Unseen threats at sea: How Igors Garis Koni is shielding maritime firms against cyber attacks

A typical day at work for Mr Igors Garis Koni can feel like navigating a battlefield, only in the world of cybersecurity.

In his key role empowering public sector organisations to fight cyber threats using Google Cloud Security solutions, anticipating and thwarting attacks from invisible threat actors is par for the course.

It’s a high-stakes job, particularly when dealing with increasingly sophisticated maritime cyber risks today.

These threats are composite in nature, points out Mr Koni, who heads Google Cloud Security’s Public Sector in the Asia-Pacific and Japan. Maritime players often face cyber risks that are inextricably intertwined with geopolitical events, high-level state interests, as well as global supply chain and trade flows, he says.

As part of an interview series with people shaping the maritime industry, Mr Koni shares his insights on defending the region against cyber risks.

What experiences have prepared you for your work in cybersecurity today?

My early career in Sweden and London was in engineering and telecommunications. In 2014, the opportunity arose for me to join Cloudmark, an enterprise security solutions start-up. Unexpectedly, the work aligned with my interests – and I’ve never looked back since.

In the early days, many companies entrusted tasks like safeguarding against data breaches, hacks and viruses to the IT department.

Over time, organisations and governments began to recognise that cybersecurity and IT are adjacent but separate functions. This field started to grow rapidly and I built up my specialisation in cybersecurity over the next decade.

As a child, I loved tactical computer games. I draw parallels between that and my role today in empowering organisations to create a “Cyber Shield” against increasingly sophisticated threat actors.

The difference between my childhood warfare games and my work today is that there is no “reload and reset” button in real-life cyber warfare. Mistakes and failures to eliminate threats can have catastrophic consequences.

For example, GPS spoofing and jamming have the potential to severely disrupt global supply chains and may even involve human hostage situations.

How is Asia’s maritime industry girding up its cyber defences, especially for small enterprises caught in the digitalisation gap?

The maritime industry has been slower to integrate cybersecurity as a business priority compared to industries like finance, despite facing significant composite cyber-geopolitical risks.

These risks need to be addressed through a unified cyber defence for all ecosystem players. A critical part of success will involve establishing centralised cyber risk monitoring centres to offer state-of-the-art cyber protection to smaller businesses at a reduced cost.

Singapore is leading the way on this front: the Maritime and Port Authority of Singapore (MPA) has ongoing initiatives to strengthen centralised cybersecurity functions, and to deliver proactive monitoring and threat detection to smaller entities.

How is the maritime industry leveraging digitalisation and Artificial Intelligence (AI) to boost its cyber resilience?

Cyber criminals will orchestrate more and more AI-powered cyber conflicts across all industries, including the maritime sector. The speed and velocity of such threats continue to surprise me. AI operators, rather than humans, will play an increasingly important role in perpetuating such attacks.

This is significant for maritime players as cyber threats will no longer be geographically bound – they can come from anywhere around the world and impact shipping routes and ports in the region.

The maritime public and private sectors will need to leverage AI more efficiently to defend themselves from AI-powered threats with speed at scale.

What personal values have shaped your work and outlook on life?

Humility is one value I’ve learnt as a child listening to my late grandmother’s stories about the hardships she experienced growing up in the 1900s. Our generation enjoys so much more today compared with what our parents and grandparents had. This perspective adds a level of humility to how I view situations today.

I value exploring and understanding new perspectives. I moved to Singapore from Europe in 2019, and I’ve been humbled by my knowledge gaps here: one can live in Asia for five years and still have a lot to learn about its diverse cultures and traditions.

What are some insights you have gleaned since moving to Asia?

Countries in Asia are geographically and culturally further apart compared with a region like Europe, which is more homogenous. To do business in Asia, you will need a deeper understanding of the different practices across many countries.

For organisations operating in Asia, there is significant value in setting up regional centres – say, three or four – to cover this vast region.

For instance, if your organisation is considering how to adequately understand and mitigate maritime cyber risks across Asia, it can be good practice to locate central cybersecurity functions in several country hubs, rather than spreading out small teams across every market.