“Only eyes to cry…” Companies often helpless in the face of cyberattacks

Corbeil-Essonnes Hospital, National Polytechnic Institute of Toulouse, or even the giant Uber. Hardly a week goes by without several cases of large-scale cyberattacks making headlines. But this phenomenon would in fact be even more widespread than one might imagine. “One in two companies was the target of an attack in 2020, indicates the gendarmerie, which organized a round table on Wednesday in Nantes for the economic world. This can affect everyone, from large structures to small SMEs. It is necessary to free speech, not to leave this question as a taboo. »

At the head of the small Plasti fishing company, Marie-Agnès Mandin recounts “the shame” that some business leaders may feel who have yet “not for a second sniffed out the scam”. It must be said that the invoice received at the beginning of the year by this Vendée manager, who was thinking of buying a second-hand container, seemed perfectly authentic! “After spotting the ad on Le Bon coin, we had exchanges of emails with this company, which asked us to pay in advance, a classic practice, she says. After having made the transfer of 1,700 euros to the RIB provided, we have had no further news. We only had eyes to cry! By calling the company’s headquarters, Marie-Agnès Mandin understood that the hackers had in fact usurped the identity of the company… which also only sells new equipment. Annoyed at having been fooled but today “much more vigilant”, the leader confides that she has not filed a complaint, “can only blame herself”.

False transfer, fraud to the president…

The false transfer, however, this is the second most common type of scam. “It can be a pipe bill that blends into the flow, or a diverted bill, that is to say a real payment but paid to the wrong person, who managed to modify the IBAN, details Captain Dominique Bogé, head of the prevention and protection department of the gendarmerie command in cyberspace. We also have the president’s fraud: the hacker learns about the company, its employees, and attacks the weak link, such as a secretary or an accountant, pretending to be the president who requests a transfer. It is a very sophisticated technique. »

Read also  Naucelle. The sub-prefect on a working visit

Scam number one among individuals, phishing can also wreak havoc since it sometimes allows crooks to introduce malicious software (or ransomware) into a company’s information system and recover data, sometimes sensitive. It is also perhaps like this, the click of an employee on a simple link, that the Vendée group Atlantic experienced a major cyberattack in 2020. “In a few hours, it was done. The group of attackers succeeded in encrypting our entire network, recalls Lucie Poiraud, head of information systems security for the company of 12,000 employees. We received a message with a countdown before which we had to report to know the amount of the ransom. »

Rebuild and raise awareness

As recommended by the gendarmerie, the company, which manufactures thermal comfort products, declined the negotiation, preferring “a reconstruction strategy”. With the price to pay of a partial shutdown of production for several months. “We weren’t well prepared so it was a very long and complicated job,” reports Lucie Poiraud. It was necessary to reinstall 5,000 PCs, but also to improve security. Since then, I regularly raise awareness: put a filter on your computer when you take the train, be careful with USB keys, test employees with organized phishing…”

An essential awareness, according to the police, who still expect a rise in power of the phenomenon. “In terms of crime, it’s a less risky way to make money than with a robbery,” observes Laurent Verdier, police officer and cybercrime expert. You have a better chance of remaining anonymous, without the danger of hurting or killing someone. »