For several years, cyberattacks have been on the rise in France. We estimate an increase of +400 % in cyber threats since 2020. This is also a risk that had already been mentioned by the ANSI (National Agency for the Security of Information Systems) a few years ago. , which predicted an increase in the threat over the next few years.
Although cyberattacks initially targeted companies, they increasingly concern medical establishments and local authorities. How can this explosion of cyberattacks be explained? What is cybersecurity and what is its role?
What is cybersecurity?
The main objective of cybersecurity is to protect computer systems, networks and programs against digital attacks. Very often, these cyberattacks aim to try to access sensitive information in order to modify or destroy it or to use it in order to profit from it, most of the time financially.
Cybersecurity, also called computer security or information systems security, is divided into several categories:
The most widespread cyberattacks aim to collect information in order to reuse it in different ways. There are different types of cyber threats such as: virus, Trojan horse, Spyware, Ransomware, Adware or Botnet. However, in recent years, we have discovered 3 new cyber threats that are increasingly used:
Dridex Malware. It is a Banking Trojan that infects systems by sending phishing emails. By recovering connection data, bank details or personal data, cybercriminals can thus carry out dishonest transactions.
Romance scams. These scams aim to set up scams on chat rooms, apps or dating sites. By taking advantage of the vulnerability of the victims, the hackers recover personal data which they will then use for criminal purposes.
Emotet Malware. This Trojan allows data to be stolen by taking advantage of an insecure password.
Law and cybersecurity, consult a lawyer specializing in computer law in Paris
Cybersecurity law concerns all the risks and all voluntary threats that are of human origin and that can harm the assets of the company. Faced with a phenomenon on an increasingly large scale, a company may regularly have to call on a lawyer to protect itself from cyberattacks and to defend its interests in a case in which it could have been a victim or implicated.
French and European law establishes a clear and precise legal framework which requires the implementation of strict security measures. Any company is required to meet its obligations at the risk of exposing itself to heavy penalties. Indeed, in the event that a cyberattack would have been made possible by the fact that the company did not respect its obligations in terms of security and confidentiality, the company would then expose itself to heavy financial penalties that could be imposed by the CNIL (National Commission for Computing and Liberties).
In order to comply with these personal data protection regulations, companies can be accompanied by a cybersecurity lawyer. The specialized lawyer can thus accompany his client in the drafting of a contractual document and in the formalities essential to compliance with legal obligations. The lawyer specializing in cybersecurity provides advice on the protection and security solutions to be put in place. He can ensure the defense of the rights of his client in the event of a dispute.
Cybersecurity: why is it essential?
Putting in place measures that effectively combat the cyber threat is increasingly complicated today. Indeed, digital evolution is constant and hackers are well informed of these transformations and know how to be always more innovative.
Businesses need to be able to be aware of cybersecurity risk. By providing specific monitoring to identify the cyber threats they may face, managers can thus anticipate and react in the best possible way to cyber threats.
For a business, being the victim of a cyberattack can lead to loss of sensitive data, significant financial loss due to theft and to recover stolen data, damage to reputation and in some cases can even lead to the closure of a business. .
A company must therefore ensure that it guarantees the security of online purchases in order to comply with the legislation and in order to build trust with its customers.
What are the fundamentals of cybersecurity?
Cybersecurity has five main objectives: integrity, availability, confidentiality, non-repudiation and authentication. No computer system is infallible despite the implementation of various preventive measures. Thus, to detect a cyber threat, it is necessary to ensure careful monitoring of its own computer protection. In order to prevent IT risk, it is necessary to ensure that:
Properly analyze the risks,
Define a security policy,
Implement a prevention solution,
Frequently evaluate protection solutions,
Constantly update the protection system according to the evolution of
Cybersecurity regulations: what rules for companies?
Companies are required to comply with a few computer protection and security rules set by French law. Otherwise, their liability may be incurred and the company may be exposed to significant penalties.
Every company is required to protect its data as much as possible. It has the right to be able to use all the solutions useful for its protection against cyberattacks. As an employer, it is also about being able to protect employees with regard to their personal information. A company may need to internalize cybersecurity skills by creating an Information Systems Department (DSI). By entrusting audits to an outside expert, the company can also ensure control and analysis of the processes put in place to obtain optimal and effective cybersecurity.
Data protection is one of the main objectives in implementing solutions to protect against cyberattacks. Thus, each company must make sure to put in place protective measures that guarantee the confidentiality and integrity of data. To guarantee effective protection, a company must therefore ensure that it applies:
Data and connection encryption methods,
Strong authentication measures to detect potential robots,
Data access measures in all circumstances, through secure backups,
With the protection assessment procedures in place, the company must be able to improve its protection at any time in order to comply with flaws and digital developments.
Every company must be able to comply with the rules concerning the GDPR (General Data Protection Regulation). The GDPR defines a personal data breach as "a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed otherwise, or unauthorized access to such data. Therefore, a company must protect the data it has in its system. By increasing its level of security in order to comply with the various requirements of the GDPR, the company avoids any incident that could harm its values and cause it to lose the trust of its customers.
An increase of +400 % in cyberattacks over 2 years: how to explain it?
Since 2020, there has been an explosion of cyberattacks in France. Nearly half of French companies recognize a significant increase in attacks over the past two years. Indeed, in its last activity report, the GIP ACYMA (Groupement d'Intérêt
Public Action against Cybermalveillance), reveals a significant increase in requests for online assistance.
ANSSI (National Agency for the Security of Information Systems) recorded an increase of +37 % in intrusions on computer systems, i.e. just over 1,000 intrusions during the year 2021. 69% of cyberattacks concerned companies, 11% hospitals and 20 % local authorities.
If more than one in two companies were victims of cybercrime during the year 2021, we also note that less than one in two companies invests a financial part of their budget in their cybersecurity. Indeed, few companies reserve part of their budget for the acquisition of network security tools and solutions. Employees are not always sufficiently well aware of the computer danger and potential cyberattacks. It is estimated that approximately 85% of private data breaches are caused by human error which primarily involves opening a fraudulent email.
Following the health crisis of the Covid-19 pandemic, many companies are making a link between the increase in cyberattacks they are facing and the increase in telework by their employees. While in the workplace, certain security solutions put in place by the company made it possible to limit the risk of cyberthreats, in the context of teleworking, companies could not always ensure the security of their data.
What is NIS Directive 2?
It is a directive which aims to strengthen and standardize the European anti-cyber attack system, and which is intended to replace the NIS 2016 / 1148 directive – State of the adoption procedure here