Superyachts are ‘prime targets’ for cyber-criminals
Superyachts are “prime targets” for cyber criminals, according to research conducted by business data security firm Specops Software.
“Any technological device or system is susceptible to cyber-attacks,” a spokeswoman told Superyacht Investor, after the firm investigated the risk of cyber-crime across a range of sectors – from transport, finance/insurance to hospitality/food. “Unfortunately, a high-value superyacht, with influential passengers aboard, is even more of a risk, as it is more likely to be targeted.”
Specops Software identified four specific threats to the security of luxury yachts. Those are: extortion, theft, hijacking and general access to security systems. “Extortion, or holding photographs and/or information, gained through cyber-crime on guests to ransom is one of the biggest potential problems,” said the spokeswoman.
‘Extortion or holding photographs’
Theft refers to the stealing of business files, information, money and more after cyber-security breaches. “Many owners will conduct business onboard and their vessels often have less-secured WiFi systems alongside stronger signals, and so can be hacked from some distance.”
The final two threats were hijacking a ship’s controls to re-route or shut it down and gaining general access to the ship’s controls. That would make it possible to view on board security cameras. Security systems often aren’t sufficiently advanced to combat savvy hackers, enabling them to breach security systems and either steal data or hold it to ransom.
A superyacht’s network address can be identified from passengers using Facebook and other live posting on social media accounts. If the yacht is close to shore criminals could use cameras to capture potentially compromising photos of high-profile individuals.
To combat savvy hackers, Specops lists five defences superyacht captains and managers can deploy to beat the threat they pose.
The top safeguard recommended by Specops is to establish clear rules for crew onboard yachts covering cyber-security topics and ensure that they are well-understood. Captains and managers may consider banning the use of social media on yachts and review confidentiality clauses in crew contracts.
Banning the use of social media
Hiring a full-time IT expert/chief technical officer to focus solely on cyber security of the yacht is the second recommendation. Alternatively, a senior member of the crew could take on this responsibility.
Other advice includes: changing passwords for gadgets onboard, as well as guest Wi-Fi passwords after every charter and dividing the yacht’s communication system into at least four separate and secure networks. Each should cater for a different operation, such as: Running the ship, guarding business operations, regulating guest access/use and crew access and use.
The final recommendation is to install a secret operational room to retreat to in the event of hijack, a place that will still allow the use of yacht’s controls.
The research revealed transport firms in general spent an average of £6,500 between 2017 and 2018 on cyber protection; up 18% on the previous period. Top spenders were financial and insurance firms with an investment of £17,900; a rise of 23%. The lowest investing firms came from the food and hospitality sector. These spent just £900 on cyber protection during the two-year period. For more information on the research contact Specops.
Meanwhile, Superyacht Investor will be returning to the topic of cyber-security at our London 2020 Conference. Taking part in the forum, entitled Stopping Cyber Attacks, will be Peter Broadhurst, senior vice president, Inmarsat, Benjamin Dynkin, co-founder and CEO, Atlas Cybersecurity and Campbell Murray, global head of BlackBerry Cyber Security Delivery.
Superyachts: Five ways to protect against cyber-crime
- Establish cyber-security rules for crew onboard. Consider banning the use of social media and including related confidentiality clauses in crew contracts
- Hire a full-time IT expert/chief technical officer to focus solely on cyber-security of the yacht
- Change passwords for gadgets onboard, as well as guest Wi-Fi passwords after every charter
- Divide the yacht’s communications system into at least four separate and secure networks. Each should cater to a different operation, such as: Running the ship, guarding business operations, regulating guest access/use and crew access/use
- Add secret operational room to retreat to in the event of hijack that will still allow the use of controls.