Seatrade Cruise News is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Tabletop exercises with cruise execs needed to tackle data breaches

When it comes to cyber attacks, 'everyone’s a target,' according to Mandiant's McCoy
Cruise line executives need to participate in tabletop exercises to better understand the nature of data breaches and how they occur.

As well as highlighting the importance of ‘bringing in executives and doing tabletop exercises,’ Pat McCoy, director, Mandiant Consulting, said ‘It’s useful to do offensive testing … knowing the risk yourself before you become a news headline … is a great first place to start.’

The comments came during the ‘Ransomware and Maritime Cyber Security in the Post-Pandemic World’ session at last week’s Seatrade Cruise Global in Miami Beach.

Learn lessons from data breaches

‘Everyone can learn, one way or another, from the experience of others,’ according to Rob Pegoraro, contributor, USA Today and Fast Company, when it comes to breaches in cyber security. He referred to cruise ships as ‘a floating data centre,’ albeit recognising that ‘at least on a ship you have a culture of safety drills,’ implying operators may be more adaptable when it comes to implementing measures against emerging online threats. 

‘Not if, but when …’

‘Not if, but when, is something we use all the time internally,’ continued McCoy. ‘Everyone’s a target.’ Describing himself as being ‘busier and busier and busier ... driven by awareness,’ he encouraged ‘cyber hygiene’ practices.

‘When we were attacked recently, our CEO was laser transparent about what happened, how it happened … We published everything that we learned about the attacker publically and burned their infrastructure down.’

On those responsible for cyber crimes, the director spoke of the role of government: ‘The challenge is attribution when it comes to setting sanctions.’

Cyber at sea

‘It’s a misconception that we can’t patch a ship in the middle of the ocean … there are ways 'round that,’ declared Georgios Mortakis, VP enterprise technology operations and chief information security officer, Norwegian Cruise Line Holdings.

‘Ransomware is nothing new. It's become much more visible recently but everyone is in scope.’

McCoy also warned: ‘They're looking for high visibility organizations, and no industry is immune from that.’