Publisher of the S)One portal, Soget has drawn up a report on the "Cyber" threat to logistics chains and ports, in conjunction with Anssi, Gras Savoye Dero, Willis Towers Watson and Haropa-Le Havre. His webinar on 15 September focused on collaborative approaches and the importance of the human factor.
The global costs of cyber ransom attacks have risen from USD 325 million in 2015 to USD 11.5 billion in 2019 and are expected to reach USD 20 billion next year. These figures cited by Jérôme Lees de Gras Savoye Dero make the cyber threat the most feared by companies today.
Due to a lack of awareness of this risk, a lack of training and awareness, the main source of exposure would be human negligence (66%) ahead of external threats (18%).
For Jean-François Vanderplancke, digital security delegate for the Normandy region of the National Agency for the Security of Information Systems (Anssi), in the logistics and port sectors, the aims of cyber attacks are "lucrative, sabotage and espionage".
This is an opportunity for the Anssi to reiterate its message to the companies that are victims of these acts: "never pay ransom" at the risk of "appearing on the list of good payers, with no certainty of recovering the stolen data".
Competitiveness and attractiveness at stake
In France, Anssi states that it has worked with around thirty logistics companies and the port world between 2016 and 2020. Faced with this growing phenomenon, the players in these sectors are getting organised. Haropa-Port of Le Havre, which was one of the first ports in the world to obtain ISO 27001 certification for its information security management system in June 2010, is proof of this.
Enumerated by Jérôme Besancenot, head of the information systems development department at the Normandy port, several governance, steering and continuous improvement tools have since been deployed: "risk reduction plan, information systems security policy, IT charter, business recovery and continuity plan, regular audits and stress-tests to assess the robustness, protection and resilience of our information systems. Cybersecurity is part of our strategy. It has become a factor of attractiveness and a challenge for competitiveness".
However, Jérôme Besancenot acknowledges that, in order to be optimal, this strategy must be "collaborative and collective at the level of the port community". The Port of Le Havre has taken this step by creating a "port and maritime cyber security" platform, which also brings together Soget, the local port community via UMEP, Airbus and Synerzip LH.
In addition to these prevention and protection measures, insurance companies are refining their offers against cyber risk. Their policies can cover "crisis management, legal and administrative costs, as well as the coverage and repair of damage and impacts due to an attack", says Guillaume Deschamps of Willis Towers Watson.