the location of the superyacht is known, long-lens photographers can be dispatched to take compromising photographs of the rich, which can be used against them for ransom.
In order to combat this threat, everyone on-board should be informed about the prudent use of social media. Be it crew members or guests, no-one should be posting information about who is on board or where the superyacht is bound as this can compromise the safety of both the superyacht and its passengers.
Don’t plug personal devices into the network… it could disarm the yacht
Superyacht guests will no doubt be streaming movies and TV shows via their smartphones, tablets and laptops to keep themselves entertained whilst on board, as will crewmembers during their leisure time. Obviously, streaming media can be very battery-intensive but these individuals need to be wary of plugging their devices into the superyacht’s network when it comes to recharging.
Using removable devices between computers increases the likelihood of spreading viruses, malware and malicious software. From this, hackers can remotely infiltrate your device and access and attack networks that would normally be out of reach.
To avoid this, guests and crew should avoid plugging external hard drives or any USB devices into the network without clearance by the captain. Or, use charge-only USB cables to prevent data and GPS synchronisation.
Think twice before you click
Browsing the internet carelessly or without the latest security software in place will also leave superyachts and its guests open to attack. Cybercriminals exploit outdated software on devices and even attempt to trick superyacht crews and guests into downloading malware.
Once downloaded malware allows the malicious party to access personal devices and gain control of a victim’s money, identity as well as any sensitive information available, which can have damaging consequences.
The best defence for safe internet browsing is to always think twice before you click. Keep security and other software up-to-date and only visit reputable websites.
Never assume an email is genuine
In this day and age, everyone uses email. But, many still fail to spot the signs of a simple phishing expedition; the unknown sender, the poor grammar, the incorrect information, the irrelevance.
By sending a fake email with a simple, believable request, these cyber criminals can steal identities, money and hold high-profile guests to ransom. According to a study by Verizon, an astounding 30% of phishing emails are opened by individuals. Just because an email says it came from your business partner or bank, doesn’t necessarily mean it did.
Why would a company ask for personal information or passwords that they should already have? If ever unsure, always have a second pair of eyes look at the email or confirm with the supposed sender via phone or text message.
Don’t share passwords
If hackers get hold of passwords they can pose as the victim; spending their money, taking out loans or worse. And, by the time the victim becomes aware, the cybercriminals could have spent a fortune.That sounds obvious, doesn’t it? But, many individuals still use the same password for their banking, Facebook, LinkedIn and even their tax return.
Using the same, weak password for everything offers very little protection against these hackers who can gain easy access to your sensitive information. Strong passwords based on irregular characters, spaces and random numbers will provide better defence and will make your personal and financial accounts that much harder to infiltrate.
A shocking 99% of cyberattacks are being targeted at people rather than IT infrastructure so all industries, including the superyacht market, need to be fully prepared to mitigate against these growing threat vectors. Superyacht management companies and owners must ensure thorough cybersecurity training is provided to their crew to keep these risks to the minimum. Failure to do so could ultimately lead to severe reputational and financial damage.