The list of French hospitals, local authorities and companies victims of cyberattacks is now growing daily.
In 2020, cybercrime increased fourfold compared to the previous year, if we look at the number of interventions by the National Information Systems Security Agency (Anssi), responsible for state cyber protection.
To read also:
"It's a tsunami, we have to reinvent everything": in the hell of the hospital of Dax, target of a cyberattack
The health crisis has certainly not helped anything, but it is not at the origin of this acceleration.
All countries and all industries are confronted with it, for the simple reason that criminals have for years found in the cyber space a relatively inexpensive but on the other hand very lucrative means of carrying out illegal activities.
With now industrialized attack methods, often sophisticated, sometimes supported by geopolitical considerations, they strike at all costs, taking advantage of the fragility of businesses, health establishments, communities, associations or simple individuals. destitute.
With serious operational and economic consequences for all victims.
To respond to the exponential growth of these serious threats, the French state has therefore decided to accelerate its cyber defense strategy.
Presented on Thursday by President Emmanuel Macron, it aims to raise the general level of protection of public and private actors as well as to give a boost to the development of the cybersecurity sector in France.
Strengthen detection
As part of the recovery plan and the investment program for the future, France will invest an additional billion euros by 2025 in this national strategy.
They will be added to the funding already provided for aid in the digital transition of administrations.
Additional resources (136 million euros) will be allocated to Anssi to carry out safety diagnostics in particular with health establishments and local authorities, relying on trusted local players.
Solutions will be tested on pilot sites (a territory, a hospital) and then replicated on a national scale.
Anssi also wants to strengthen the means of detecting attacks, by creating regional CERTs (Computer Emergency Response Team), in other words structures capable of reacting effectively in an emergency and of assisting victims.
The construction company was attacked in July 2020. It took 6 weeks to recover 90% of its applications.
She was able to recover all of her data.
Thierry THOREL / PHOTOPQR / VOICE FROM THE NORTH / MAXPPP
To develop its protection capacities, France is also counting on the development of advanced technological solutions.
Five hundred million euros will be devoted to this, by funding research center projects (Inria, CNRS, CEA, etc.) or by collaborative projects with private companies.
Only cutting-edge technologies will be able, for example, to help SMEs to automate the security of their information systems, to effectively secure connected objects or to address the specific problems of certain sectors.
To read also:
Rabot Dutilleul: "A cyber attack is very anxiety-provoking for the whole company"
For the State, it is also a major issue of economic development and sovereignty.
By 2025, he wants to quadruple the turnover of the sector (to reach 25 billion euros) and double the number of jobs created.
The cybersecurity sector suffers from a shortage of profiles and a certain lack of attractiveness, especially among girls.
To remedy this, the strategy also emphasizes training.
Once the priority needs have been identified, new training courses and new masters will be created and financed.
Barrier gestures
Finally, the State is also investing in the “cyber campus”, to strengthen the links between all French players in cybersecurity.
In September 2021, this thirteen-storey building, in the district of La Défense, near Paris, will bring together in a single place the cream of the know-how, private and public: large companies (Orange CyberDefense, Atos, Capgemini , Airbus Defense & Space, Sopra Steria, etc.), SMEs, start-ups, administrations, research and innovation laboratories, training centers, etc.
The objective is to strengthen both the monitoring, detection and response capacities to shared threats, for example by developing a common database.
At the same time, in the police and judicial fields, France will continue and intensify its strategy of European and international cooperation in an attempt to dismantle cybercriminal networks, often refugees in lawless areas.
Recent successes have made it possible to bring Emotet, a gigantic infrastructure that has held hundreds of thousands of Internet users to ransom for years, or to stop several pirates from the Egregor group.
Read also:
With the SolarWinds attack, Western cybersecurity in full question
While this boosts defenders' morale, this difficult pursuit of attackers is not enough. “
What will break the exponential curve of attacks is to promote effective prevention at every level. Everyone has a role to play,
”insists on Anssi. According to the latest barometer from Cesin, the association of computer security managers, for 80% of companies that declared having experienced an attack in 2020, the entry vector was phishing (an email with a malicious link on which a employee clicked). To remind everyone of the essential barrier gestures in terms of computer hygiene, the reference platform cybermalveillance.gouv.fr will also be the subject of a promotion campaign in the coming months.
