Unusable software, inaccessible computer servers, confidential data published on the Web. Cyber attacks have never been so numerous. The National Information Systems Security Agency (Anssi) recorded 192 attacks last year, a fourfold increase in one year. And 57% of companies believe they were victims of an attack in 2020, according to the survey carried out by the Club of Information and Digital Security Experts (Cesin). Because the environment has changed, and the risks are exploding. “There is a shift from crime to cybercrime, because the gains can be high for a low investment and little risk”, analysis Alain Bouillé, general delegate of Cesin.
MINI CYBERSECURIT GLOSSARYE
Ransomware : Malware that encrypts data and makes it inaccessible, with the aim of demanding a ransom from the user in exchange for a key.
Phishing : fraudulent technique intended to deceive the Internet user to encourage him from a false message (email, SMS or phone call) to communicate personal data.
Zombie : computer infected with a virus and controlled without the knowledge of its user by a hacker who uses it to attack other computers while concealing his real identity.
Fault : lack of protection in software or a computer that allows remote intrusion.
The ransomware attacks that appeared four years ago have multiplied. For hackers, the gateway is often email and a user opening an attachment containing malware. “Hackers are patient. The phase of intrusion and escalation in an information system to gradually gain control of it takes on average twenty-nine days ”, explains Gérôme Billois, administrator of Clusif (the benchmark association for digital security in France): “Then the actual attack, which blocks workstations and encrypts data to make it unusable, does not last more than a few tens of minutes. “
The other threat, regularly mentioned by Anssi, remains espionage. “It can be the result of foreign services, but also of competition, which we too often forget. Today, the main criterion to be attacked is no longer size, but the capacity for innovation ”, insists Rémy February, lecturer at the CNAM and former senior officer of the National Gendarmerie.
18,000 contaminated companies
Since the end of last year, concerns have risen even further. The attack on the American publisher SolarWinds marked a turning point in its scale and sophistication. Orion, its data center management software, has been infected with malicious code introduced by hackers. It then infected 18,000 businesses with a trivial update. Unheard of in the United States. “This heralds the fight of the future: responding to indirect attacks, via suppliers in which companies trust”, predicts Alain Bouillé. The concern is such that the State is getting involved and has just launched its plan in favor of cybersecurity. Objective: to mobilize start-ups and research.
“We are witnessing a paradigm shift. We move from the era of the fortress to a world where we know that the attack is going to happen. We must therefore prepare for it ”, summarizes Gildas Avoine, head of the Computer Security research group supported by the CNRS. Of course, the tools already exist and large companies often have a centralized platform to supervise the security of their information system from the inside and to spot attacks in progress thanks to the connection data of all the servers. “Today, the complexity is such that strictly centralized management finds its limits”, nuance however Loïc Guézo, secretary general of Clusif.
Specialists put a lot of hope in artificial intelligence to automate the fight against piracy. Techniques that are starting to be deployed thanks to young companies like Tehtris, which recently raised 20 million euros. “Our robots are equipped with artificial intelligence to monitor and analyze malicious agents”, assures Winston Delbey at Tehtris. This is to be more efficient than conventional antiviruses, which only detect the “signatures” of already known viruses. The company tracks cybercriminals on the Darknet before their misdeeds, to try to know their methods, their malicious codes, or even identify their targets. “We submit this data to our artificial intelligences, so that they learn to differentiate what is dangerous and what is not”, assures Winston Delbey.
AI and the cybercentaure
However, there is still a lot of work, say the researchers. “Machine learning is a hope, but the revolution observed in image processing or translation has not yet taken place. We are still in the evaluation phase. However, we can see that these systems sometimes do as well as humans. Which suggests a possibility of automation ”, specifies Gildas Avoine. Progress is going to be slow, because machine learning requires large amounts of data to train algorithms. That’s the whole problem. “These data correspond to past attacks suffered by companies. They are therefore sensitive and companies are reluctant to communicate them. Without access to this data, progress will be difficult ”, recognizes the researcher.
Some are also alarmed to see artificial intelligence being used by hackers themselves to fool cybersecurity systems. In 2016, didn’t the US Agency for Advanced Defense Research Projects (Darpa) organize a competition, in which artificial intelligence was used to attack enemy networks while protecting their own? So that other avenues are being studied. “Artificial intelligence makes it possible to manufacture a duplicate of the information system, a kind of digital twin. This makes it possible to simulate computer attacks ”, explains Marc Oliver Pahl, who heads the chair in cybersecurity at IMT Atlantique school.
For others, the future lies in collaboration between humans and machines. The CEA is thus working on a Cybercentaure program. “The objective is to relieve the expert of repetitive and time-consuming tasks, to allow him to concentrate his analysis on the most interesting points not dealt with by the automatic systems. The interest of artificial intelligence being “to learn” the gestures of the operators, or to accelerate its reasoning “, explains Florent Kirchner, head of the software and systems engineering department at CEA List.
In the longer term, another danger already threatens cybersecurity: quantum computing. Beyond the promises in the field of meteorology or health, the quantum computer will be able to break the current encryption systems which constitute the basis of cybersecurity, in particular for the protection of data. “Scientists are already working on this post-quantum cryptography”, promises David Pointcheval, specialist in the subject at the Ecole normale supérieure. Whatever technological developments, we must not forget the human factor. “We have to invest in education. That computer security is no longer optional in the grandes écoles and that the issue of personal data be taught from middle school ”, insists Marc Oliver Pahl. “The human being is the weak link. If we do not make all members of the organization aware of the cyber risk, security will remain a dead letter ”, predicts Rémy February.
In this difficult period, entrepreneurs and managers of VSEs and SMEs need support more than ever. The Les Echos Entrepreneurs site is making its contribution by offering free information and testimonials for the next few weeks.
>>> To stay informed of entrepreneurs and startups news,
remember to subscribe to our daily newsletter
and / or the weekly newsletter Goodbye to the crisis!