Shipping is an international business with over 90% of world good being moved round the world by shipping.
To do this efficiency, large amounts of information and data are now handled and distributed electronically, information regarding crew, cargo details, ships routes, ETA’s and ETD’s etc. Ships use Information Technology (IT) and Operational Technology (OT). Onboard a modern ship there are Dynamic Positioning Systems (DP), Global Maritime Distress & Safety Systems (GMDSS), Long Range Identification and Tracking systems (LRIT), Ship Security Alert System (SSAS), Electronic Chart Display Information Systems (ECDIS), Automatic Identification Systems (AIS), Industrial Control Systems(ICS) and Engine Control Systems. Most ship have access to the Web and Internet and with this is the increased threat of a cyber-attack.
Persons who have malicious or fraudulent aims can gather information using phishing, there are three main types.
Phishing can be disguised in an electronic communication such as an email, text, social media that appears to be from a trustworthy entity. It is a method used to acquire personal information such as usernames, passwords and bank details for malicious reasons.
Phishing frequently requests internet users to enter personal information at a fake website that looks and feels almost identical to the genuine site. Communications claiming to be from banks or emails advising that you have won the lottery even though you have not bought a lottery ticket are often used to entice victims. Phishing emails may contain links to websites that are infected with malware.
Spear Phishing
Spear Phishing is like phishing and is the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce in this case targeted individuals to reveal confidential information, using the same methods as above.
Whaling
Whaling is malicious hacking and is a specific type of phishing. It involves gathering data that can be used by the hacker. In whaling, the targets are high-ranking company executives or others in powerful positions or jobs.
Strong Passwords ($tr0ng P@$$w0rd$)
When deciding on a password never use any personal information, it should be at least eight characters long and contain letters (upper and lower case), numbers and characters.
How to create a strong password?
One method would be to choose a phrase that you are familiar with such as;
Twelve good men and true
Take the first letter from each word (highlighted above)
TGMAT
Then add upper and lower case, makes it stronger
tGmaT
add numbers
12GmaT
Add characters, speech marks as it is a quote
“12Gm@T”
Remember never give your password to anyone or leave it on a post it note.
For more security information check out The Seamanship Centre MCA, MSO Ship Security Officer Course
Tel: +353 (0) 86 893 7225
Email: info@seamanship.ie
Cyber/Internet Security about phishing, spear phishing, whaling and strong passwords