What is a cyber attack?

Cyber attacks can be defined as malicious acts targeting a company's information system. They take various forms: attempts to intrude into the IS, denial of service, theft, falsification or corruption of data...

The most widespread cyber attacks are undoubtedly the "ransomware" (taking data hostage) and "phishing" (recovery of personal data) attacks carried out from fraudulent e-mails.

It is estimated that in 20% of cases the cyber attack exploited a vulnerability in a web application.

 

What are the consequences and impacts of cyber attacks?

Cyber crime is on the rise, and the trend is very clearly unfavorable. In 2020, the number of companies targeted by a cyber attack globally increased from 38% to 43%.

In France, this increase in threat was even more pronounced, from just over one-third of companies in 2019 (34%) to nearly one in two last year (49%). More than a quarter (27%) have experienced 10 or more cyber incidents. The targets are multiplying (hospitals, communities, SMEs, VSEs ...) often resulting in a total shutdown of the activity.

While 54 ransomware incidents were reported to ANSSI in 2019, the agency saw a 255 percent increase in 2020 with 192 reported incidents.

Today, all companies are potential targets of a cybercrime that is becoming more and more sophisticated in its organization. Attacks are more and more automated and equipped. The targets are not only large groups.

A cyber attack can generate a major crisis that can jeopardize the very survival of the company.

 

How can such an evolution be explained?

The number of cyber attacks has increased since the beginning of the pandemic. Indeed, hackers have seen an opportunity in the changes in user habits linked to telecommuting and new collaboration modes, banking on the fact that not all companies were prepared for this evolution.

51% of French companies consider themselves more vulnerable to a cyber attack since the beginning of the health crisis. As such, the generalization of telecommuting is perceived as an additional risk factor by 59% of companies.

This situation destabilized many companies that had to change their information system in only a few days to allow a generalized telework. Ellisphere had taken into account the teleworking scenario in its continuity plan, which allowed us to activate the system very quickly without disrupting our IT.

 

The strengthening of European and international sanctions in the field of cybercrime

In 2020, the European Council for the first time imposed restrictive measures against six individuals and three entities responsible for or involved in various cyber attacks.

Also at the European level, the sixth directive on the fight against money laundering and terrorist financing now expressly includes cybercrime in the list of criminal activities that constitute the offence of money laundering.

 

Why is Ellisphere so concerned?

Ellisphere is directly concerned as a major player in the digital world. Three key sectors are particularly targeted: Technology, Media and Telecom, Financial Services and Energy. In total, two thirds of French companies in these sectors have experienced at least one cyber attack in the past year.

Through the services we provide, we exchange data with our customers. We must ensure that we do everything possible to protect our data and the data entrusted to us in compliance with laws and regulatory frameworks.

Ellisphere must therefore protect itself against threats related to its information system as well as those related to the protection of company data (attempted theft, loss, alteration, dissemination of data, whether personal, financial, technical or commercial).

In addition to the financial impacts that can affect the company's profitability, Ellisphere must deal with the impacts on the continuity of the services delivered and the damage to its reputation.

 

How to prepare for a cyber attack?

Security is an integral part of Ellisphere's DNA. Preparing for an attack is a constant concern. It is important to remember that "cyber attacks don't just happen to other people".

Ransomware is now commonplace. From our experience over the last few years, Phishing is a regular method used by extortionists to attack us. Let's remember that about one in six companies were attacked by ransomware in 2020 and more than half (58%) paid a ransom!

 

Business continuity planning, a must in the fight against cyberattacks

To fight against cybercrime, Ellisphere has implemented an organization and significant technical resources. An Incident Response Plan has been put in place to deal with a cyber crisis whose consequences can be multiple.

A Continuity Plan consisting of:

  • A Business Impact Analysis (BIA) to determine which activities should be continued or resumed first.
  • A Disaster Recovery Plan that can be used in the event of a major crisis.

An annual test ensures that in the event of unavailability of the IT production site, Ellisphere is able to resume activity on its backup site.

 

A risk-based approach

Ellisphere's approach focuses on risks that are regularly reassessed. These risks take into account the evolution of regulations, the evolution of uses, and the anticipation of new orientations.

An annual plan is thus produced with a roadmap involving all the actors of the IT department in order to constantly adapt to the creativity of cybercriminals. For example, the major themes addressed for 2021 are :

  • Evolution of detection and monitoring devices
  • Evolution of development practices,
  • Hardening of infrastructures and reduction of exploitable attack surfaces
  • Improvement of good practices.

On a daily basis, in order to protect ourselves against the risk of cyberattack, in addition to our protection devices (Firewalls, Application firewalls, Antivirus, Premises, Backup equipment...), we reinforce internal controls and audits in order to verify that we respect our security policy.

This involves, among other things, restoring our backups, reviewing our applications' authorizations, reviewing our accounts...

 

External audits to control the sustainability of our organization

Periodically, we call on external firms to carry out penetration tests and verify the robustness of our information system.

We are also on the lookout for any new vulnerabilities in order to apply patches to our infrastructure and software. These operations are increasingly difficult, because the time between the announcement of a patch and the attack is increasingly short and the number of vulnerabilities identified on the systems is increasing.

In 2020, the average time between an intrusion and its detection was 94 days. This is why the analysis of events generated by all equipment is also an important factor to take into account. It allows to react as soon as possible to abnormal behaviors.

 

Cyber attacks, everyone's business?

The human factor is a major issue in cybersecurity, accounting for over 80% of security incidents. The majority of targeted attacks are spread via e-mails addressed to employees, trapped by viruses or dangerous links.

They are also increasingly sophisticated and difficult to detect. During this time of health crisis, widespread telecommuting can make employees less vigilant.

The security of a company is the business of all employees. This is why an essential part of our security plan is to raise awareness among our users.

How to telework safely (infographic)
AML corruption cyber cyber attack cybercrime cyber risks companies fraud hackers phishing ransomware risks sanctions awareness IT services security terrorism telework