Increased security awareness on board

How Secura and the Rijksrederij increased security awareness together

The Rijksrederij - manager of more than 100 government vessels - is constantly working to strengthen their cybersecurity. Human behavior is crucial for security on seagoing vessels; for example, addressing unauthorized persons. Secura and Rijksrederij worked together to achieve this goal.

Getting hacked? That won't happen here

The Rijksrederij is the part of Rijkswaterstaat that ensures safety, livability and accessibility on Dutch waters. Sophie Jellema, psychologist and security consultant at Secura, was involved in an awareness and safe behavior program for the organization's deep-sea vessels. The goal of the program: to make people aware of their behavior and to enable them to behave more safely, both in the office and on board.

On board the ships, many employees experienced cybersecurity as a distant concept, says Jellema: 'When we started, employees said: being hacked? That doesn't happen here.'

Experiencing risks through mystery guest

'During our program, we try to have people experience why cybersecurity is important so that they change their behavior,' Jellema says. One way to allow employees to experience risks is a mystery guest assessment: a social engineer from Secura visits a location to determine how employees react to unauthorized visitors. Jellema conducted such a survey for the National Shipping Company and was able to gain access to the engine room as a social engineer.

Boat shows on cybersecurity

The findings and photos from Jellema's mystery guest investigation impressed other employees of the Rijksrederij. They were able to see these photos during so-called "boat shows" (instead of the standard "road shows"): interactive presentations on board, about the importance of cybersecurity. "During one of these presentations, for example, I said, 'It's really praiseworthy that you are so enthusiastic about your ships.' But hackers with malicious intent can take advantage of that.'

The boat shows had an effect, says Jellema: 'People responded, 'I never reported this kind of thing, because I didn't see the point and I didn't know what would happen with my report. But now I understand the risks much better.' I certainly wasn't left alone on a ship after that, either.'

Results: increased security awareness

What are the results of the program? Jellema: 'We conducted an effect measurement and saw in almost all areas that not only security awareness has increased, but also that the behavior of employees has changed. For example, addressing unauthorized persons has increased by a quarter and visitors are properly supervised when they are on board.'