To fight against increasingly organized and competent cyber espionage, companies must change the paradigm and move from the status of victim to that of defence. An evolution that will not happen without the creation of a strong ecosystem where companies will share their data and information relating to fraud suffered. Because together we are stronger! Laurent Sarrat, co-founder and CEO of Sis ID gives us his analysis.
Faced with the explosion and diversity of cyberattacks, companies must reverse the balance of power and erect new ramparts to protect themselves. In just a few years, cybercrime has gone from amateurism to international, efficient and organized networks. Today, regardless of their size and sector of activity, all companies are exposed.
Read also: Industrial ecosystem: Software République as a new example to follow
According to a study conducted by Euler Hermes and the National Association of Chief Financial and Controlling Officers (DFCG), in 2021, one in four companies suffered proven fraud; 33% damage greater than €10,000 and 14% damage greater than €100,000. A phenomenon accentuated by the health crisis since nearly one in two companies has recorded an upsurge in attacks following the generalization of telework. As for the frequency, 28% of companies say they have suffered at least one fraud this year.
Who are the hackers?
Today, cybercrime has two main types of profiles. On the one hand, technical hackers whose objective is to flush out computer flaws in the billions of lines of software and infrastructure code, on the other, commercial profiles playing on the psychological manipulation of their potential victims to extract information (passwords, bank details, codes, etc.). While the former manage to thwart all the cyber defense tools developed by specialized publishers who devote millions of dollars to their R&D, the latter, those of social engineering, are constantly sharpening their scenarios and arguments to deceive ever more interlocutors. There is this asset, this benefit of surprise, of the absence of rules or codes to follow which allow hackers to free themselves from all the brakes that corporates have. The objective is therefore to create a weapon, an asset, a unique “cyber intelligence practice” that only corporates can have to reverse the balance of power.
Distinct for a long time, these two currents are now bringing together. Objective: to gain efficiency by playing on both counts. An unprecedented approach that companies must now take into account to, in turn, deploy effective defense strategies.
How to fight?
But faced with such a scourge, what to do? How can companies, whose primary vocation is to focus on their core business and not on IT security, fight against these organized gangs – sometimes state-run – whose energy is focused on the quest for all their security breaches whether technical or psychological?
How can you predict an attack when you don’t know its potential vulnerability? However, today the majority of companies consider that they have deployed all the solutions and best practices to protect themselves against cyberattacks. They believe they are ready against all attacks. A real questioning when we see that Microsoft, Amazon, Facebook or Google have not been spared. It is therefore urgent to get in working order to anticipate and respond to these clever people using innovative techniques.
It’s time for companies to use the same techniques as attackers, namely banding together to create an ecosystem that allows them to unite. Thus, like a Waze or a Coyote, whose objective is to allow different communities to share information in real time, companies have every interest in cross-referencing and sharing their data relating to fraud and cyberattacks. Then task cyber defense professionals with applying their technologies to extract “patterns” and analyze new fraud habits. Thanks to this approach, companies will be able to deploy effective anti-fraud schemes and adopt an agile and reactive cyber defense.
However, such a device forces companies to be transparent about their cyberattacks, which they generally prefer to keep quiet, fearing for their notoriety. But this silence, tolerable in the past, has become counterproductive, even dangerous in view of the explosion in the number of cyberattacks and the detrimental impact on the image of the company that has remained silent.
Playing collectively by creating a community that adopts the same reflexes as those of social networks is undoubtedly the best way to deal with today’s cybercrime. Without sharing information about their cyberattacks, companies will have a hard time changing the balance of power with cybercriminals. They will certainly lose the battle against ever more numerous, innovative and better organized hackers.