Swell Blog

Iaian Archibald May 21, 2019

Ransomware and Recreational Boating: Marinas and Waterfronts are Vulnerable

highly-critical-vulnerability-sensorstechforum

 

In 2017 Swell Advantage was accepted into the first cohort of the Port of San Diego's Blue Economy Incubator. Last September the Port started to request copies of some of the contracts that we signed and reports that are part of the incubator. It was strange to get these requests from a partner organization, and even stranger to get the requests from an organization like the Port. Unlike some messy bureaucracies, the Port of San Diego is a very well run organization with a professional staff who obviously take pride in their work.

By the second request we knew the Port of San Diego had been hit by a major ransomware attack.

Ransomware is malicious software that encrypts data on a server making the data inaccessible, or shuts down a locally hosted software program. The hackers then demand a ransom in exchange for releasing the data back to the attacked organization, not making the data public or turning the management system back on. In 2018 there were over 300 million ransomware attacks globally.

We mostly hear about ransomware attacks impacting municipalities but the vast majority of attacks are aimed at private businesses. We don’t hear much about these attacks because businesses often pay the hackers instead of fighting. Most municipalities are mandated to report attacks to the public and fight the attacks. Hackers are smart in that they generally ask for an amount of money within the businesses ability to pay. Business pay because they are understandably worried that if news gets back to customers it will seriously impact the health of the business.

Most marinas and waterfronts are susceptible to ransomware attacks because poor IT infrastructure and old management software dominate the industry. The base code for most systems used by the industry were built 20 years ago. These off-the-shelf systems are hosted locally on marina computers, often a server in the basement. The combination of old programs running on old IT infrastructure is a prime target for ransomware.

So why has the industry been so late at adopting new cloud based systems designed to mitigate ransomware attacks?

Software systems have about a ten year shelf life. After ten years they struggle to integrate with newer outside systems, they don’t fit modern work processes and aren’t optimized for new hardware. A present day example is we now expect to be able to access or interact with larger software systems remotely from our smartphones. The reach of systems also change with modern marina systems like Swell designed to directly interact with boaters in the marina.

Most of the systems that support marina and waterfront operations were built in the late 90’s or early 00’s. The 2008 recession had a severe impact on the recreational boating industry. As people sold their boats marinas saw vacancy rates sore. Many were in survival mode with capital expenditures allocated to keeping docks afloat and core employees employed. Few had the funds or mental space to purchase a new software system for the facility.

Now that the industry is mostly recovered, a new generation of marina and waterfront managers are coming in who expect a modern user experience and modern data security features from their management software. Keeping boater’s data safe should be a top priority when looking at new software systems.

The easiest way to protect operations, and boater’s information, is to invest in a cloud based system with end-to-end encryption. Cloud based systems use server farms run by companies like Google and Amazon to host the software. The software and data are stored in little pieces with many copies all around the world. The user then has it all pieced together by the software program based on user request and then access the software over the internet. The nature of these modern programs mitigates a lot of the threats posed by malware and ransomware. Modern encryption and data management best practices does the rest.

Although late to the cloud based party, there are an increasing number of software companies providing modern, cloud based marina and waterfront management software options. Here at Swell Advantage we’ve applied over a decade of keeping deep research and military data safe in building the Swell Advantage marina and waterfront management software system. We host Swell on secure Google Cloud servers and employ industry leading end-to-end encryption.

If you’d like to learn more about how to protect your operations and customer data from malicious software, and how we protect against malicious employee actions, please reach out. We’re always interested in talking marina or waterfront operations and data security.


Swell Advantage is a marina, waterfront and dockyard management software company based in San Diego, California and Halifax, Nova Scotia. Swell Advantage’s co-founder and CTO managed infrastructure for one of Canada’s top universities including managing data security for thousands of students and sensitive research projects. After that he went on to build data products for the Canadian military. For more information about Swell Advantage please reach out to us by calling our toll-free line at 888-908-7858, or by e-mailing info@swelladvantage.com.