The speed to realise digital transformation in the Maritime and Resource sectors has often allowed security to be placed at the bottom of the priority list. This has caused many weak links to appear along the supply chain, contributing to a fragile cyber-attack landscape.
Experience suggests that the weakest link of any system, whether it be technical, procedural, organisational or industrial, will be the target of choice by cyber attackers.
In the Defence industry supply chain, 3rd tier contractors have been targeted to gain access to Prime contractor’s systems. This has also been seen recently in Mining and Oil & Gas, likewise, the Maritime Industry. Along the supply chain, vulnerabilities can be exploited by nefarious groups by using mis-configured networks, poor access controls and employees who are targeted in social engineering campaigns.
Using the supplier as a launching block, cyber attackers can continue to gain access along the supply chain until they reach their ultimate destination: sensitive commercial documentation or process equipment systems in mines, factories, ships or on oil rigs.
Specifically, for the mining and oil & gas industries, this can result in halts to operations (Norsk Hydro and Maersk), theft of intellectual property and sensitive information (Detour Gold Corp), physical damage to network connected machinery (German steel mill) and the tampering of remote system navigation and positioning telemetry.
For the suppliers, there are ways to reduce the risk and prevent your systems
from becoming compromised.
1. Cyber Hygiene
Taking a proactive approach to understanding the current state of your cyber security, including maturity levels of your asset management, user management, workflow documentation and procurement procedures.
2. Tighten Policies and Procedures
Aligning your organisation to a Cyber Security Framework can improve the overall security posture by identifying key controls to safeguard the business and to display what policies and procedures need maturing.
3. Access Control
Maintaining access controls such as Multi-Factor Authentication, using a Password Manager and limiting access to only the applications individual employees need, will reduce the risk of account hi-jacking and subsequent fraud attempts.