» »Unlabelled » Businesses, beware of cyber attacks!

7:56 AM
0

jewels of French industry endure the daily cyber attacks, which reach their goal more often than we think, told AFP Bernard Ourghanlian technical director and security of Microsoft France, now the seat of the safety of Monaco. “During the past four years, I have not had a single day where one of our teams was not in working with a large French company to a serious crisis of security,” explains Mr. Ourghanlian . If he can not reveal the names of the companies involved, however, indicates that some are listed on the CAC 40.

By “serious crisis”, it means “a takeover of the company’s information system” or “exfiltration of data, which could last for months.” “This is a classic situation unfortunately. Currently, there are two such active attacks in two large French customers, one of which undergoes the last six or eight months,” he says. “The longest drive on which we worked lasted three years” without the client is not in view. “There are even cases in which we have never been back to the initial attack it lasted so long,” said Bernard Ourghanlian

It is extremely rare that the undertakings concerned -. At French and globally – make public the fact that they were involved, or information that has been stolen from them. One of the most famous was the one who entered online services Sony PlayStation Network, in which the data (passwords, credit card information) to 77 million users were stolen and published on the Internet. Direct losses to the Japanese giant amounted to 121 million euros.


“When an attack stops the Chinese New Year …”

But even when companies find that they suffer the onslaught of criminals, they have a “denial phase, and also by trying to solve the problem themselves as responsible for internal security of the computer feel guilty not have been avoided. ” However, they eventually seek the help and intervention of the National Security Agency Information Systems (Anssi). “Once in a very serious crisis, it even happened that we met over a hundred people to work the problem,” says Ourghanlian.

Even after the aggressor technically “put out”, the question of identity is almost always open. “Given the size of some of the attacks that have means seven days a week, they are necessarily supported by a large competitor or a state,” he said. “So when an attack ends the Chinese New Year …,” he notes without finishing his sentence.

are often referred to in the decision process of the company, “which are not necessarily the most sensitive to the risk of intrusion” and that will be trapped by a (fake) email coming from someone they know (but whose mailbox has been infiltrated) via a file attachment bearing the name of a file in relation to a recent activity.

“Some attackers can take many time and seek information slowly, but once they access the company directory or they unlock password “is the beginning of the end, warns Bernard Ourghanlian.

For example, in many cases “too many people in the business have access to sensitive data and passwords in place are not sufficient.” Because only a password using “a minimum of 14 characters reached a good level of security and begins to be difficult to break,” emphasizes Mr. Ourghanlian.


Posted by at 7:56 AM