what strategy to put in place?

what strategy to put in place?

With one in two French companies victim of cyberattacks and a number of scams that has been growing since 2020, protecting its tangible and intangible IT assets becomes vital.

Regulations, technologies, tools, processes and organization, cybersecurity revolves around several strategic axes, but training remains one of the essential pillars, especially with the ever-increasing sophistication of acts of piracy (phishing to recover data, viruses computers, ransomware, etc.). Putting people back at the heart of cybersecurity is more necessary than ever to allow companies and public administrations to build their own security walls.

Useful and engaging: cyber training in all its forms

It is still sometimes considered that computer security training is intended for a restricted circle of insiders. However, this is not the case, because everyone today is an actor in this security and constitutes a link in the chain. It is therefore above all a matter of offering theoretical training that is sufficiently concrete and general to be accessible to anyone and that all branches of the organization take it up. The objective being that there is no weak link. Dressed in concrete cases, such as the recording of a fraud on the president to realize the operating mode used, anecdotes and simple and playful scenarios, the training courses aim to make an impression in such a way that that the right gestures are applied as soon as possible. Making analogies with everyday experiences also proves to be an effective way to achieve this, like the identity document to be stored in a secure place when you are on vacation. In order to set up the most appropriate defense mechanism in the context of the structure, it is necessary to carry out upstream a study of the attacks which have already taken place to identify what has failed and to be able to personalize the training. It will thus be built according to the employee’s missions and in line with the needs of the organization. For example, in R&D, we will approach notions of intellectual property and we will insist on the code (how to produce reliable, non-vulnerable code, and protect it). On the financial side, we will focus more on account management and the issue of hard copy. In summary, there is a common core and then specifications by profession. Training therefore makes it possible to target and optimize information.

A real lever for the protection of businesses and public services

The human factor is responsible, in the vast majority of cases, for the causes of infiltration. According to an IBM report, 95% of cybersecurity breaches are linked to human error. By training the teams regularly, the risk of incidents is therefore considerably reduced. Today, the approach is spreading because any structure can be the victim of a cyberattack, including VSEs / SMEs. However, some sectors are more affected than others, such as public administration and health institutions. Moreover, the number of IT security incidents targeting healthcare establishments has been steadily increasing in recent times. IT security experts from the ANS (l’Agence du Numérique en Santé) indicate that the figure has doubled in 2021. Indeed, if previously an organization’s antivirus software seemed to be sufficient to detect dangers and prevent suspicious files cause more widespread damage, IT managers now have to worry about advanced threats that allow hackers to enter through backdoors and remain on networks undetected for months. By making all staff aware of new forms of attacks and teaching them the basics (management of the workstation and the e-mail box, strong password, etc.), we are already eliminating a large part of the problems. . In addition, as the training takes into account the particularities of each person’s functions, it makes it possible to rethink and streamline certain processes, or even to set up automatic protection systems, such as self-locking or the prohibition of certain access. Training all the players in an ecosystem, however diverse, means acting effectively against the risk of attacks that can result in ransom demands amounting to millions, or even a general shutdown of the institution leading to collateral, technical damage or worse in the case of hospitals, where lives depend on access to data.

With the rise of teleworking, the expansion of digital and ever more advanced technologies, the world is facing an unprecedented cybercrime epidemic (it cost no less than 6,000 billion dollars in 2021). New attacks are emerging and businesses and utilities alike are finding themselves in situations they cannot always resolve. Training constitutes one of the best ramparts against this growing phenomenon, regularity being nevertheless required with regard to the evolution of techniques and more broadly of the society in which we live.