Evolving cyber threats are shaping new risks and causing disruption

April 16 ------ Marlink has explored how evolving cyber threats are increasing the risk of disruption across maritime, energy, enterprise and critical infrastructure sectors.

The “Cyber Intelligence Report for Remote Operations 2026” report reveals evolving cyber risk driven by user credentials and human error. Analysis of real-world incidents shows attackers are focusing on structural weaknesses across connected and distributed environments. Based on continuous monitoring from global Security Operations Centers (SOCs) and more than 200 cyber security assessments, it identifies a clear shift in how attacks occur, with key findings including:

Key findings

• IT/OT convergence creates structural exposure

In 2025, around 60% of assessed sites relied on shared IT/OT infrastructure, while more than 70% contained undocumented or poorly secured connections to IT or external networks. Between 30-40% of OT assets were initially unknown or undocumented, and fewer than 25% of organizations had clearly assigned OT security ownership.

• Ransomware continues to target operationally critical sectors

Leak-site reporting indicates that ransomware activity increased from 5,740 attacks in 2024 to 7,793 in 2025, with more than half affecting essential industries such as manufacturing, healthcare, energy, transportation and finance.

• Identity has become the primary attack surface

External attack surface monitoring shows that 69% of identified risks involved exposed or compromised credentials, compared with 12% linked to traditional vulnerability exploitation.

• Known vulnerabilities remain widely exploitable

Across 160 technical security assessments, 33% of infrastructure findings were classified as Critical or High severity, while 45% of web-application findings were High severity.

• Phishing remains a highly effective entry vector

Across multiple simulated phishing campaigns, approximately 20% of recipients clicked on malicious links, while 11% of those who clicked disclosed credentials. Only 11% of recipients reported the suspicious message, demonstrating that human-factor exploitation continues to provide attackers with reliable access pathways.

• Operational environments exposure patterns face distinct incident

Within maritime environments, investigations were distributed across maritime transport (41%), yachting (41%) and cruise operations (18%). Alerts were heavily concentrated in crew network zones (82%), reinforcing that user-facing environments remain the primary attack surface.

These vulnerabilities allow attackers to exploit trusted access pathways, making incidents harder to detect and increasing the likelihood of cyber-attacks resulting in network and operational downtime.

"Addressing these structural weaknesses requires more than additional tools. It demands an identity-first security model, stronger control of trusted access, and closer integration between cyber security and operational infrastructure. Measures such as multi-factor authentication, network segmentation across IT and OT, continuous monitoring, and targeted user awareness programs are critical to reducing exposure and improving resilience in remote environments," said Nicolas Furgé, President, Marlink Cyber.

Source: safety4sea.com