Computer threats and the behaviour of insurance companies
According to several observations, in particular from the Deputy Prosecutor at the Paris Judicial Court, who is also responsible for the J3 section responsible for combating computer threats and crimes, Johanna Brousse and Guillaume Poupard, the first head of the National Agency for Security of Information Systems, the behaviour of insurance companies would be likely to push companies to commit serious misconduct.
Indeed, it is not uncommon for insurers to take responsibility for paying ransoms are often demanded by hackers. Attitude that unfortunately encourages hackers always continue in their practices. On 15 April, the two authorities were speaking at the round table organised by one of the Senate delegations specially responsible for business
This article will also interest you: Should we be wary of Cyber insurance
"We're going to have to toughen the tone in the face of ransom payments," says Johanna Brousse firmly. "Today, France is one of the most attacked countries when it comes to ransomware. Why? Because we pay ransoms too easily," notes the latter. "We realized that insurers guaranteed the payment of ransoms, some not for everyone, they put conditions. But we're going to have to work on that," she continues. "We have to make everyone understand that if they pay the ransom, it will penalize everyone else because the hackers will attack our economic fabric more easily by thinking that the French anyway it is well known they pay" affirms the prosecutor. "The watchword is that when it comes to ransomware we don't want to pay anymore and we're not going to pay anymore. This is essential to dry up the source and for hackers to be aware that France is not the golden egg hen and that we must not be attacked."
Indeed, in the current context, the victims of cyber attacks with ransomware must be more than ever in their refusal to pay the ransoms demanded. The view of the head of section J3 and totally shared by the first head of the national agency for security of information systems, Mr. Guillaume Poupard. "What Johanna says is very important," he confirms. The latter appeals to the common sense of the companies to ensure that they agree not to pay the ransoms. The boss of ANSSI the behavior of insurers. "The important thing is to deter the attackers from attacking by telling them that the ransom would not be paid. Here we have a very, very big job I totally agree with what Johanna said," says Guillaume Poupard.
"Because today we see a murky game of some insurers, I agree[NDLR : de Johanna Brousse]." If in a sense the behaviour of insurance companies makes perfect sense, they are still harmful. "An insurer if he has the choice between paying a few million ransom or tens of millions under the insurance policy that has been contracted, and if he thinks he has the right, he will pay the ransom" comments Guillaume Poupard. "It's a no-brainer. There is a rationality that is relentless." However, the vicious circle of ransom payment must break. "And then we have to say loud and clear that hospitals in France do not pay ransom. Local authorities will not pay ransom."
It was also mentioned that ways should be found to track down and punish intermediaries who often serve as bargaining chips between companies and cyber criminals for ransoms. "They're a little gray, not white, not black. They do a ransom payment business, and they will sometimes pay themselves on their ability to negotiate with criminals the payment of ransoms. This is extremely unhealthy," stresses the head of the National Information Systems Security Agency. "We have to fight this very effectively because otherwise it is a kind of ecosystem that will be created around criminal activities and the result will be catastrophic."
For the head of the administrative authority in charge of cybersecurity, things are going very badly. "Everything is going wrong objectively. Between 2019 and 2020, there are a factor of 4 in the number of victims." "Do you have backups? An anti-virus? Is your email secure? ».
Now access an unlimited number of passwords: