Why secure communications are key to protecting the maritime industry

Today’s maritime organisations operate in a time of extraordinary technological innovation - with digital advancements continuing to open up new markets and bring sweeping gains in growth and efficiency. 

Transformations such as digital working, highly-connected supply chains and increasing cyber-physical systems have been immense opportunity drivers. Yet they have also ushered in an array of new risks, in the form of destructive and ever-evolving cyber attacks.

The maritime sector - the backbone of global trade - has increasingly become a lucrative target for cybercriminals who seek to disrupt vital operations for financial, political or operational gain. 

Highly-skilled adversaries are adopting artificial intelligence (AI) to exploit business’ blind spots, while ongoing geopolitical and macroeconomic volatility has contributed to a threatening landscape.

With the growing risk of information or systems being corrupted, lost or compromised, maritime organisations need to be ahead of the curve.

Ransomware remains the weapon of choice for cybercriminals focusing their firepower on shipping and offshore enterprises. And email - the gateway to business communications - is the adversaries’ primary attack vector. More than 90% of cyber attacks originate from email making it the single biggest cyber threat to organisations across sectors and sizes.

This makes secure communications absolutely critical if maritime organisations are to avoid cyber attacks - ones which can have devastating financial and reputational repercussions - and risk permanently sinking their operations.

Maritime: In the crosshairs of the world’s cyber adversaries

Maritime cyber attack statistics are sobering; recent reports indicate a 400% increase in weekly cyber events, driven by agile ransomware gangs and a focus on supply chains. 

The average ransom paid by cyber-targeted shipowners is now more than $3 million - while 2021 statistics showed that attacks in the valuable Asia-Pacific region had risen by 168%.

This past year has not only brought the worst phishing volumes on record but steep rises in social engineering attacks. Not to mention the one billion malware programmes that are now circulating across all industries.

Furthermore, seven of the world’s top container carriers have acknowledged being victims of cyber attacks, and even the International Maritime Organisation (IMO) has seen its systems compromised.

Several factors make the maritime sector particularly vulnerable to cybercrime. First, there’s the ageing infrastructure of many fleet vessels, potentially running outdated and unsupported software. Second, there’s the interconnectedness of shipping’s physical/digital systems, making intrusions harder to mitigate.

Cyber adversaries have also learned that it’s not unusual for maritime customers to transact single invoices worth millions of dollars - making them high-value targets.

The dangers of a cyberattack can bring down a whole ocean freight supply chain: what may happen to data upstream could dramatically affect the flow of goods (speed, quality etc) further downstream.

To some extent, the industry has been slower to build up resilient technology systems than other industries, making it more vulnerable to threats.

Why secure maritime comms is an organisational must

Like many industries, maritime is undergoing significant digital transformation. Yet the increased connectivity of vessels - and adoption of smart systems to facilitate the real-time management of global shipping - has resulted in a massively widened attack surface and a lot of data.

Recent studies show a 131% year-on-year increase in maritime data usage associated with business operations. This means many points of potential compromise, but also considerable noise that impairs business performance and security.

While most attacks have focused on compromising ports and on-shore corporate networks,  hackers have demonstrated their ability to remotely target vessels; deploying malware or ransomware via compromised emails before moving laterally across a ship’s networks to penetrate marine systems. 

Human error or misjudgment - such as clicking on an emailed phishing link - lies behind 95% of successful cyber breaches. This can cause major ramifications like operational delays or even ship collisions due to the loss of navigational control.

The maritime sector faces increasing cyber regulation

Shipping companies’ IT and Operational teams are now keeping up with the pace of change of tech, the threat of cyber hacks and knowing what tools are needed to protect their systems and employees.

At the same time, national governments and the IMO are keeping abreast of the latest tech, guidelines and regulations so the maritime industry can keep up.

For example, compliance requirements are increasing to address its cybersecurity shortcomings. Shipowners and operators are now obliged to comply with the IMO’s 2021 resolutions of Maritime Cyber Risk Management, with flag state authorities like the US Coast Guard actively enforcing these requirements. 

Container shipping organisations have similar cyber requirements, while tanker operators increasingly require cyber-focused TMSA 3 accreditation to obtain charters.

Meanwhile, the International Association of Classification Societies recently published new  E26 and E27 regulations, making cyber requirements compulsory for ships and offshore installations constructed from January 2024 onwards - and there are hefty fines for non-compliance with GDPR stipulations, should personal data be compromised.

Building a watertight communication platform for maritime

Our data-driven communication platform is known for its AI-powered features and technology integrations that transform inboxes; making data more visible and optimising email operational workflows to power efficiency and profit. 

In addition, our security features provide a strong, compliant and robust base for our customers to fend off cyber attacks.

Here at Sedna, we live and breathe maritime, logistics and the broader supply chain, with our in-house experts holding decades of experience working in various positions across the industry. 

Our hyper-focus means we understand the security risks and pains. When building and enhancing our solutions, we’re taking into account a whole suite of industry-specific considerations.

Recognising that email protocols were built decades ago - without today’s security landscape in mind - we have made cybersecurity considerations one of our primary focuses. 

From the start, Stream by Sedna has been ‘secure by design’. Its foundational security principle is also the primary focus of its platform - by dramatically reducing email, you reduce the number of touchpoints for a potential cyber breach in the first place.As an example our customer Viterra - one of the largest global grain handlers - reduced internal email volume by 95% by using our platform. Reducing email by these volumes means less opportunity for attacks, and higher probability of spotting phishing attempts.

Plus, our customers’ default experience with Stream means that all of their data stays 100% private. Sensitive data remains securely stored in an environment owned by them, a key part of our overarching philosophy and contractual commitments.

We’re also certified to ISO 27001 standards - regarded as one of the world’s most rigorous global accreditations for security assurance.

Our platform’s cloud-based hosting enables all of the expected security and stability features: automated data back-ups, high availability document storage, targeted data encryption and multi-location redundancy - helping to protect accounts and data from unauthorised access. We view our cloud approach as a key factor in scaling to meet changing security risks and requirements. 

We work directly with solution architects at our cloud providers to design and build solutions that take redundancy, resiliency and alerting to new levels. For instance, Disaster Recovery prep in a cloud environment requires new ways of considering attack vectors, entry points and level of redundancy. And critically, working on the cloud also means that we can monitor and alert for new potential attacks almost instantly across our global network.

Stream is built for enterprise user control as well, with a Single Sign-On (SSO) system that dramatically reduces opportunities for data breaches by requiring just one set of credentials and saving time throughout the day. We also take advantage of our network, providing users with additional verification data when receiving messages from approved senders.

Our core partner integrations are built to reduce the need for switching between systems. This not only saves hours a day but also reduces the need to forward data to other employees (decreasing opportunities for interception).

We are committed to data privacy. With any use of Stream data is just that - their data. The information shared when using the platform is owned by our customers and will never be sold onwards by Sedna to any third parties.

Taking security to the next level

In my opinion, two features in particular put our communications platform in a class of its own. 

One is the pioneering Personable Identifiable Information (PII) Redaction feature - a tool that scans emails and flags them to be either redacted or deleted after a set period of time.

Many emails contain sensitive or confidential information, such as bank account details addresses, birth dates and phone numbers - which, if compromised in a cyber attack could lead to fines or even criminal charges under regulations such as GDPR, CPRA, and HIPAA. 

PII Redaction tools, backed by cutting-edge AI models, can ensure automatic, accurate compliance for email data by stripping confidential or sensitive data automatically. This is a tool we launched earlier this year and I’m not aware of any other email client that has this out on the market.

We have plans in the future to get to the point where we just retain the purpose of the email - the PII information - while stripping the content out, meaning that even if an attacker accesses a system, they can’t get to anything important. We see this as the tip of the iceberg in regards to providing functionality to proactively identify and manage PII, including giving users more control to understand what data is coming through email and how best to manage that data securely, and remove it when it is no longer needed.

The other standout feature is ‘Verified by Sedna’.

This is a quick and easy visual way for our users to have confidence that incoming messages originated from a verified Stream customer through showing the sender’s company logo. This facilitates an extra level of info-security and trust between email recipients and is the first in a long line of planned features to take advantage of the fact that many of our customers are conversing with each other We see future functionality to further improve 

If we can build features that allow maritime communication to happen faster, easier and in a more secure format - and improve the industry’s cyber resilience in the process - we see that as a win for everyone.

‍

Discover more about the value and role Stream by Sedna can bring to your IT Management processes.

‍