In 2020, the IT sector has seen a significant or exceptional boost.
Of course this is because of an unexpected but effective element. The coronavirus health crisis. For several reasons, the health crisis has propelled the digitization of companies. At the same time, this digitization has been confronted with the proliferation of computer attacks. As a result, the IT security sector has also seen a significant leap in investment.
This article will also interest you: The problem of security incident in the bank
Widespread telework is one of the consequences of the coronavirus health crisis. The containment that resulted from governments' desire to break the chain of spread of the virus has pushed companies to adapt and continue to meet needs by developing collaboration remotely. Of the 720 private organizations surveyed, more than a third say they use digital tools to keep their activities afloat. This use, to some extent, is not only of benefit. There is also the downside. Mass computer hacking. According to several figures provided by the Club of Computer Security Experts, CESIN, 6 out of 10 companies were confronted with an attempted intrusion into their computer system. One in five companies has actually been the victim of a ransomware attack. furthermore:
– 80% of computer attacks are phishing;
– 52% of my observed attacks are based on the exploitation of security breaches;
– 42% are from the scam to the president;
– 41% are attempts to fraudulently access a system by cracking the password or login ID;
It is clear unanimously that "2020 has demonstrated that cybersecurity is the business of all companies and that you are never too small to be a target," as Christian Poyau of Medef's technology change commission says.
François Asselin, president of the Confederation of Small and Medium-sized Enterprises (CPME), said: "Small businesses are not spared and can be put in great difficulty by these untimely hacks of their data,"
The CPME in collaboration with medef offers a practical guide on the initiative of CEIDIG (Digital Economics and Information Council),
"It is also necessary to calculate in how long (days, weeks, months) the company, if it is attacked, can return to its original operation. And also whether we can identify the problem internally," notes Jonathan Uzan, head of cybersecurity at the Boston Consulting Group (BCG).
As a result, four key points are learned to improve the safety of your business:
1. Staff awareness
Regardless of the individual's status in the company, a set of solutions must be put in place so that that person can be aware of the realities and computer threats of the moment. "We think mainly of the networks attacked, the malicious emails. But don't forget smartphones or computers stolen from the outside and physical intrusions. A person comes for an interview and puts a USB stick in a device to steal data," gives these examples Clement David, the co-founder of Padok. "People are often panicked, don't dare warn that they clicked on a fraudulent email. They must be told that they will not be judged. adds the expert.
2. Better training for cloud use
The cloud is now much more used. Compared to the packages offered by the various providers, this may well be an offer accompanied by data security or not. It will then be very careful and know chosen effectively. "The system is not infallible. Depending on the offer, the supplier can only provide a backup of the files, so their security depends for the contractor," warns the secretary general of the French Information Security Club (Clusif), Loïc Guézo.
3. Use an independent provider
This presents itself as an eventuality is necessary situation. Do not wait until the company is mired in a security incident to appeal to the outside world. Often some security check and audit. It is possible to have some providers offered by the National Information Systems Security Agency on its website
4. Ensure you are "insured" against computer attacks
No matter what precautions you take, 100% protection against computer attacks is almost impossible. That is why it is recommended to be insured. There are now several insurance policies that are proposed in this area. However, it will be necessary to be vigilant and to know "qualify and quantify the risk of a company is extremely complicated," warns Jonathan Uzan of the BCG. "Insurers offer specific guarantees, but they are now reserved for companies that show a clean slate," says Frédéric Chaplain, the director of Verlingue, an insurance broker. "They won't get it without proving that they have a policy of prevention, password management, regular update… Many insurers refuse a cyber warranty if you don't take out a fraud warranty," he says.
Now access an unlimited number of passwords: