Like everyone, I couldn’t miss the breaking news about the recent major cyber-attack which particularly affected several large companies such as Renault. It’s following other reported cyber-attacks during the French presidential election, which are also following on those noticed during the US election, which are also following on those that hit Yahoo, Sony, TV5 world, …
Beyond the observation of an acceleration of mediatized cyber-attacks, especially because of their tremendous scale, it is the hackers technology that causes me deep concerns.
On the basis of the information provided, it seems that hackers leveraged classical techniques to run the attack and some of them can even be considered as very dated in our current digital era.
However, these very “classical” cyber-attacks are taking place into a specific context: the digital transformation handled by every enterprises and institutions. This transformation is the result of the revolution of our habits, leading to a multiplication of access points to the corporate information system: today through smartphones and tablets, tomorrow via connected objects. It requires to redesign the IT architecture which, in some cases, may lead to change the existing security solutions because they’re no longer appropriate or simply ineffective.
While hackers are getting more professional and more organized, too many companies are totally outpaced with regards to cyber-threats they are exposed to. Unfortunately, it is easy to predict that medias will keep on showing us new and wider cyber-attacks in the near future.
Facing this reality, here are ours recommendations:
- Companies must take advantage of their digital transformation to revamp their protection system to make it adapted and complete it.
- Maybe they will use this opportunity to harmonize their IT system in order to facilitate its control and protection.
- The hierarchical influence of Security Directors must be enforced so they can have a full independence in their decisions, an obligation to participate and support any IT project with the right to veto if they consider it appropriate.
Lastly, these ambitions require financial and human resources to be put in place. Good security doesn’t come cheap. It is key to understand that a budgetary commitment into cyber-security is not an expense but should be seen as an investment.
For those who are still skeptical, I highly motivate them to look for all the costs that have resulted from Yahoo and Sony attacks, or more recently from Renault who had been forced to halt its production.