Increased security awareness on board
How do you make employees alert to unauthorized visitors on board? Secura and the Rijksrederij are working together to achieve this.
... > Social Engineering Awareness > How Secura and the Rijksrederij increased security awareness together
How Secura and the Rijksrederij increased security awareness together
The Rijksrederij - manager of more than 100 government vessels - is constantly working to strengthen their cybersecurity. Human behavior is crucial for security on seagoing vessels; for example, addressing unauthorized persons. Secura and Rijksrederij worked together to achieve this goal.
Getting hacked? That won't happen here
The Rijksrederij is the part of Rijkswaterstaat that ensures safety, livability and accessibility on Dutch waters. Sophie Jellema, psychologist and security consultant at Secura, was involved in an awareness and safe behavior program for the organization's deep-sea vessels. The goal of the program: to make people aware of their behavior and to enable them to behave more safely, both in the office and on board.
On board the ships, many employees experienced cybersecurity as a distant concept, says Jellema: 'When we started, employees said: being hacked? That doesn't happen here.'
Sophie Jellema during a presentation of the program's results on board one of Rijksrederij's ships
Experiencing risks through mystery guest
'During our program, we try to have people experience why cybersecurity is important so that they change their behavior,' Jellema says. One way to allow employees to experience risks is a mystery guest assessment: a social engineer from Secura visits a location to determine how employees react to unauthorized visitors. Jellema conducted such a survey for the National Shipping Company and was able to gain access to the engine room as a social engineer.
Boat shows on cybersecurity
The findings and photos from Jellema's mystery guest investigation impressed other employees of the Rijksrederij. They were able to see these photos during so-called "boat shows" (instead of the standard "road shows"): interactive presentations on board, about the importance of cybersecurity. "During one of these presentations, for example, I said, 'It's really praiseworthy that you are so enthusiastic about your ships.' But hackers with malicious intent can take advantage of that.'
The boat shows had an effect, says Jellema: 'People responded, 'I never reported this kind of thing, because I didn't see the point and I didn't know what would happen with my report. But now I understand the risks much better.' I certainly wasn't left alone on a ship after that, either.'
Ethical social engineer
People responded: 'I never reported this kind of thing, because I didn't see the point and I didn't know what would happen with my report. But now I understand the risks much better.
Results: increased security awareness
What are the results of the program? Jellema: 'We conducted an effect measurement and saw in almost all areas that not only security awareness has increased, but also that the behavior of employees has changed. For example, addressing unauthorized persons has increased by a quarter and visitors are properly supervised when they are on board.'
Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.
Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.