Cyber attacks on the rise, new GDPR …
Last year, an article published by Frenchweb pointed out the relative immaturity of companies regarding the subject of the protection of information systems and data. 2017 had seen the damage caused by cyber-attacks rise to a historic level of $172 billion worldwide. In France, nearly 21 million people were directly affected by malicious activities against them, adding up to damages of about 7 billion euros (up 238%)!
The arrival of the GDPR in Europe is supposed to guarantee a return to ethics and the use of personal data; however, is this just a smoke screen that hides the evidence? Do companies really intend to protect the information they store? Judging by the difficulties experienced by Mark Zuckerberg, Facebook’s boss, to justify unprecedented flaws before the US Senate Committee, or the recent sabotage crises (around the open source code of a vehicle) denounced by Elon Musk, the boss of Tesla, we should also ask questions about security in SMEs. What methods are being put in place to deal with possible attacks?
Because if everything is now in the cloud and if the explosion of the number of connected objects has been growing significantly in the world, what about the free and generalized flow of data? Recall that in 2017 Wanacry reached more than 400,000 computers and blocked many servers of companies and administrations and that other attacks have created considerable damage. The increased number of apps and the proliferation of smartphones also pose questions. Now employees of a company are permanently connected to the outside world and continuously communicate both personal and professional information via their mobile phone.
The virality of our conversations can accelerate the spread of malware and cause it to be hidden behind a barrier; the old firewall that protected a server is no longer effective today. In 2016, Japan suffered 350 million attacks a day! And when we thought we were done with Wanacry, Boeing announced just two months ago that they would have been a victim again: “A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue” Boeing Aviation told reporters. We can no longer say that we did not know. Since this phenomenon can be described as exceptional by its sheer magnitude, the subject of data protection is on everyone’s mind. So why does it not seem to worry leaders more than that?
For some analysts, the problem comes from the very culture of security officials. Coming from the world of engineers, they would strive to develop counter-viruses and to build ever more sophisticated systems like invincible fortresses. Not understanding the logic of criminals, with their ability to circumvent obstacles by observing them from every angle to find the flaw, they have total confidence in this technique. Is this an argument for utilizing a more diverse array of talent? Should we urgently hunt down some criminals and recruit them?
Without going that far, and even if some players in the computer industry or national security agencies have indeed resorted to hackers, it seems that inaction is no longer an option. A third of French companies were victims of a cyber-attack without having some sort of breakdown according to the ANSSI (National Agency of Security Information Systems). Now is the time to realize that data is at risk in our businesses. If data is the oil of the 21st century, guaranteeing its security is urgent.