Against the backdrop of current international tensions, France is being subjected to a large number of cyber attacks. The consequences can be disastrous for businesses, ranging from business paralysis to data theft sensitive. Cyber attacks are a source of stress, complicating the decision-making process of IT managers and limiting their impact. Anticipation becomes a necessity. How do you prepare for a crisis? And how do you react once it happens?
“ There are two types of organisation: those that have already fallen victim to a cyber attack, and those that will soon do so. "Guillaume Poupard, Director General of the French National Agency for Information Systems Security (ANSSI).
A cyber crisis can be tackled in one of two ways: either you deal with it, with all the risks of emergency measures, or you anticipate it. Unfortunately, the cybersecurity watchdog highlights the lack of foresight on the part of businesses. That's why ANSSI is urging them to put preventive measures in place. The agency has identified five priority measures to be implemented in the short term to prepare for any eventuality.
1. Strengthening authentication procedures
The most sensitive accounts, those of the company's information system (IS) administrators and those of the most exposed individuals (management, senior executives, etc.) must be strengthened. ANSSI recommends the implementation of strong two-factor authentication (2FA).
For example, to access the network, you will need to combine a strong password with a hardware device (smart card, USB token, magnetic card, etc.). At the very least, a code received by SMS can be used as a second means of identification.
This two-factor authentication system has already been available to banks since 2019.
2. Increasing network monitoring
In the event of a cyber attack, reaction time becomes crucial. Preparation is therefore essential to be able to react as quickly as possible when the time comes. That's why ANSSI recommends setting up permanent global network monitoring. This will enable any compromise to be identified and dealt with as quickly as possible. In the absence of global monitoring, ANSSI recommends " centralising logs of the most sensitive points on the information system "as the entry points to VPNvirtual desktops, domain controllers or hypervisors.
IS security managers will need to investigate any anomalies that might be ignored under normal circumstances, such as abnormal connections to domain controllers and any alerts from antivirus software and solutions. EDR (Endpoint detection and response).
3. Backing up data and applications offline
Carry out "regular back-ups of all the company's data, including those on file servers, infrastructure servers and business applications", insists the ANSSI.
To avoid ransomwareBackups must be disconnected from the network to prevent them from being lost. encryption. Preference should be given to cold storage solutions (hard disks and magnetic tapes).
Backups should be restored regularly to ensure their integrity and avoid errors during restoration.
4. Identify critical services
In the event of an attack, security measures must be prioritised. To do this, you first need to draw up an inventory of the company's digital services and prioritise them according to how critical they are to the company's business continuity.
ANSSI also asks that dependencies on service providers be taken into account.
5. Preparing crisis management for cyber attacks
A cyber attack can destabilise a company's operations. Support functions such as telephony and messaging, as well as business applications, are often the first to be put out of action. The company will then have to operate in downgraded modeSometimes this means going back to pencil and paper.
Depending on the severity of the attack, a cyber attack can cause partial or, in the most serious cases, total business interruption.
The company will have to set up a crisis unit and define a response plan aimed at applying a business continuity plan (PCA) or a disaster recovery plan (PRA). This enables the company to operate in degraded mode and restore systems and data as quickly as possible to return to a normal situation.
