Who are CRIBB?
CRIBB Cyber Security offers end-to-end cyber resilience and is an official certification body backed by the UK Government. The Cyber Security arm of TheICEWay ecosystem of companies, CRIBB is committed to working alongside companies seeking to increase their security and compliance levels, with a wide range of services and solutions on offer designed to achieve just that and more. CRIBB can provide expert advice, guidance and support for data protection, GDPR, Cyber Essentials, PCI DSS, PECR and DPO, with complete maintenance and support services throughout the year as well as specific training and education available for companies and their staff.
Why do companies need to be ultra-vigilant with cyber security?
Cyber-attacks and data breaches are on the rise, meaning that the topic of Cyber Security is becoming hotter and hotter; one look at the top 3 breaches in 2017 against the top 3 in 2018 is all it takes for proof of this development.
These numbers plus the year-on-year growth percentage are both astronomical, and the names listed offer further proof that no company is immune to data incidents. Add to that the fact that unfortunately neither companies offering outsourced ‘solutions’ nor in-house IT departments are as trained or focused on Cyber Security as CRIBB are, and it is perhaps time to make a call…
CRIBB have all the experience and knowledge required to help, are highly trained to properly assess risk, to mitigate dangers and to keep businesses and data safe and secure. Simply put, in today’s World you need CRIBB Cyber Security.
Why the Cruise industry?
In previous years the risk of cyber-attacks was a risk that the maritime industry largely failed to recognize. Nowadays, however, with ships increasingly becoming digital worlds all on their own, this attitude has had to undergo something of a change. One area of concern that needs to be raised within shipping revolves around the fact that maritime cyber-attacks, unlike onshore attacks, are often left unreported. Another is that in today’s industry, the internet connects more and more ships and as a result of this, a cyber-attack at sea can be more dangerous than an attack occurring onshore. This, combined with a lack of inbuilt encryption or authentication codes for navigation systems, creates an issue where potential attackers often view shipping as a ‘soft target’.
Cyber security training is a requirement for all cruise industry employees, from the owner of the shipping company all the way along to the junior deck hand, and reports for 2017 indicated that only 47 percent of crew members were aware of cyber-safe policies or cyber-hygiene guidelines.
When you consider that cyber-attacks are costly to correct and can have a hugely adverse effect on the reputation of any maritime company, it is surely worthwhile seeking out an appropriate cyber security investment?
Unfortunately, even if you are in agreement with this statement, the existing security solutions and options in the cruise industry are clunky at best and in the US right now there aren’t any standards for GDPR… Which is where CRIBB can step in.
The 3 biggest data breaches of 2017
1. Equifax; ~143 million people were victims
2. Uber; up to 57 million people were victims
3. Verizon; ~14 million people were victims
Total number of victims from the top 3 combined ≈ 214 million
The 3 biggest data breaches of 2018
1. Aadhaar; ~1.1 billion people were victims
2. Starwood; ~500 million people were victims
3. Exactis; ~340 million were victims
(230M people / 110M businesses respectively)
Total number of victims from the top 3 combined
How can CRIBB help the Cruise industry?
‘CRIBB Maritime Cyber Assurance’ – aka CMCA - is a unique and affordable alternative to ISO27001 that is recognised by the IASME Consortium and is designed to encourage all crew members to deliver shareholder reassurance in a straightforward manner.
The CMCA solution from Ice Technology Services and CRIBB Cyber Security offers clients the chance to increase their protection, to improve their defences, to assess their GDPR readiness, to help achieve as high a level of compliance as possible and to ultimately aim for a higher profit margin through eliminating inefficiency and tightening up business processes across the board. CMCA guarantees full briefing and consultation throughout the project, assistance with Security Policies, an evaluation of existing ‘organisation of information’ and a thorough assessment of the current compliance level. There will be an evaluation of the current level of Operations Security, guidance and an assessment on Management, guidance with Subject Access, a review of current policies, procedures and processes – all by an experienced and certified GDPR practitioner – plus assistance with Human Resources and an access Control check. As if there were not enough, you can also expect an evaluation and assessment of Supplier Relationships, Physical & Environmental checks, assistance with Business Continuity Management, a validation of equipment, technical controls and network / cloud, Firewalls and Malware protection, help with managing Security Incidents, guidance on Cryptography and Asset Management advice.
Why CRIBB for Cruise?
It’s simple: it’s simple. CRIBB can take all of the pain and discomfort away with complete support and training for all employees, and once you have implemented ‘CRIBB Maritime Cyber Assurance’, you will have:
- Defined your policy for data protection and minimised the data held
- Communicated the changes to all employees and defined their roles with the relevant training
- Identified that the data you process is done so on a lawful basis
- Provided the required privacy information to the data subject
- Obtained consent where required
- Implemented robust procedures for data subject access requests
These points are all more crucial than ever today, as we contemplate an industry which:
- Grows ever dependent on IT
- Is host to an abundance of Cyber-Attacks on Ports and Ships
- Does not have any ‘easy’ solutions
Contact us today for more information on this exciting solution!
CCPA – California Consumer Privacy Act 2020
Cyber Essentials – The UK Government’s basic technical specifications for cyber security
DPA – Data Protection Act 2018
DPO – Data Protection Officer
GDPR – General Data Protection Regulation 2018
IASME – An accreditation body and a data privacy standard that incorporates Cyber Essentials and GDPR with Information Governance
PECR – Privacy and Electronic Communication Regulation 2003
PCI DSS – Payment Card Industry Data Security Standard