2023-10-11 05:31:23
Published on Oct 11, 2023 at 7:31 a.m.
The myth of the hacker, wearing a hood and acting alone in the back of his garage, is a thing of the past! Cyberattacks are now international and increasingly sophisticated, whether carried out once morest businesses, hospitals, universities or cities. With serious consequences for the security and economy of the country. For 2022, in its latest study, the Asterès firm estimates the cost of successful cyberattacks (ransomware, phishing, DDoS, etc.) on the information systems of French organizations at 2 billion euros.
Due to their number, the first victims of cyberattacks are companies (like large groups like Engie and Airbus recently), and in particular SMEs. Among the 347,000 successful cyberattacks affecting companies in 2022, according to Asterès, 330,000 concern them. More than 60% of SMEs do not, in fact, have any representative dedicated to cybersecurity and only 25% have taken out specific insurance to protect themselves…
SMEs lacking good practices
These last figures emerge from the study presented in June by the French Cybersecurity Federation, commented by David Ofer, its president: “The cyber subject is very well supervised at the level of OIVs (operators of vital importance), large groups and large ETIs, but as soon as we go down to SMEs, which are very numerous in France, we realize that there are no longer any real outlets, because the messages are diluted and business leaders are too busy elsewhere. »
It’s not even a question of danger, but of common sense. Everything is connected, so everything must be secure.
David Ofer, President of the French Cybersecurity Federation
And this, even if everyone recognizes the existence of a “cyber concern”, but without knowing how to manage it or, even less, declare it. “A whole context which means that the subject remains too complex and too technical for them, when it should be applied throughout the organization,” continues the expert.
For a broader approach towards this target, in particular, and to industrialize good practices, all public and private actors must therefore interact. Starting with the National Information Systems Security Agency (Anssi), whose mission will be expanded.
This is what Emmanuel Naëgelen, its deputy director, explained during a recent intervention at Numeum, the professional organization of the digital ecosystem in France: “The attackers pose three challenges to us. Firstly technical, with the use of AI to be better at processing data. The second is the move to scale, that is to say to mass cybersecurity. Finally, the security of the solutions, services and software offered must be improved. »
Establish an IT charter
But what is mass cybersecurity? Transposed into French law by the second half of 2024 at the latest, the new European Network and Information Security (NIS 2) directive will allow Anssi to increase the level of cybersecurity of thousands of entities, ranging from SMEs to CAC40 companies. , on at least eighteen sectors of activity which will now be regulated. Because it is this multidimensional and multi-party vision on a national and European scale that will move the subject forward.
However, if it is recognized as essential to protect the infrastructures of organizations, it is also essential to raise awareness and train employees on cyber issues, beyond the referent “cyber” or “data”… All players in the sector insist on this: humans remain the first gateway to a successful cyberattack!
To create this culture of security, both individual and collective, a minimum of actions must be put in place, regardless of the size of the company, starting with the establishment of an IT charter and the development of a communication strategy in the event of a cyber attack and an information systems security policy (PSSI).
We must also work to define a business continuity plan (PCA) and a business recovery plan (PRA), procedures which will condition, in the majority of cases, the ability to resume economic activity, provided they are tested and updated regularly.
Create a culture of digital security
With hybrid working becoming more commonplace, one simple tip to reduce risk is to have a password management solution in place. “The use of sufficiently long, complex and different passwords on all equipment and services to which you access”, is also the first of ten best practices, proposed by the public site cybermalveillance.gouv.fr to ensure your digital security. Just as it is essential to separate personal-professional uses of the hardware, messaging and other clouds at your disposal.
“When we speak to leaders who have nothing to do with technology, we must use simple and understandable terms so that everyone cares,” concludes David Ofer, who has also just signed a partnership with the Federation French electrical integrators to acculturate them to the subject. “It’s not even a question of danger, but of common sense. Everything is connected, so everything must be secure. »
1697003727
#Cyberattacks #SMEs #front #line #digital #risk