Businesses, administrations and even governments are increasingly being hit by cyberattacks. In a digitalised world and a globalised economy, who can claim to be safe? Protection solutions do exist.
With the digital transformation, a large number of networks – telecommunications, computers, smartphone apps and connected objects – are now interlinked, giving hackers opportunities to seek security flaws in IT systems.
“As business processes increasingly digitalise, their exposure to risk increases,” says Vincent Bazillio, technologies marketing manager at Axians, the VINCI Energies brand dedicated to ICT solutions.
“Cyberincidents represent a growing threat for our economies.”
Indeed there are a growing number of attacks against private sector businesses as well as public administrations and even governments. In May 2017, a widespread cyberattack targeting Russia, Taiwan, and Ukraine resulted in 126,000 infections, according to antivirus software publisher Avast. The attack used the WannaCry ransomware, which encrypts data and demands payment of a ransom, generally in bitcoins, to decrypt it. Companies such as Fedex, Telefónica, and Renault were hit, as were public administrations such as the National Health Service in the United Kingdom.
Following this large-scale attack, the finance ministers of the G7 countries responded by issuing a communiqué stating that “We recognise that cyber incidents represent a growing threat for our economies and that appropriate economy-wide policy responses are needed.” In France, cybersecurity is now “priority number one” at the Agence Nationale de Sécurité des Systèmes d’Information (ANSSI – the French national cybersecurity agency). In its 2016 report, ANSSI mentioned 3,235 security alerts, including 79 involving “major events”, 159 addressed, and 3 identified as “critical”. Enhanced awareness among policy makers is perhaps not as widespread in the business community, even though the DFCG (French Chief Financial Officers and Controllers Association) and the Euler Hermes barometer found that 81% of companies were the victims of at least one attempted fraud in 2016, and that one in four companies was targeted more than five times.
Detect and respond
The first step that companies must take, according to Vincent Bazillio of Axians, is to recognise that anyone can be affected. “What is needed is behavioural change. It is no longer enough for businesses to defend and protect themselves by building higher and higher walls. They must also be prepared to detect a threat and respond very quickly by isolating the infected component and protecting all the other parts of the system (users, computers, etc.) as quickly as possible.”
In addition, there is an urgent need for safeguards against cyberattacks at a time when the legislative environment is changing, with the advent in May 2018 of the EU’s GDPR (General Data Protection Regulation), which will require companies to warn users when a security breach may affect them. Security solution providers can no longer confine themselves to selling firewalls and antivirus software but must help their clients to better detect incidents. “For example, we can support them in extending their hours of coverage or carrying out round-the-clock monitoring to anticipate vulnerabilities in their IT systems,” says Vincent Bazillio.
Poorly protected industrial sites
Cybersecurity specialists take on the task of auditing internal directories that authorise opening a Windows session on a PC or entering a site with a badge, to ensure that they are not vulnerable to possible intrusion. They also address a danger arising from the growing digitialsation of industrial sites, which can compromise the security of installations previously isolated from company IT networks. “For more than a year now, we have been doing more and more work to safeguard these sites exposed to major risks in the nuclear, railway, air transport, food processing, and pharmaceutical sectors,” says the Axians technologies marketing manager. With industrial networks increasingly connected to the outside world in order to exchange information needed to rapidly adjust production or anticipate maintenance, for example, it is easier for hackers to take control of production systems.
“VINCI Energies combines Actemium’s process expertise and Axians’ IT capabilities to offer an intelligent IT security solution for every type of business,” says Vincent Bazillio, adding that due to constantly changing digital technologies, “network security is an ongoing process that is never completed once and for all.”