In the current climate of international tension, France is being hit by a large number of cyber attacks. The consequences of these attacks can be disastrous for businesses, ranging from the paralysis of operations to the loss of data. data theft sensitive. Cyber attacks are a source of stress, complicating the decision-making process of IT managers and limiting their impact. Anticipation becomes a necessity. How do you prepare for a crisis? And how do you react once it happens?
“ There are two types of organisation: those that have already fallen victim to a cyber attack, and those that will soon do so. "Guillaume Poupard, Director General of the French National Agency for Information Systems Security (Anssi).
A cyber crisis can be tackled in one of two ways: either you deal with it, with all the risks of emergency measures, or you anticipate it. Unfortunately, the cybersecurity watchdog highlights the lack of foresight on the part of businesses. That's why Anssi is urging them to put preventive measures in place. The agency has identified five priority measures to be implemented in the short term to prepare for any eventuality.
1. Strengthening authentication procedures
The most sensitive accounts, those of the company's information system (IS) administrators and those of the most exposed individuals (management, senior executives, etc.) must be strengthened. Anssi recommends the implementation of strong two-factor authentication.
For example, to access the network, you will need to combine a strong password with a hardware device (smart card, USB token, magnetic card, etc.). At the very least, a code received by SMS can be used as a second means of identification.
This two-factor authentication system has already existed since 2019 for banks.
2. Increasing network monitoring
In the event of a cyber attack, reaction time becomes crucial. Preparation is therefore essential to be able to react as quickly as possible when the time comes. That's why Anssi recommends setting up permanent global network monitoring. This will enable any compromise to be identified and dealt with as quickly as possible. In the absence of global monitoring, Anssi recommends " centralising logs of the most sensitive points on the information system "These include VPN entry points, virtual desktops, domain controllers and hypervisors.
IS security managers will need to investigate any anomalies that might be ignored under normal circumstances, such as abnormal connections to domain controllers and any alerts from antivirus software and solutions. EDR (Endpoint detection and response).
3. Backing up data and applications offline
Carry out "regular backups of all the company's data, including those on file servers, infrastructure servers and business applications", insists Anssi.
To avoid ransomwareBackups must be disconnected from the network to prevent encryption. Preference should be given to cold storage solutions (hard disks and magnetic tapes).
Backups should be restored regularly to ensure their integrity and avoid errors during restoration.
4. Identify critical services
In the event of an attack, security measures must be prioritised. To do this, you first need to draw up an inventory of the company's digital services and prioritise them according to how critical they are to the company's business continuity.
Anssi also asks that dependencies on service providers be taken into account.
5. Preparing for crisis management in the event of a cyber attack
A cyber attack can destabilise a company's operations. Support functions such as telephony and messaging, as well as business applications, are often the first to be put out of action. The company will then have to operate in degraded mode, sometimes at the risk of going back to pen and paper.
Depending on the severity of the attack, a cyber attack can cause partial or, in the most serious cases, total business interruption.
The company will have to set up a crisis unit and define a response plan aimed at applying a business continuity plan (PCA) or an IT recovery plan (PRI). This enables the company to operate in degraded mode and restore systems and data as quickly as possible to return to a normal situation.
