Cyber-attacks: Industrial companies, a prime target

Any company or public administration is now exposed to the risk of a cyber-attack. Since the Internet has invaded our daily lives to become an indispensable tool to which we have recourse both in our private lives and in the professional environment, the cybernetic threat has become omnipresent. Companies are therefore called upon to invest in cyber-security to avoid losses and shortfalls.

No one is safe from a computer attack: hackers can target individuals, companies whether small or large, but also banks and public administrations. And the resulting damage weighs increasingly heavily on victims: The global cost of cybercrime is estimated to rise by $5.7 trillion between 2023 and 2028, an increase of 70%. The cost of cybercrime worldwide is expected to reach no less than $13.82 trillion. Cyber-attacks do not, to tell the truth, have any particular “preferences” since they trap the vulnerable, that is to say the least protected. The risk is real anywhere, anytime, in any country in the world, including Tunisia.

Because many may estimate, wrongly, that because of the smallness of our economy, companies or the Tunisian administration are spared. Statistics show quite the opposite: the number of incidents declared to the National Computer Security Agency (Ansi) literally exploded during 2022, increasing by more than 146%, from 63 thousand incidents in 2021 to more than 155 thousand. Taking many forms, computer attacks ravage everything: companies of all sizes, banks and administrations.

The financial sector, the least targeted?

In 2020, the losses caused by cyber-attacks, at the level of companies, were evaluated at more than 1 billion dinars. Against all expectations, it is not the financial sector which is the most affected, but it is the industrial sector which has borne the brunt of the recent waves of attacks. Moreover, these figures are in perfect harmony with the trends observed at the global level: according to the Statista site, in the world, public administrations and industrial units are the most affected by cyber-attacks, the finance sector being among the most spared. “In finance, security is all that banks and financial institutions offer their customers. This is their added value. They invest a lot of money in securing data, information systems… and have well-crafted IT security strategies. It’s the same, everywhere, in all the countries of the world, including Tunisia,” explains Dhia Eddine Saidi, a computer engineer at a Tunisian bank, in a statement given to The Press. And to add: “The success of financial institutions is measured by the trust that customers place in them, it is their DNA. The cyber threat is integrated into the calculation of the operational risk of banks. It is therefore calculated, estimated, budgeted… This explains why the financial sector is not the most affected. But that doesn’t mean it’s the least targeted! Logically, it would be the sector most targeted by hackers, but it is the success rate of attacks that is low there. And this is due to the efforts made by these establishments in terms of cyber-security”.

According to statistics published by ANSI, 13% of incidents handled in 2022 concern “ransomware”. This is malicious computer software, through which hackers take the data of the attacked company or organization hostage. The “ransomware” encrypts and blocks data and a ransom is demanded in exchange for the key to decrypt it.

It is a new scourge that is ravaging the world. 42% of attacks concern phishing operations, which is a technique intended to deceive the Internet user to induce him to communicate personal data (access accounts, passwords, etc.) and/or bank details by pretending to be a third party of confidence. While the number of DDOS attacks (attack resulting in a denial of service) has quadrupled in just two years, going from nearly 990 attacks in 2020 to 4200 in 2022.

A growing trend

All specialists agree that 2020 is a landmark year in the field of cyber-security. Indeed, since the Covid-19 crisis, the number of cyber-attacks has exploded and this global trend is far from temporary.

Several factors have led to this state of affairs: the massive use of telework, the large-scale deployment of new technologies, particularly in production units, the increase in the number of pirates… “In truth, the acceleration of this This phenomenon can be explained by several elements such as the trivialization of cyber-attack techniques, or even teleworking which means that the company can be attacked via machines used outside the establishment or the production unit. This is why it is important for any company to have a cyber security culture. Today, it’s not a choice or a luxury, it’s a necessity”, wishes to underline, in this context, Saidi.

Today, a whole underground economy of cybercrime has been set up in several regions of the world. This is the case, moreover, of West Africa, which was the subject of a study carried out in 2017, by Interpol and Trend Micro, and which pointed to the birth and development of networks of cyber-scams in various countries of this same region.

Losses and damages

It must be said that for a company, a cyber attack automatically results in financial losses. In addition to the costs related to the improvement of cyber-security devices as well as the securing of post-incident customer data, it involves other expenses relating to the interruption of activity and the erosion of the turnover following the loss of customers. This is why the company is called upon to develop a global cyber-security strategy and must allocate a substantial budget to ensure the security of information systems and electronic wallets. It must also recruit the necessary skills who will be responsible for the security and IT monitoring mission. In a nutshell, invest in cyber security to avoid losses and shortfalls.