Protecting against cybercrime onboard superyachts
Yachts have what all hackers love: money, secrets, negotiations for deals, reputations, and famous people. Cybercrime is big business that’s getting ever more sophisticated, and yachts are unique in that ‘disrupting operations’ is not the strategy – criminals target the owners or guests most often in hopes of blackmail or extortion. Protecting against cybercrime onboard superyachts has never been so important.
A superyacht, by its autonomous nature, can give a false sense of security. People feel safe in a remote and protected cocoon, however, the increasing need for high connectivity makes them vulnerable.
With blackmail and extortion as the goal, cyber criminals gather information to use against a high profile or high net worth individual through malware or spyware, via compromised crew credentials or by gaining access to the yacht’s more sensitive networks via a less secure one like the guest wifi. Yachts are also prime targets for invoice fraud since the captain and manager have to validate a lot of diverse transactions.
In addition, there may be attacks on operational technology that can interfere with a yacht’s systems. These disruptions can even be due to non-malicious activity, for instance, when a supplier accesses the network remotely to update firmware without the captain being aware.
The good news is that cyber security doesn’t require a massive investment. By encouraging situational awareness and implementing good practice it can significantly impact your cyber resilience. Most commonly, cybercriminals look for the easiest target, and the human element on board often supplies that.
From a cybercrime perspective, it costs a lot of money to try to hack into a system. It’s a level of skill that generally must be paid for, but sending phishing links or whaling, purchasing databases of email addresses and sending out thousands of emails and hoping someone clicks on it, provides an easy and autonomous method for attackers to utilise.
That is why crew awareness training is a crucial part of the solution. Developing a culture of cyber risk awareness as well as addressing vulnerabilities in practices and in systems’ design, maintenance and integration are required for yachts that adhere to the International Safety Management Code (ISM).
How many different networks are on board your yacht? Are they isolated to stop any access from the guest wifi to a sensitive network such as the CCTV or navigation? How many suppliers and manufacturers have remote access to your yacht? And are their passwords something other than 0000? Are your crew trained to spot and not click on suspicious links? What devices on board require connection without security, like toys, lamps, cameras, and watches? Your captain and officers should be able to answer all of these questions.
Superyacht insurers may also require a cyber risk plan. Underwriters are introducing new cyber risk clauses that require cyber risk management systems and policies must be in place and demonstrated to be working, otherwise, policies are invalidated. It is critical, therefore, that yachts manage cyber risk with a holistic approach that integrates technical, crew training and organisational solutions.
At Priavo we offer multi-layered protection, consisting of in-depth vulnerability assessments, phishing and attack simulation tests, and advanced protection and monitoring. By identifying existing and future vulnerabilities we are able to mitigate towards risks that may compromise your operational systems or privacy. In the event of a cyber-attack, we provide crew training, implementing bespoke crisis management plans, breach scenario planning, and sophisticated response protocols to ensure your vessel and your crew are sufficiently protected.
To book a confidential discussion with one of our experts, contact enquiries@priavosecurity.com.
.