HUDSON ANALYTICS CYBER RESILIENCE
IMPROVING CYBER RESILIENCE THROUGH TRAINING A Call to Action
A
s of October 2020, 59 percent of the world’s population – that’s almost 4.66 billion people – used the Internet to access information or communicate, actively selling goods and services, exchanging all forms of data and connecting with friends, family, business connections and communities of shared interest. How do these 4.66 billion people with different education levels and experience, from different cultures, speaking diverse languages, residing in different countries, and perceiving the world through their own values, function securely? More specifically, how do maritime transportation organizations function securely within such a global community? One of the fundamental steps a maritime organization should take is to initiate and sustain a cyber-aware culture. According to the European Union Agency for Cybersecurity Cyber Security Culture in Organizations the “concept of cybersecurity culture refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest themselves in people’s behavior with information technologies”. Maritime transportation organizations face a serious challenge in aligning these factors among staff, which may be spread across regions or even around the globe. Creating an organization-wide cyber-aware culture requires, first and foremost, a basic understanding of existing threats, system vulnerabilities, and the potential consequences of a cyber breach. Achieving such
34 Caribbean Maritime | February - May 2021
awareness requires appropriate cybersecurity awareness training among all staff. To this end, HudsonCyber conducted a survey in early 2020 to identify cybersecurity awareness training needs in the port and maritime industry. According to the findings, over 70 percent of respondents affirmed that cybersecurity was important in their daily job activities, and nearly 50 percent acknowledged that they had not received any cybersecurity awareness training.
By Chronis Kapalidis HudsonCyber
A “CYBERIZED” MARITIME SECTOR The risks to the organization generated from staff not having received cybersecurity awareness training have risen alarmingly. Fifteen years ago, the security requirements defined in the International Ship & Port Security (ISPS) Code provided adequate guidance for the protection of vessels and port facilities. However, cyber threats now represent an increasingly significant form of risk to maritime organizations. As the maritime industry rapidly digitalizes, partly due to the Covid-19 pandemic that has only accelerated changes to its modus operandi, most business processes and operational components are progressively interconnected. In this sense, cyber risk management has ascended to an enterprise-wide discipline that executives must understand, own, and advocate across the entire organization rather than relegating it to the