The challenges of cybersecurity and cyber resilience in the Supply Chain

November 3, 2020

According to Gartner, by 2020, 100% of companies will be asked to report to their board of directors on cyber security and technology risks at least once a year, compared to 40% today.

"All connected, all involved, all responsible" ANSSI's slogan in 2019 On the way to global security.

According to Gartner, by 2020, 100% of companies will be asked to report to their board of directors on cyber security and technology risks at least once a year, compared to 40% today.

In the age of digital transformation, network security has become one of the company's top priorities. Considered one of the fastest growing forms of crime, this threat remains little known. Indeed, information system (IS) security encompasses a wide range of threats whose causes and effects are rarely well understood by companies and therefore poorly addressed. However, the effects of a cyber attack, technical failure or human negligence can seriously affect an organization's operations. It is imperative to establish action plans for all measures to protect against these cyber threats. internal as well as external risks.

However, in a connected world where the volume and concentration of digital data and transactions is increasing rapidly, exposure to the risk of cyber attacks is increasing. The security of critical operations, transactions and data now extends beyond the walls of the enterprise.

Cybersecurity, a necessity in the Supply Chain

The supply chain is increasingly in the line of fire of cyber attacks. Every link in the supply chain, i.e. carriers, logistics providers and collaborative platforms are not immune to threats and the consequences can be disastrousfrom a monetary but also from an operationalpoint of view.

Let us talk more specifically: here is a deciphering of two recent attacks on the giant CMA CMA CGM and the national maritime organization, both in September 2020. 

The CMA CGM organization was the victim of a cyber attack for ransom. The organization was allegedly the target of a trap set by Ragnar Locker ransomware, a known data encryption software. Over the past two weeks, CMA CGM and almost all of its subsidiaries have experienced significant malfunctions such as a pause in access to e-Commerce sites and certain booking and tracking functionalities. The Group has also announced fears of data theft.

Over the past four years, the world's four largest shipping companies have been affected by cyber attacks, particularly since the start of the Covid-19 pandemic. In this context, an IMO resolution on cybersecurity will enter into force in January 2021 forcing maritime administrations to verify that their International Safety Management (ISM) system covers these risks. An IMO that has itself experienced a "sophisticated attack" whose consequences could have been serious for the UN agency, which is responsible for 400,000 sailors still stranded at sea because of the traffic restrictions linked to the pandemic.  

This is not without mentioning the logistics giant Gefco, which has also been the victim of ransomware, an attack that penetrates information systems and is often aimed at a ransom demand. Luc Nadal tells us how they emerged stronger from this attack "by showing robustness and resilience" :

Confidence in a digital future that ensures the security of data and transactions and the protection of identity and personal data is essential to an organization's growth.

How to deal with Cybersecurity in the Supply Chain?

It should be noted that the more sensitive the information, the more important it is to secure it. Indeed, this security is composed of 3 parts: 

A Run part which aims to secure the operation of the Saas software to not lose any data and thus treat them with integrity. Some tools can be created upstream to prevent risks, detect threats, analyse threats and correct / fix them, reinforce possible technical failures or update existing procedures. The company's tools must be regularly updated to take into account the latest threats. A second part that focuses on the need to identify sensitive data and focus on its protection, particularly in the context of the DPMR, to ensure the correct use and protection of user data. 

Last but not least, there is the issue of cybersecurity. An organization's cybersecurity depends on the data protection requirements of the organization and its customers and suppliers. Indeed, it is not only a question of securing its own information system but also that of its subcontractors and even customer information. The regular evaluation of the level of security in order to be up to standard is essential to ensure a fairly high level of security. Certificates of conformity are defined by several standards, including the best known, ISO 27001. This security requires internal skills but also the help of trusted third parties, necessary to protect against a cyber attack.  

From the individual to the entrepreneur to large corporations, we are all targets of these attacks. It is therefore essential to make employees aware of network security within the company.

Best practices:

  • Collaboration for cybersecurity: strong collaboration between security and network teams or between access point and network management teams shows fewer weaknesses in the face of cyber attacks.
  • Implementing the "Zero Trust" to strengthen cybersecurity. As an example, Cisco recommends a Zero Trust framework to improve mobile phone security. This approach authenticates users, verifies devices, and limits where a user can go.
  • Test your response plan to prepare for a cyber attack. The notion of cyber resilience and therefore being able to bounce back quickly after a system attack is extremely important.
  • Integrate security into the organization's business objectives and capabilities
  • Investigate security incidents regularly and systematically

The security of connected objects is no longer a secondary discussion. Connected objects surround us, they're everywhere. However, hackers and cyber thieves know how to attack these devices to access data or industrial control systems. Manufacturers and IoT providers alike must focus on building secure, tamper-proof hardware with secure upgrades.  

As a SaaS Visibility Platform, we are implementing a number of measures to guarantee our customers an excellent level of service in order to protect themselves from this type of incident. Certain sectors in which we operate, such as the petrochemical industry, are all the more sensitive to these attacks and we are careful to protect our customers.

"In a pragmatic approach, Everysens has set up intrusion tests as well as an organizational audit on the ISO 27002 standard in order to secure our systems and those of our customers," explains Dai-Chinh Nguyen, CTO at Everysens. 

Want to learn more? Schedule a meeting with our team.