The fight against cybercrime has become an essential part of business development.
There has been a general increase in computer attacks on all types of organizations. Yet businesses are the most affected. And of course the attacks are becoming more and more advanced.Companies increasingly exposed. Especially with the generalization of telework, which has literally imposed itself on many companies that were not prepared for it. The challenge for many businesses and business leaders, and the protection of information systems and computer data.
This article will also interest you: An increase in computer attacks among 93% of French companies
The telework that has been imposed on businesses because of containment has shown many limitations in the management of COMPUTER security in many companies. This practice has raised many questions in the answer could in some way provide solutions
"This created a number of challenges because not all companies were necessarily ready. Remote access to the company's systems was therefore more complicated. For those who were less prepared, additional risks arose: personal computers could, for example, become a vehicle for entry and attack for cyber criminals," notes Olivier Reisch, associate lawyer at DLA Piper Luxembourg, head of the intellectual property and new technologies team. Another key issue was employee monitoring. "These are not new issues, but in Luxembourg there are strict rules in place for this supervision, including obligations to consult employees and certain intervention powers of the CNPD. Adds the lawyer.
Unfortunately, in recent years, cybercrime has been in full professionalization. They continue to improve not only in terms of organization, but also in their business model like a traditional business. These are no longer solitary or isolated attacks here and there. They are now very well organized groups, with a well-defined strategy that initiates cyberattacks so sophisticated that it looks like a plan to start a business strategy. And all this in the context of illegal penetration into computer systems.David Alexandre, a lawyer specializing in intellectual property and personal data protection and counsel at DLA Piper Luxembourg, noted: "There is a strong human element that comes into play. In-house training is important to be aware of the different types of increasingly sophisticated attacks."
Another important point to mention is that it is no longer the big companies that are the preferred targets of cyber criminals. Today, small and medium-sized enterprises are much more affected by this scourge. "A few years ago, attacks were carried out on a larger scale, without discrimination. The servers were attacked at random via automated tools. Now it's becoming more and more targeted," admits Olivier Reisch.
Small businesses do not have enough resources to ensure their large-scale IT security, unlike large businesses. This makes them much more vulnerable so "It's still on a case-by-case basis, it all depends on the security policy of each company," says Alexandre.
However, the health crisis has raised awareness in general of the real danger of cybercrime. The massive use of digital solutions has demonstrated how vulnerable businesses, regardless of size and sector, are. And there is no shortage of examples.
"We are seeing a change. Cybersecurity and data protection could be seen as a cost. They are now a selling point to attract customers," says David Alexandre.
So we're wondering if this will become a priority?
In practice, there has been a certain difference between European companies and organizations and those in the United States. "Luxembourg's financial sector is quite well prepared, as the rules on IT security are extremely strict. Players in Luxembourg are generally part of large international groups and benefit from their experience. »
Let's talk about the sophistication of computer attacks. The most common cyberattack is the most common practice to extract the maximum amount of money from organizations, especially companies and ransomware. Today, cybercriminals are no longer content to encrypt access to the computer network or the data of the companies they target. They extract data, and threaten to disclose it if the company refuses to pay the ransom demanded.
"We see very professional conversations between criminals and victims, it's amazing! The former conduct the ransom negotiations while explaining the consequences for the seconds of a disclosure of the data in terms of turnover, reputation, cost," stresses Olivier Reisch.
Now access an unlimited number of passwords: