News
Cyber security: the French state is investing to help MSMEs face this strategic challenge
October 2021 by Yves Le Thiec, Cyber Security Specialist and Security Consultant for Maltem Consulting Group.
In terms of cyber security, 2021 has proved to be a year fraught with danger. But this is merely the logical continuation of what we saw coming two or three years ago. There is a general sense that cyber attacks are now following a real business model that is reaching maturity. There’s no denying that this model is becoming structured. It is going to target very large players who think they are immune. But security is a constant concern, and there is no such thing as zero risk.
Cashing in on an anxiety-inducing global context, cyber criminals are constantly adapting their tactics. They are going to be capable of attacking all facets of society. Recent examples include the recent attack on the Paris hospitals authority, AP-HP, during which the data of thousands of people were stolen.
Attacks are hence becoming increasingly sophisticated, as France’s National Information Systems Security Agency (ANSSI) has confirmed.
They can be placed in two categories:
– Ransomware attacks: these aim to block activities, and are becoming more professional in their approach
– Data breaches: theft of our industrial secrets by extremely well prepared groups.
A shortage of qualified professionals
The attacks that have occurred in the last few months are also linked to the recruitment difficulties that the sector is currently facing. Businesses are struggling to find experts in cyber security. There are currently 37,000 professionals in France, which is clearly not enough to address the situation.
It seems difficult to qualify the requisite number of experts in the short term. Training takes time, and experienced teachers are required in order to provide it. But where there’s a will, there’s a way - and the momentum is growing! The French state is getting involved. The steps it is taking include funding a “cyber campus” project in the La Défense district of Paris, which is set to open in January 2022. Hundreds of sector professionals will be there, including the Maltem Consulting Group. The campus will host a start-up accelerator and a showroom dedicated to presenting careers in cyber security.
France is still one of Europe’s driving forces in this area, but we need to do more: raising awareness of cybercrime has to start at nursery school! Like computer science, it should be taught from a very young age - as is the case in Israel. Raising awareness in the early years would equip individuals to respond better to an attack, and help instil good cyber hygiene habits. While also laying foundations for encouraging youngsters to consider careers in this field.
“Alerte Cyber”: the state’s system to protect MSMEs
According to the French Confederation of Small and Medium-sized Enterprises (CPME), 5 to 10% of companies have already been the victim of a cyber attack. Obviously they will not all be able to hire experts. Large companies with critical organisations and infrastructure have integrated this cyber security dimension into their governing bodies, at executive committee level. But for the smaller ones, this is still a complicated issue.
The state, through its Secretary of State for the Digital Economy, hence decided this summer to launch a warning system designed specially for micro, small and medium-sized companies (MSMEs). Named “Alerte Cyber”, it operates on the same principle as severe weather warnings, because the first few hours are critical in the event of an attack. This warning system will focus on the inter-branch organisations - the main employers’ federation (MEDEF), the CPME, chambers of commerce and industry, etc. - who will then transmit the warning to tens of thousands of companies.
Good cyber hygiene habits for everyone
But however effective this system may be, it is absolutely vital for it to go hand-in-hand with making MSMEs fully aware of these issues. Cyber security is a concern for all economic players! Even if a business does not have access to cyber security expertise, or an in-house expert on its staff, it can avoid a fair number of mishaps by adopting some good cyber hygiene habits.
So here are a few tips:
? Audit your tools: whatever the size of your company, you must take a look at the tools you use on a daily basis. Make sure the ones that are critical to your business are sufficiently protected. But you also need to think about your business continuity strategy if you are the victim of an attack that shuts down your hardware. Analyse and assess the risk, make backups, and be aware of the flaws. Call on a consultant or expert if necessary. They come at a cost, but this is essential work.
? Know how to respond to an attack: before one happens, ensure that everyone is fully mindful of the need for vigilance when opening emails, but also be prepared for the eventuality. Here too, seek assistance from an expert.
? Appoint an information security officer: cyber security must be managed within the company in the same way as fire safety. Appoint an officer and train them in implementing a Disaster Recovery Plan in the event that your business comes under attack. Courses exist, and the French state website cybermalveillance.fr is a valuable source of advice. It is also helpful after an attack.
Faced with the ever-evolving threat of cybercrime, with attacks becoming increasingly sophisticated, the scarcity of skills, and growing awareness at a national level, the watchwords are still “prepare” and “anticipate”!
