Cybersecurity: how to prepare and limit damage in the event of a crisis?

For several years now, attacks on information systems have been increasing.

The threat is not new, but it has mutated into a professional one. Disorganised acts have given way
to sophisticated, composite, highly targeted attacks. Cybercrime has become an industry,
resistant to cybersecurity with a real business model and “offers” such as “Ransomware as a service” (RaaS).

Aware that sooner or later they will be the target of attacks that could paralyse their activities, companies are integrating cybersecurity into their strategic plans. Their first reflex is to equip themselves with reaction capabilities. To do this, they rely on structures specialising in the immediate handling of incidents. This allows them to deal with the most urgent problems. But in view of the threat, this is not enough.

All too often, companies still find it difficult to realise the need to anticipate and prepare themselves over the long term. This is particularly true of SMEs and SMIs, which do not have the resources of large groups. Whatever the size of the organisation, cybersecurity must be taken into account on a daily basis, in all the company’s processes and by all employees. This requires the development of an action plan aimed at establishing a culture of cybersecurity and anticipation at all levels.

THREE FACTORS ARE ESSENTIAL FOR SUCCESS:

Have expert resources

And ideally, recruit a CISO (Information Systems Security Manager). If this is not possible, due to a lack of resources or skills, the ANSSI (French National Agency for Information Systems Security) offers a list of trusted players to assist companies;

Establishing a cyberdiagnosis.

Test the company’s cyber security to get a baseline. This will highlight the area of exposure, the poorly locked doors, the loopholes, and what needs to be protected as a priority. The cyber diagnosis (or company security audit ) will thus lay the foundations for the first rules to be written into the genes of the company and its staff: access controls, encryption, protection, etc.

Provide a budget for the deployment of the plan.

Not everything can be done at once, the plan will be implemented step by step according to priorities. To be realistic, it is necessary to clearly identify a cybersecurity budget in the IT roadmap. As an indication, it is not unusual for this budget to represent a cost in the order of 10 to 15% of a company’s IT budget in 2021. In order to anchor cybersecurity in the company’s walls in the long term, the action plan is based on specific measures and on the adaptation of everyone’s behaviour.

Maltem is a real it consultancy and web development agency that supports companies in their digital transformation. Discover our know-how in cybersecurity.

IT THUS COVERS THREE COMPONENTS:

The human:

The action plan defines the expertise that the company must have, internally or via service providers, to protect itself. This covers risk monitoring skills and reaction capabilities, but also day-to-day IT operations and management (infrastructure and network architecture, operations, messaging, access management and security, etc.).

This human aspect also includes raising employees’ awareness of the challenges of using information systems, mobile tools, the cloud, etc. Training and security exercises must be organised, following the example of what industrial companies do at high-risk facilities.
on high-risk installations.

Organisation:

The action plan describes the organisations to be deployed or created, in particular the importance of having a Security Operation Centre (SOC) type incident response structure. This may be internal or contracted with external experts who are committed to their availability. In all cases, the SOC must be active and able to react 24 hours a day.

It is also essential to integrate the handling of cyber attacks into business continuity and recovery plans (BCP/DRP). Cybersecurity must join the list of undesirable events that the company is preparing to overcome with a degraded mode of operation, recovery plans and regular crisis exercises.

Technique:

Depending on the priorities and the level of exposure, the action plan defines the technologies chosen to deal with the threat, as well as the associated architectures and processes. It specifies how to partition the IS to reduce the risks and isolate the most critical systems. It establishes, among other things, access control rules (zero trust), backup and restoration strategies with regular tests (to avoid contamination of backups by ransomware)…

“The plan will also list the detection and response tools that your SOC must be equipped with to function effectively (recognised EDR tools: Tetris, Harfanglab, Gatewatcher,) As substantial as such a plan may seem, it should be put into perspective with the damage caused by cyber attacks when companies are not prepared. The key idea is to make this preparation part of the daily life of organisations. Rather than being seen as a constraint, cybersecurity becomes part of everyday life. It becomes a means of providing good care in a hospital, of ensuring efficient services to citizens in a community, of producing goods or services efficiently in a company
Changing the paradigm in this way becomes the best way to protect oneself.
Yves Le Thiec, Cybersecurity Specialist and Security Consultant for Maltem Consulting
Group

BIO: YVES LE THIEC

Saint Cyrien and Télécom Paris engineer (Ministry of the Armed Forces 1986-2013),
Deputy Director at ANSSI (2013-2016), Founder in 2017 of HurbanIT, Research Professor at ENSIBS
at ENSIBS since Sept 2017 and Co-Director of the Geneva centre of “Academy by E-Secure”,
Cybersecurity Director MVE (PASSI Monaco) since 2020,
RSSI AgroMousquetaires (April 2020 to Oct 2021),
He joins the Maltem Group in March 2021 to manage the Cybersecurity BU.