Speak to the Team

Sedna needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Email is the number one attack surface for cybercriminals. Here’s why secure communications are key to protecting the maritime industry

Today’s maritime organisations operate in a time of extraordinary technological innovation - with digital advancements continuing to open up new markets and bring sweeping gains in growth and efficiency. 

Transformations such as digital working, highly-connected supply chains and increasing cyber-physical systems have been immense opportunity drivers. Yet they have also ushered in an array of new risks, in the form of destructive, and ever-evolving, cyber attacks.

The maritime sector—in its role as the backbone of global trade—has increasingly become a lucrative target for cybercriminals who seek to disrupt vital operations for financial, political or operational gain. 

Highly-skilled adversaries are adopting artificial intelligence (AI) to exploit business blind spots, while ongoing geopolitical and macroeconomic volatility has contributed to a threat landscape that is continually perilous. 

With the growing risk of information or systems being corrupted, lost or compromised, maritime organisations need to be ahead of the curve.

Ransomware remains the weapon of choice for cybercriminals focusing their firepower on shipping and offshore enterprises. And email—the gateway to business communications— the adversaries’ primary attack vector. More than 90% of cyber attacks originate from email making it the single biggest cyber threat to organisations across all sectors and sizes.

This makes secure communications absolutely critical if maritime organisations are to avoid the kind of cyber attacks that may not only bring devastating financial and reputational repercussions, but also risk permanently sinking their operations.

Maritime: In the crosshairs of the world’s cyber adversaries

Maritime cyber attack statistics make for sobering reading: recent reports indicate a 400% increase in weekly cyber events, driven by agile ransomware gangs and a focus on supply chains. 

The average ransom paid by cyber-targeted shipowners is now more than $3 million - while 2021 statistics showed that attacks in the valuable Asia-Pacific region had risen by 168%.

This past year has not only brought the worst phishing volumes on record but steep rises in social engineering attacks. Not to mention the one billion malware programmes that are now circulating across all industries.

Furthermore, seven of the world’s top container carriers have acknowledged being victims of cyber attacks, and even the International Maritime Organisation (IMO) has seen its systems compromised at the hands of online intruders.

Several factors make the maritime sector particularly vulnerable to cybercrime. First, there’s the ageing infrastructure of many fleet vessels, potentially running outdated and unsupported software. And there’s the interconnectedness of shipping’s physical/digital systems, making intrusions harder to mitigate.

Cyber adversaries have also learned that not only do shipping companies have substantial liquidity, but that it’s not unusual for maritime customers to transact single invoices worth millions of dollars - making them high-value targets.

Plus, the dangers of a cyberattack can bring down a whole ocean freight supply chain: what may happen to data upstream could dramatically affect the flow of goods (speed, quality etc) further downstream.

To some extent, the industry has been slower to build up resilient technology systems than other industries, making it more vulnerable to threats.

Why secure maritime comms is an organisational imperative 

Like many industries, maritime is undergoing significant digital transformation. Yet the increased connectivity of vessels, and adoption of smart systems to facilitate the real-time management of global shipping, have not only resulted in a massively widened attack surface, but also a torrent of data.

Recent studies show a 131% year-on-year increase in maritime data usage associated with business operations - producing not only a spiralling number of points of potential compromise, but also considerable noise that impairs enterprise performance and security.

While most attacks have focused on compromising ports and on-shore corporate networks,  

hackers have demonstrated their ability to remotely target vessels, deploying malware or ransomware via compromised emails before moving laterally across a ship’s networks to penetrate marine systems. 

Human error or misjudgment—such as clicking on an emailed phishing link—lies behind 95% of successful cyber breaches, and ramifications range from the disruptive to the frightening. They include major operational delays and the potential of ship collisions due to the loss of navigational control.

The maritime sector faces increasing cyber regulation

Shipping companies’ IT and Operational teams are now keeping up with the pace of change of technologies, the threat of cyber hacks, and knowing how and what tools to have to protect their systems and their employees.

At the same time, national governments and the IMO are also keeping abreast of the latest tech and cybersecurity developments and developing guidelines and regulations so that the maritime industry can keep up and have an in-depth understanding of what’s changing.

For example, compliance requirements are increasing as the maritime sector endeavours to address its cyber shortcomings. Shipowners and operators are now obliged to comply with the IMO’s 2021 resolutions relating to Maritime Cyber Risk Management, with flag state authorities, like the US Coast Guard, actively enforcing these requirements. 

Container shipping organisations have similar cyber requirements, while tanker operators increasingly require cyber-focused TMSA 3 accreditation to obtain charters.

Meanwhile, the International Association of Classification Societies recently published new  E26 and E27 regulations, making cyber requirements compulsory for ships and offshore installations constructed from January 2024 onwards - and there are hefty fines for non-compliance with GDPR stipulations, should personal data be compromised.

Building a watertight communication platform for maritime

Our data-driven communication platform is known for its AI-powered features and technology integrations that transform inboxes; making data more visible and optimising email operational workflows to power efficiency and profit. 

In addition, our security features provide a strong, compliant and robust base for our customers to fend off cyber attacks.

Here at Sedna, we live and breathe maritime, logistics and the broader supply chain, with our in-house experts holding decades of experience working in various positions across the industry. 

Our hyper-focus means we understand the industry problems—and also their security risks —so when building and enhancing Sedna we’re taking into account a whole suite of industry-specific considerations.

Recognising that email protocols were built decades ago, without today’s security landscape in mind, we have made cybersecurity considerations one of our primary focuses. 

From the start, Sedna is ‘secure by design’. Sedna’s foundational security principle is also the primary focus of its platform - by dramatically reducing email, you reduce the number of touchpoints for a potential cyber breach in the first place. As an example, Sedna’s customer Viterra, one of the largest global grain handlers, reduced internal email volume by 95% by using our platform. Reducing email by these volumes means less opportunity for attacks, and higher probability of spotting phishing attempts.

Plus, our customers’ default experience with Sedna means that all of their data stays 100% private. Sensitive data remains securely stored in the Sedna environment and it is owned by them, a key part of our overarching philosophy and contractual commitments.

We’re also certified to ISO 27001 standards - regarded as one of the world’s most rigorous global accreditations for security assurance.

Our platform’s cloud-based hosting enables all of the expected security and stability features such as automated data back-ups, high availability document storage, targeted data encryption, and multi-location redundancy - helping to protect accounts and data from unauthorised access. But, moreover, we view our cloud approach as a key factor in scaling to meet changing security risk and requirements. 

We work directly with solution architects at our cloud providers to design and build solutions that take redundancy, resiliency, and alerting to new levels. For instance, Disaster Recovery prep in a cloud environment requires new ways of considering attack vectors, entry points, and level of redundancy. And critically, working on the cloud also means that we can monitor for new potential attacks and implement monitoring and alerting almost instantly across our global network.

Sedna is built for enterprise user control as well, with a Single Sign-On (SSO) system that dramatically reduces opportunities for data breaches by requiring just one set of credentials and saving time throughout the day. We also take advantage of our network, providing users with additional verification data when receiving messages from approved senders.

And then there’s the fact that our core partner integrations—whether to third parties like IMOS or other countless maritime-specific platforms—are built to reduce the need for switching between systems. This not only saves hours a day, but also reduces the need to forward data to other employees (decreasing opportunities for interception). Plus, critical to this is our commitment to data privacy. With any use of Sedna, data is just that - their data. The information shared when using the platform is owned by our customers and will never be sold onwards by Sedna to any third parties or outside companies. 

Taking security to the next level

In my opinion, two features in particular put our communications platform in a class of its own.

One is the pioneering Personable Identifiable Information (PII) Redaction feature - a tool that scans emails and flags them to be either redacted or deleted after a set period of time.

Many emails contain sensitive or confidential information, such as bank account details addresses, birth dates and phone numbers - which, if compromised in a cyber attack could lead to fines or even criminal charges under regulations such as GDPR, CPRA, and HIPAA. 

PII Redaction tools, backed by cutting-edge AI models, can ensure automatic, accurate compliance for email data by stripping confidential or sensitive data automatically.

This is a tool we launched earlier this year and I’m not aware of any other email client that has this out on the market.

We have plans in the future to get to the point where we just retain the purpose of the email—the PII information—while stripping the content out, meaning that even if an attacker accesses a system, they can’t get to anything important. We see this as the tip of the iceberg in regards to providing functionality to proactively identify and manage PII, including giving users more control to understand what data is coming through email and how best to manage that data securely, and remove it when it is no longer needed.

The other is the ‘Verified by Sedna’ feature. 

This is a quick and easy visual way for Sedna users to have confidence that incoming messages originated from a verified Sedna customer through showing the sender’s company logo. This facilitates an extra level of info-security and trust between email recipients and is the first in a long line of planned features to take advantage of the fact that many of our customers are conversing with each other We see future functionality to further improve 

If we can build features that allow maritime communication to happen faster, easier and in a more secure format—and improve the industry’s cyber resilience in the process—we see that as a win for everyone.

Keep every voyage on course

Sedna helps shipping teams stay in control, resolve faster, and scale execution with confidence.
Call to action banner encouraging shipping teams to request a Sedna VMS demo