The challenges of cybersecurity and cyber resilience in the Supply Chain

March 8, 2024

According to Gartner, by 2020, 100% of businesses will be asked to report to their board of directors on cybersecurity and technology risks at least once a year, up from 40% today.

“All connected, all involved, all responsible” ANSSI slogan in 2019 EN route to global security.

According to Gartner, by 2020, 100% of businesses will be asked to report to their board of directors on cybersecurity and technology risks at least once a year, up from 40% today.

In the age of digital transformation, network security has become one of the key business priorities. Considered to be one of the rapidly growing forms of crime, this threat remains little known. Indeed, the security of computer systems (IS) encompasses a wide range of threats whose causes and effects are rarely well understood by companies and therefore poorly treated. However, the effects of a cyber attack, technical failure, or human negligence can seriously affect an organization's operations. It is imperative to establish action plans for any measure aimed at protecting oneself from internal but also external risks. against these cyber threats.

However, in a connected world where the volume and concentration of data and digital transactions are rapidly increasing, exposure to the risk of cyberattacks is increasing. The security of operations, transactions, and critical data goes beyond corporate walls today.

Cybersecurity, a necessity in the Supply Chain

The supply chain is increasingly in the crosshairs of cyberattacks. Each link in the supply chain, i.e. carriers, logistics providers and collaborative platforms, is no exception to threats and consequences can be disastrous from a monetary point of view but also from an operational point of view

Let's talk more concretely: here is a decryption of two attacks recently suffered by the giant CMA CMA CGM and that of the national maritime organization both in September 2020.

The CMA CGM organization was the victim of a cyberattack with ransom. The organization was allegedly the target of a trap by the Ragnar Locker ransomware, a known data encryption software. Over the past fifteen days, CMA CGM and almost all of its subsidiaries have suffered major dysfunctions such as a pause in access to e-Commerce sites and certain booking and tracking functionalities. The group also announced that it feared data theft.

Over the past four years, the world's four largest shipping companies have been affected by cyberattacks, especially since the start of the Covid-19 pandemic. In this context, an IMO resolution on cybersecurity will come into force in January 2021 forcing maritime administrations to verify that their ISM (International Safety Management) system covers these risks. An IMO that has itself experienced a “sophisticated attack” whose consequences could have been serious for the UN agency, which has under its responsibility 400,000 seafarers still stuck at sea due to traffic restrictions linked to the pandemic.

This is not without mentioning the logistics giant Gefco, which was also the victim of ransomware, an attack that penetrates information systems and is often aimed at demanding a ransom. Luc Nadal tells us how they came out stronger from this attack “by showing robustness and resilience”:

However, confidence in a digital future that guarantees the security of data and transactions and the protection of identity and personal data is essential for the growth of an organization.

How to understand Cybersecurity in the Supply Chain?

It should be noted that the more sensitive the information, the more important it is to secure it. Indeed, this security consists of 3 parts:

A Run part which aims to secure the operation of the Saas software so as not to lose any data and thus treat them with integrity. Some tools can be created in advance to prevent risks, detect threats, analyze threats and correct/correct them, reinforce possible technical failures or even update existing procedures. Business tools need to be updated regularly to take into account the latest threats. A second part that focuses on the need to identify sensitive data and to focus on its protection, in particular under the GDPR, to ensure the correct use and protection of user data.

Last but not least, is cybersecurity. An organization's cybersecurity depends on how demanding it and its customers and suppliers are in terms of data protection. Indeed, it is not only a question of securing your own information system but also that of subcontractors or even customer information. Regular assessment of the security level in order to meet the standards is essential to ensure a fairly high level of security. Certificates of conformity are defined by several standards, including the most well known, ISO 27001. This security requires internal skills but also the help of trusted third parties, necessary to protect against a cyberattack.

From individuals to entrepreneurs to large companies, we are all the targets of these attacks. It is therefore essential to make employees aware of network security in the company.

Best practices:

  • Collaboration in the service of cybersecurity: the very strong collaboration between security and network teams or between access point and network management teams shows fewer weaknesses in the face of cyberattacks
  • Implement “Zero Trust” to strengthen cybersecurity. For example, Cisco recommends a zero trust framework to improve mobile phone security. This approach makes it possible to authenticate users, verify devices, and limit where a user can go.
  • Test your response plan to prepare for a cyber attack. The concept of cyber resilience and therefore of being able to bounce back quickly following a system attack is extremely important.
  • Integrate security into the organization's business goals and capabilities
  • Regularly and systematically investigate security incidents

The security of connected objects is no longer a secondary discussion. Connected objects surround us, they are everywhere. However, hackers and cyber thieves know how to attack these devices to access data or industrial control systems. IoT manufacturers and providers alike need to focus on building secure, tamper-proof hardware that allows for secure updates.

As a SaaS visibility platform, we put in place a number of devices to guarantee our customers an excellent level of service in order to protect themselves from this type of incident. Some sectors in which we operate, particularly the petrochemical sector, is all the more sensitive to these attacks and we are careful to protect our customers.

“In a pragmatic approach, Everysens has implemented penetration tests as well as an organizational audit on the ISO 27002 standard in order to secure our systems and those of our customers.” explains Dai-Chinh Nguyen, CTO at Everysens.

Want to learn a bit more? Plan a meeting with our team.