In the transport and logistics sector, the list of companies which have fallen victim to cyber-attacks in the form of "ransomwares" is sadly getting longer by the day. Companies have nevertheless made considerable progress in deal with this kind of incident.
In 2017, a worldwide cyber-attack targeted a number of big companies. In the transport and logistics sector, Maersk and FedEx were among the ones which fell victim to the NotPetya ransomware. Since then, this kind of phenomenon has spread steadily to the extent that the American Treasury Department has just published a ransomware advisory which sets out the various sanctions which could be incurred by those who are tempted to facilitate the payment of ransoms on behalf of ransomware victims like financial institutions and insurance companies.
At the end of September, the transport and logistics sector came under attack again. The GEFCO group announced that it had been attacked, followed a few days later by shipping group CMA CGM. The International Maritime Organisation admitted that it, too, had been affected. This choice of targets raises several questions.
1/ Why are the hackers trying particularly to ransom the transport and logistics sector?
In this coronavirus period, attacking those who are second in line sadly makes sense for ill-intentioned individuals. The transport and logistics sector carries out vital missions and therefore needs more than ever to have fully operational IT systems.
In the annual Safety and Shipping Review it published in July, the Allianz insurance group indicated that there had been a 400% increase in attempted cyber-attacks in the shipping sector since the start of the coronavirus epidemic.
2/ Have we learned lessons from the 2017 attacks?
The answer is clearly yes. Investment in IT security has increased. Greater vigilance is being exercised. Specialists in combating malicious software have been recruited. In-house training in recognising and dealing with phishing emails is being provided and monitoring and intervention procedures have been set up in IT departments. In the major groups, this training has become obligatory in recent years, proving that management are taking the threat very seriously.
- Good to know: in France, national IT systems security agency ANSSI recently published a guide for companies and public bodies explaining how they should protect themselves against ransomware attacks and what action to take when an incident occurs.
3/ What have we learned from the 2017 attacks regarding business continuity plans?
When an attack occurs, the ANSSI says, it is important to cut off all communication with the Internet so as to prevent an Internet-based attacker having access to your IT system. It notes that this action can have major consequences on the activity of the organised concerned, including loss of access to certain external applications and external email contact, and that this will have to be dealt with at the same time.
In this area, improvisation is often still the order of the day. Personal email addresses are used, as are the social media. In emergencies, companies often use whatever means they have to hand to re-establish internal and external communications, particularly those involving customers. One company told us it brought back into service a good old fax machine after it came under attack in 2017. This may make us smile but the fax proved to be highly efficient during the company's crisis since it only made use of the telephone lines.
Not all small and very small companies have the resources to invest in elaborate security systems. So, at the risk of appearing old-fashioned, I would be tempted to recommend having one fax machine in each department, ready to take over rapidly from digital systems in cases of emergency. We should not forget that we need to be highly reactive in the transport and logistics sector.