As we near the end of 2025, we close a chapter on a year of dramatic change in the cyber security industry. Ongoing advances in the field of generative Artificial Intelligence (AI) have changed the threat landscape, raising the stakes for industry participants and software providers alike. We find ourselves in an era where the barrier to entry for threat actors has dropped substantially, and at the same time geopolitical tensions are at an all-time high. 

The maritime industry plays a vital role in the underpinning of global commerce, energy security, and the trading relationships between nation states. The stakes have always been high in our industry, and at Veson we invest heavily to ensure that our systems, and our clients’ operations are extremely well protected.  

We take immense pride in our work, and the results are reflected in a long list of accreditations, including ISO 27001, ISO 27017, ISO 27701, SOC1 Type II and SOC2 Type II for our various platforms. These accreditations are the natural byproduct of running systems at scale, with a highly professional team committed to operational excellence. Independent verification by third party auditors is one of the ways we demonstrate our commitment to cyber security; another is through our well-established reputation. 

In this article, I will describe some of the key techniques and technologies that we use to defend our systems. 

Regular penetration testing 

Threat actors are probing our defenses on a continuous basis, and it is only fitting that we do the same using highly-skilled, third party penetration testers. We use CYE Security – one of the best cyber security firms we have come across. They undertake formal penetration testing against all of our platforms every six months. The combination of frequent testing and exceptional cyber security skills means that we have a highly effective, virtuous feedback loop in place. If vulnerabilities are discovered, Veson responds rapidly and the cycle repeats. 

Well-defended backups 

One of the most common cyber threats we hear about is that of ransomware; cleverly crafted code with the capability to encrypt servers and backup files alike. Many companies have gone out of business in this way; either being unwilling or unable to meet ransom demands. The best defense against ransomware is to be properly prepared, and a critical part of that preparedness is to have well-defended backups. At Veson, we move backup files into a separate account, which is effectively air gapped from the rest of our production systems. If the worst-case scenario plays out and our systems are attacked, we can be certain that client data remain fully recoverable. 

A disciplined approach to security updates 

On a monthly basis, the Veson engineering team undertakes the process of rebuilding and replacing our servers. Rather than applying security updates to dozens of machines, we choose to replace those machines entirely. Our servers are described using infrastructure as code (IaC), enabling large server fleets to be rebuilt quickly, consistently, and with minimal human intervention. The latest security updates are automatically integrated into the new machine images. 

In an environment without this level of discipline, it is very easy to introduce configuration drift, or to have unaddressed security vulnerabilities in production. Neglecting to diligently apply security updates exposes an organization to far greater risk from viruses, ransomware and other attack vectors. 

Centralized logging and alerting 

For platforms as large and as complicated as those operated by Veson, centralized log aggregation and alerting capabilities are paramount. VPC flow logs, application logs, and web server logs are brought together in one place, allowing for real-time monitoring. Automated alerts are configured to contact our engineers in the event that anything looks suspicious. In the near future, we will be rolling out additional monitoring capabilities powered by generative Artificial Intelligence (AI), which will further improve our ability to detect anomalous behavior. 

Multi-factor authentication 

Multi-factor authentication is a baseline requirement at Veson. We mandate MFA across all internal systems to protect against the possibility of an employee’s credentials being compromised. We also strongly recommend that our clients use MFA in conjunction with our platforms, as well as their internal corporate systems. In an era where phishing emails are becoming more elaborate, browser password caches are being hijacked and hashes can be cracked in a matter of seconds, mandatory multi-factor authentication is simply common sense. 

The measures described in this article are just a small sample of the cyber security measures we have in place at Veson. In 2026, we can be sure of one thing: the pace of technological change isn’t going to slow down. We look towards the new year with a sense optimism and confidence, with highly-skilled engineers, well-defended systems and industry-leading practices in place to secure our path forward.