Matthew Roberts is one of the most interesting minds in the superyacht cyber security field, we have shared his articles before, in his latest article on LinkedIn he mentions that having recently attended the Superyacht Charities Golf Event, he considered the links between golf and cybersecurity! Read on here, its a great read, the original version is here :
Two and a half years ago when I changed careers and joined Riela Cyber, I would have said my ‘cyber security’ handicap was approx. 30. (A golf reference, see below for more context). Having previously worked in IT and communications for the best part of a decade, I thought it was going to be an easy move. It turns out I was wrong, and my previous experience meant I knew next to nothing about cybersecurity. After daily learning and practice, I’ve probably managed to get my ‘#cybersecurity‘ #handicap approaching single figures, with lots more learning and practising ahead.
Whilst hacking it around last week (pun intended), I pondered between shots how golf related to cyber security. So, it occurred to me, when it comes to staying ahead of the game in both golf and cyber security, one key lesson is the importance of continually updating and improving skills. In golf, players must constantly improve their technique and adapt to new courses or obstacles. Similarly, in cyber security, those responsible for digital systems must stay up-to-date on the latest threats and technology to protect against attacks.
Both golf and cyber risk management require a strategic approach and the ability to make calculated decisions under pressure. Just as a golfer must carefully assess their surroundings and plan their next move, those responsible for cyber security must constantly monitor for potential threats and develop their countermeasures.
However, it all depends on the golfer’s skill level or, for that matter, the person responsible for cyber security.
In golf, we have a handicap system to help level the playing field and allow players to benchmark their skills with the aim of improving. (For those unfamiliar, the lower the golf handicap, the better!).
On Superyachts and across the yachting supply chain, what is the cyber security handicap of those responsible for cyber security? Onboard it’s typically the Captain or ETO/AVIT/Engineer, and ashore it’s the business owner, Director/s or IT manager.
Imagine if we could publish a ‘cyber security handicap’, like golf; what would yours be? What do you think you could do to improve your game?
Experience. Built up from playing a lot of golf over many years. Translation: Do you have relevant experience with digital systems and IT best practices? How could you gain more experience? Or are you better off focusing on your skillset and outsourcing this responsibility to a Pro?
Clubs. Have you purchased the latest and greatest carbon driver, or do you still have a wooden driver handed down to you from your great-grandparent? Translation: Are you still getting by with equipment that is now end-of-life (EOL)? You’re simply making do and hoping it won’t fail or become compromised because the security support ended years ago.
Coach. An external source that can offer a tremendous amount of experience and objectivity to help you with your swing. Translation: what third parties could help you address cyber security? Is it your current AVIT supplier, or would a separate pair of eyes with specific cyber security experience and qualifications benefit you more? Does the role of a caddy (AVIT supplier/someone involved in your operation/game) offer the same as a professional coach might (cyber security expert)?
Mental attitude. “The game of golf is 90% mental and 10% physical.” Jack Nicklaus. Translation: You can have all the latest hardware and security systems in the world without proper attention and maintenance, and without cyber security becoming a regular part of your psyche when making hardware changes or using new online software or changing providers or training crew/staff, you are setting yourself up to fail. You don’t know what you don’t know.
With enough time, I could think of more well-rounded analogies. None of those I’ve listed are perfect, but I hope my points have been made all the same.
Reflecting on what has happened in recent years, a tremendous amount of emphasis has been placed on the vessels and their management companies. This has largely been accelerated by the new industry guidelines.
However, it won’t stop there. In the years ahead, I expect the supply chain will come under much more scrutiny. Crew and Owner’s teams will start to ask more questions about how your business protects its connected assets and services, how is the yacht data held etc.
- Undoubtedly, the industry will continue to evolve the existing guidance, which I suspect will become law in the years to come. Until then, implementing cyber security best practices, such as regularly updating software and using strong passwords and good password management, can significantly improve an organisation’s overall security. These measures may seem basic, but they can go a long way in protecting against potential threats and breaches. It is essential for vessels and businesses to constantly assess and update their security measures to stay ahead of hackers (not just those hackers on the course the other week!).
Such simple measures, done persistently well, can take your cyber security handicap from 36 to 18 (that’s a significant improvement, for the non-golfer).
- Unfortunately, from where I sit and what I’ve seen this year alone, our industry’s average cyber security handicap is closer to 36 (the maximum handicap usually assigned to new players) than it is to 0 (a professional level). We are ALL responsible for doing better and should collectively be working to improve our industry’s cyber security handicap and hold each other to account.
For me, my time playing golf has been a journey. The same can be said about my time in cyber security too. I’m still very much on my journey with both, and I don’t see it stopping any time soon. There will always be something to learn and improve.
Taking cues from the dedication and constant improvement seen in the world of golf, it is vital that our industry applies the same methodology to cyber security and help protect this fantastic industry.