Imagine. You arrive at the office one morning and your servers are down. You have been cyberattacked, you feel helpless. A nightmare, whose occurrences are multiplying since the Covid and the war in Ukraine.
Mandiant, a Google subsidiary, last week accused a group of cyberattackers, visibly linked to the Chinese state, of a vast campaign of computer espionage, including targeting government agencies in several countries of strategic interest to Beijing. “This is the largest known cyber espionage campaign by a malicious actor linked to China since the massive exploitation of Microsoft Exchange in early 2021”, said Charles Carmakal, the technical director of this cybersecurity specialist.
On Tuesday, a “cyber crisis” simulation was organized at the CRiP universities, in order to teach participants how to react in the event of a cyber attack. Le Point interviewed Menny Barzilay, the facilitator of this training and the founder of Cytactic, an Israeli company specializing in the management of cybercrises.
Viewpoint: Is the risk of a cyberattack very high?
The criminal world is very innovative, it is constantly creating new tools, new markets to sell stolen data. He even forms some kind of start-ups, which sell crime as a service. Faced with this threat, no company will ever be 100% protected. So plan ahead, because when it does, it will be too late to improvise.
How to prepare for a cyberattack?
The first mistake to avoid is to see the cyber crisis as just an IT problem: it is also, and above all, a business challenge. It is therefore necessary that the CEO, the board of directors, the lawyers and the communicators of the company are trained and know how to react in the best possible way in the event of a crisis. The real-time simulation of a cyberattack that I propose can be useful in this sense: it allows you to assess the errors to be avoided and to start preparing your reaction process in the event of an attack. A specialized company can also help establish crisis management processes and put them in place when it occurs.
No matter what type of crisis you face, you need to surround yourself with the right people, have the right means of communication, and know how to assess the situation. It’s also about making sure everyone is acting in sync, and that all messaging across your organization is consistent.
Then, you have to have a plan adapted to all possible scenarios. We do not act in the same way when faced with ransomware as when faced with an internal threat, coming from an employee, or after an attack at a supplier, which affects the supply chain. But all scenarios must include the whole team.
How to react when the cyberattack happens?
If a cyberattack occurs, the first thing to do is to ask yourself a second, and refer to the crisis management process which must imperatively have been put in place upstream. The majority of mistakes are made in the first hour of the crisis, when people are under pressure.
Then you have to bring the whole team together: the IT specialists, of course, but also the legal adviser, the public relations specialist, the financial director, the investor relations manager… All must contribute to the decision-making, in order to to ensure that it is good at all levels.
A cybercrisis is by definition a multidisciplinary problem, and a decision that may seem very good in technical terms may turn out to be disastrous on another level, a perfect option in legal terms may then pose big problems during the negotiation… So you have to manage all aspects at the same time.
Should you always refuse to pay the ransom?
Most people think that the most common attack is ransomware because they are the loudest: the network is down, the hacker wants a ransom, you have to negotiate and everyone knows. But in real life, many attacks take place without almost anyone ever hearing about them, except the management and the authorities. Cyberattacks should therefore not be limited to ransomware, they are only one threat among others.
But to answer your question, in ethical terms, it is recommended not to pay the ransom so as not to encourage and strengthen the criminal groups. In fact, it is often wiser to pay it, because it limits the duration of the crisis and therefore the consequences it can have on the company.
Do you have examples of situations handled by your company?
I can only answer this question in an extremely general way, because we are not talking about our customers, let alone the things they have experienced. One employee, for example, sold his company’s source code to a competitor, while another used the company to buy bitcoins to satisfy his pedophile urges…I can’t say more , but there are in any case a lot of different situations, and we have managed some completely crazy ones, worthy of what we see in the movies.