CRIBB Cyber Security launches ‘CRIBB Maritime Cyber Assurance’ for the Cruise industry

Who are cribb?

CRIBB Cyber Security offers end-to-end cyber resilience. We are an official certification body backed by the UK Government and the cyber security arm of TheICEWay ecosystem of companies. CRIBB is committed to working alongside companies seeking to increase their security and compliance levels. Our wide range of services and solutions on offer are designed to achieve just that and more. CRIBB can provide expert advice, guidance and support for: Data protection, GDPR, Cyber Essentials, PCI DSS, PECR and DPO. We have complete maintenance and support services throughout the year as well as specific training and education available for companies and their staff.

Maritime

Maritime & Cruise

In previous years the risk of cyber-attacks was a risk that the maritime industry largely failed to recognise. Nowadays, however, with ships increasingly becoming digital worlds all on their own, this attitude has had to undergo a change. Maritime cyber-attacks, unlike onshore attacks, are often left unreported. In today’s industry, the internet connects more and more ships and as a result of this, a cyber-attack at sea can be more dangerous than an attack occurring onshore. This, combined with a lack of inbuilt encryption or authentication codes for navigation systems, creates an issue where potential attackers often view shipping as a ‘soft target’.

Training

Cyber security training is a requirement for all cruise industry employees, from the owner of the shipping company all the way along to the junior deck hand. Just a few years back, reports indicated that only 47 percent of crew members were aware of cyber-safe policies or cyber-hygiene guidelines.

Now consider that cyber-attacks are costly to correct and can have a hugely adverse effect on the reputation of any maritime company. Surely then it is worthwhile seeking out an appropriate cyber security investment?

Why do companies need to be ultra-vigilant with cyber security?

Cyber-attacks and data breaches are on the rise, meaning that the topic of Cyber Security is becoming hotter and hotter. One look at the top 3 data breaches in 2020 against the top 3 in 2021 (to date) is all it takes for proof of this development.

Neither companies offering outsourced ‘solutions’ nor in-house IT departments are as trained or focused on cyber security as CRIBB are either.

Why CRIBB?

CRIBB have all the experience and knowledge required to help. We are highly trained to properly assess risk, to mitigate dangers and to keep businesses and data safe and secure. Simply put, in today’s World you need CRIBB Cyber Security.

Poor security solutions

Unfortunately, even if you are in agreement with the statement above, existing security solutions and options in the cruise industry are clunky at best. In the US right now there aren’t any standards for GDPR; which is where CRIBB can step in.

The 3 biggest data breaches of 2020

1. Estee Lauder; confidential information stored in over 440 million customer records exposed

2. Facebook; 267 million profiles for sale on the dark web

3. Microsoft; Over 250 million customer records exposed

The 3 biggest data breaches of 2021 (Jan-Aug)

1. Facebook, Instagram & LinkedIn; 214 million records breached

2. Bonobos; 7 million records breached

3. Volkswagen & Audi; 3.3 million records breached

How can CRIBB help the Cruise industry?

CRIBB Maritime Cyber Assurance’ – aka CMCA – is a unique and affordable alternative to ISO27001. It is recognised by the IASME Consortium and designed to encourage all crew members to deliver shareholder reassurance in a straightforward manner.

The CMCA solution offers clients the chance to increase their protection and improve their defences. It enables them to assess their GDPR readiness, to help achieve as high a level of compliance as possible and to ultimately aim for a higher profit margin. This can be achieved through eliminating inefficiency and tightening up business processes across the board. CMCA guarantees full briefing and consultation throughout the project. You’ll receive assistance with security policies plus an evaluation of the existing ‘organisation of information’. A thorough assessment of the current compliance level will also be provided. There will be an evaluation of the current level of Operations Security. You can expect guidance and an assessment on management, guidance with Subject Access, a review of current policies, procedures and processes. This will all be done by an experienced and certified GDPR practitioner. We can also offer assistance with Human Resources and an access Control check. As if that were not enough, you can also expect:

An evaluation and assessment of supplier relationships

Physical & environmental checks

Assistance with Business Continuity Management

A validation of equipment, technical controls and network / cloud

Firewalls and Malware protection

Help with managing Security Incidents

Guidance on Cryptography

Asset Management advice

Why CRIBB for Cruise?

It’s simple: it is genuinely simple. CRIBB can take all of the pain and discomfort away with complete support and training for all employees. Once you have implemented ‘CRIBB Maritime Cyber Assurance’, you will have:

  • Defined your policy for data protection and minimised the data held
  • Communicated the changes to all employees and defined their roles with the relevant training
  • Identified that the data you process is done so on a lawful basis
  • Provided the required privacy information to the data subject
  • Obtained consent where required
  • Implemented robust procedures for data subject access requests

These points are all more crucial than ever today, as we contemplate an industry which:

  • Grows ever dependent on IT
  • Is host to an abundance of Cyber-Attacks on Ports and Ships
  • Does not have any ‘easy’ solutions

Glossary

APP – Australian Privacy Policy 2019

CCPA – California Consumer Privacy Act 2020

CMCA – CRIBB Maritime Cyber Assurance, launched in 2019

Cyber Essentials – The UK Government’s basic technical specifications for cyber security

DPA – Data Protection Act 2018

DPO – Data Protection Officer

GDPR – General Data Protection Regulation 2018

IASME – An accreditation body and a data privacy standard that incorporates Cyber Essentials and GDPR with Information Governance

PECR – Privacy and Electronic Communication Regulation 2003

PCI DSS – Payment Card Industry Data Security Standard

Cyber Essentials Plus
Cyber Essentials Plus