2nd mci webinar - maritime insurance answers | shoreline ltd
TRANSCRIPT
THE SUCCESSFUL MANAGEMENT OF A
MARITIME CYBER ATTACK –EXPERT RESPONSE
PRESENTERS
Laetitia FouquetGlobal Head of Cyber
Oliver HutchingsManaging Director - Marine
Nicholas TaylorConsultant - Shoreline Ltd
Maritime Cyber Risk and Solutions
MCI Objectives
Introduction to CTA
Debunking myths about cyber
What is Incident Response Management?
Case Studies
MCI as an aid to compliance
Q & A
Shoreline MCI Webinar September 2020
The Maritime Cyber Attack Landscape
Sunday Times Interview with retiring GCHQ CEO, Ciaran Martin
“What keeps me awake at night is worrying about the
damage a rogue, state-backed or stateless criminal group
could do with a cyber-tool they don’t fully understand and
can’t control once they have launched it”
MCI Objectives
Aiming at:
• SME ship owners and operators
• The entirety of their operations – on land and at sea
• The financial losses suffered following a cyber or cybercrime attack
• Policy provision of immediate access to responsive service upon the discovery of an attack
• Embedding the responsive service into owners’ contingency plans and remediation strategy
About Charles Taylor Adjusting
Cyber Incident Response Team
Long-term relationships with insurers, brokers and panel vendors
Enabling efficient response to minimise negative impact on policyholders’ operations
In-house business interruption specialists and forensic accountants with knowledge of cyber-related BI
Expert support from our Marine team with expertise in: Adjusting including Average Adjusting, Surveying,
Technical and repair services for Marine Liability, Ports & Terminals, Yachts & Cargo
6 years experience in cyber programs
55+ adjusters
Global reach and multilingual response
300 claims each year
Responses include ransomware to major global data breaches.
From SME to big corporations.
Involved in cross border and major loss events
Debunking myths
It only happens to big companies and SME are not the target.
Other industries are more at risk, such as financial institutions or
manufacturing.
The risk is mainly financial and onshore.
Cyber is only an IT issue. My antivirus software is enough protection against cyber losses.
Paying the ransom is the best solution, and we can restart immediately once this has been paid.
We don’t hold valuable data/we have good backups, so we know we can get all of our data back if attacked.
Staff use corporate devices, we have a VPN and our WiFi is password protected, which protects
all communications.
We do social engineering training, so our staff can’t be fooled.
Our own IT department / vendor put the system together, so they know how to support us in case of an attack.
What is Incident Response Management?
Insureds’ internal plan to detail
• Key responder
• Mobilisation plan etc in case of a
major event
• Activating the Incident Manager (IM) at CTA to provide support
and access specialist resource
CTA coordinates support from vendors from the first call and leads remediation strategy
Time is critical to minimising financial losses & reputation harm
Notification to Cyber Incident Management
Centre
Incident Manager
conducts Triage Call
IM & Experts remediate the
incident
IM arranges experts on
Insured's behalf
Canopius issues coverage position
IM issues 48 Hour Report to
Canopius
Within 2 hours
IM requests confirmation of insured status from Canopius
IM sends WP letter to Insured
Canopius confirms status
to IM
Within 24 hours
Canopius directs IM as needed
Within 3 days
Emergency Escalation
Case Study 1: Offshore – Ransomware
Background information
• Crew member brought in “pirate” films on a USB key
• PCs in engine control room and bridge compromised, one of ECDIS systems not working (constant reboot)
• No immediate ransom note
• Ship approaching the harbour with pilot sent onboard
• The master reaches out to IT Manager for diagnosis
• Vessel berthed and cargo discharged
• Remediation / charts re-loaded / re-testing systems
Shoreline MCI Webinar June 2020 2020
Case Study 1: Offshore – Ransomware (continued)
Work done
• Discovery of a core compromise with backdoor for continuous attacks
• IT forensics costs for cleaning the systems
• Restoration costs for the lost data
• Adjustment of Business Interruption claim
Lessons learnt
• Benefits of a ship not equipped with a navigation or power management
system connected to the internet (offshore/onshore transmission)
• Need for BYOD policies & training of staff on bringing potentially corrupted
equipment on board
• Benefits of strong back up policy
• Get the right people in early to avoid repeated issues
Shoreline MCI Webinar June 2020 2020
Case Study 2: Data Breach
Background information
• Notified as a Social Engineering Fraud with no apparent security breach
• Insured was using O365 for email communications
• Forensic analysis showed email account had been compromised
Work done
• Vendors appointed to investigate
• Difficult compilation of accurate data which included direct clients and
other parties + across jurisdictions
• Potential complaints: compensation payments covered
Lessons learnt
• Importance of questioning initial findings of Insured’s IT
• Ensuring data subject notifications are issued accurately + with minimal
delay
Shoreline MCI Webinar June 2020 2020
Case Study 3: Onshore – Ransomware
Background information
• Ransomware affecting logistics systems .
• Demand was accompanied by threat to double if not paid in time.
• Access to critical business information blocked.
• Insured was keen to pay the ransom to resume normal work
Work done
• Recommended a panel IT vendor to confirm if the backups could be used
• Panel IT vendor negotiated payment of Bitcoin ransom
Lessons learnt
• Data was considered critical for the continuity of the business
• The importance of continuous and remote back-up routines
• Appropriate support is required to validate and minimise the loss
• Paying the ransom is just the beginning
Shoreline MCI Webinar June 2020 2020
Case Study 4: Social Engineering
Background information
• Chain of emails for a large transaction had been breached
resulting in a fraudulent payment: intrusion confirmed
Work done
• IT forensics to investigate origin of the intrusion: identified as a
sub-contractor
• Lawyers appointed to
• investigate potential liability
• assess viability of recovery action
Lessons learnt
• Importance of questioning findings of sub-contractor
• Potential cross-over between Cyber and Crime Policies.
• Avoided complaint & managed reputational damage but also kept
costs under review
Shoreline MCI Webinar June 2020 2020
Accessing the best resource for the type of attack experienced
IT Forensics & Remediation
ID Protection
Public Relations
Compliance
IMO Resolution MSC.428(98) in force 1st January 2021
Documents of Compliance will require evidence of readiness
Response/mitigation procedures which integrated into MCI can also be built into SMS
Why MCI? Answer: Design, Cost and Service
• Shoreline’s MCI policy provides comprehensive coverage in a modular format enabling delivery of cover within budgetary requirements
• Shoreline has control over pricing and service for its SME shipowner clients, thereby guaranteeing a prompt and efficient client service
• Support service is central to the value of the product Shoreline offers: the response agent – CTA – is written into the policy as an integral part of the purchase
• Shoreline has the integrity, experience and track record as a proven independent provider of specialist marine products to an established client base
QUESTIONS
Shoreline MCI Webinar June 2020
FIND FURTHERINFORMATION AT:WWW.SHORELINE.BM
Capt Thomas [email protected]+1 (441) 505-1002
Shoreline MCI Webinar June 2020
Nick [email protected]+ 44 7770 866 530