How the health crisis released cybercrime

• Each week,

  20 Minutes

   invites a personality to comment on a social phenomenon in their “ 

  20 Minutes

   with…” meeting.

• Johnatan Uzan, Director of the Cybersecurity Expertise Center of BCG Platinion Europe, discusses the changes and the acceleration of these cyber risks thanks to the Covid-19 crisis and the digitalization of our private and professional lives which has follows.

• “The Covid-19 crisis with teleworking and confinement has forced digitization in a phenomenal way and I don't think there will be a massive backtracking,” he explains. We will now be moving towards more and more digitalization, more and more attack surface and more and more attacks ”.

Businesses, hospitals, local communities ... since the start of the coronavirus crisis, cyber attacks have multiplied. In 2020, 192 “ransomware” attacks were recorded in France, against 54 the previous year, according to the National Information Systems Security Agency (Anssi). But this is only the "small and less hard part of the iceberg", explains Johnatan Uzan, director of the Cybersecurity center of expertise at BCG Platinion Europe. This expert in cybersecurity and offensive security reviews the changes and the acceleration of these cyber risks thanks to the Covid-19 crisis and the resulting digitalization of our private and professional lives.

Two weeks ago, the boss of the American Federal Bank Jerome Powell said he was more worried about the risk of a large-scale cyberattack than of a global financial crisis similar to that of 2008. In your opinion, is it today? hui essential risk for the economy and companies?

Unfortunately yes. Experts' analyzes for many years have noted an acceleration in the cybersecurity arms race. States have armed themselves and continue to do so to conquer cyberspace, a strategic issue for twenty years. It therefore seemed quite inevitable that there would be leaks to criminal groups that would mutate into cybercriminal groups. These groups have seen the financial interest in ransoming companies. Being at the head of a pimping or narcotics sales network in three countries requires an organized operational structure, complex money laundering networks and involves taking a lot of risks. But when you attack a business by sending ransomware,that you are using untraceable money that can be easily laundered and switched back to accounts halfway around the world, and to do all of that you only need six or seven people the math is quick. Especially since the criminal penalties are not yet the same as for serious criminality. Without forgetting, these hackers - a little opportunistic - who do not know very well what they are doing, but who create a volume of attacks sufficient to maintain a constant level of danger.but which create a volume of attacks sufficient to maintain a constant level of danger.but which create a volume of attacks sufficient to maintain a constant level of danger.

And these are not the only risks ...

We must also mention that of cyber-espionage which, at European level, is not sufficiently monitored.

And that, frightening, of cyber-terrorism, still non-existent in France and with very low noise in the rest of the world.

A feared phenomenon and left to the scenario imagination of the attackers.

One of the great fears of the authorities is the meeting of groups with strong financial possibilities and groups with high cybernetic skills.

During a recent BCG Observatory of the New Reality conference, you explained that "the security manager of any company is today confronted with military armaments designed by States to attack States"?

How did we get here ?

Just as the States manufacture their own fighter planes or their tanks, they naturally and quickly developed their own cybernetic weapons. Without always being able to protect themselves from possible leaks of these new weapons, easily copied, sometimes shareable with a simple internet connection. Groups have been able to use these leaks to make them the “strategic heart of a new criminal economy”. It is thus not uncommon to see on the Darknet [the black market of computers] players clearly showing their possibilities and their intentions to buy any weaponry, with a lot of bitcoins.

Less watched but just as important: information security research groups publicly and quite legitimately publishing their work.

It is a particularly sensitive source of information.

If you know how to follow the right research groups and connect the work with each other, then you will quickly be able to create the next digital weapon that will explode in organizations.

Criminal groups are real small businesses seeking to maximize their earnings and rationalize their costs.

"

These weapons, which have become malicious tools, are found after a first cycle of use, modified, recycled, to attack banks, hospitals, or any target that can make a criminal operation profitable.

Criminal groups are real small businesses with their own P&L [profit and loss], seeking to maximize their earnings and rationalize their costs.

So when you are behind the security desk of a large company, you can no longer tell yourself that with a simple antivirus you will be able to block such complex things.

We really went to another stage, about ten years ago.

Has the current health crisis, which goes hand in hand with the digitalization of our professional lives, accelerated the process?

Clearly.

The Covid-19 crisis, along with telecommuting and containment, has forced digitization in a phenomenal way and I don't think there will be a massive backtracking.

We will now move towards more and more digitalization, more and more attack surface and more and more attacks.

This will be reinforced by the development of IoT (Internet of things) which will accelerate, such as connected watches, within large companies and individuals, which are all tools for carrying out attacks and monitoring data. .

Today, we hear a lot about ransomware attacks.

Is this the main risk for companies when it comes to cybersecurity?

No, ransomware is a petty crime that aims to take the most and the fastest. However, this is the small and less hard part of the iceberg. Danger is anything you can't see. When a criminal group or a spy group backed by a state penetrates an organization, its goal is to remain silent as long as possible, the least identifiable possible to exfiltrate the data and literally duplicate a company, its know-how, all its intelligence. , endangering the jobs of tomorrow in France and in Europe. We do not monitor economic espionage enough and this will undoubtedly be one of the big setbacks of the next few years. We have entered, also in digital, a hyper-competitive, hyper-aggressive and hyper-globalized era. We have to adapt.

More and more hospitals are also the target of these attacks: the Secretary of State for the Digital Transition Cédric O counted in February 27 cyberattacks of hospitals in 2020, one per week since 2021. Should we fear a destabilization of the health system ?

I'm probably going to be a bit against the grain, but I think cybercriminals have been very cautious about hospitals since the start of the Covid crisis.

We have only encountered marginal attacks with an immediate ransom goal to free vital data.

But we haven't seen any incidents that are too large or too worrying.

Maybe we even had attackers targeting hospitals without knowing it.

Criminal groups know the penalties to which they are exposed.

They know that there are borders which would make them switch from criminality to very high criminality, even terrorism into which they do not necessarily want to fall.

At the start of this unprecedented crisis, there was a sort of tacit agreement to say "we will not attack hospitals".

The criminal groups pretty much stuck to it, but there is nothing to say it will last.

Yes, there was no drama: the data was not altered for example ...

Yes, much more than the encryption or destruction of data, it is their alteration that would be extremely serious. There is a real risk that one day an attack will target a hospital not to launch ransomware but to change patient data and ensure that the right doses of drugs are not distributed to the right people, for example. We can also harm a company: if an attack targets the system of a large carrier for example and sends purchase orders to the wrong ports on the other side of the world, we can paralyze the company or even the supply of whole regions for several days or several weeks. Behind this kind of malevolence there may be a competitor, "hacktivists" [pirates who act out of ideology], criminal motives, and so on.All the work of cybersecurity and cyber defense is to be proactive and to help individuals, small and large businesses or states to protect themselves.

How can they protect themselves against such an arsenal?

We have to accept that cybercrime is a risk.

At first, when an attack happened, nobody talked about it in the companies.

It was taboo.

In recent years, it has become a subject of general management.

We know that we will have to deal with this problem as a few years ago we had to deal with the physical protection of its plant, its gas pipelines, etc. 

We must therefore call on the right experts who will unfold the technical and operational model: take each of the security boxes, open and look inside to identify the aging architectures opening up to certain breaches and see how to update them or implement the right probes. in the right places.

This is a rapidly accelerating subject because companies have fully understood that this is a prerequisite for their five-year survival or their ability to innovate.

Which is a bit the same for many of them.

High-Tech

Cybersecurity: 97% of companies worldwide have suffered an attack via smartphones

Health

Cyberattack: A foundation managing 13 health clinics victim of massive hacking

• Coronavirus

• Future (s)

• High-Tech

• Ransom

• Cybersecurity

• Cyber ​​attack

• 20 minutes with