Together with employers' associations, the French government has launched a system to alert small and medium-sized businesses in the event of a major cyber attack. These structures are often ill-prepared to deal with security incidents.
A succinct, easy-to-understand leaflet
On July 21, Cedric O, the French Secretary of State for Digital Transition and Electronic Communications, presented a warning system in the event of a major cybersecurity incident. The aim: to support over a million small businesses exposed to large-scale cyber attacks.
Detailed by Geoffroy Roux de Bézieux, President of the Mouvement des entreprises de France (Medef), Jean-Lou Blachier, Deputy Vice-President of the Confédération des petites et moyennes entreprises (CPME) and Dominique Métayer, President of the Union des entreprises de proximité (U2P), the plan calls for the production of a succinct, comprehensible notice whenever a critical vulnerability or attack campaign is identified. This notice, aimed at SME managers, will be sent out via theassistance schemefor victims of cyber-malware and the French National Agency for Information Systems Security (ANSSI). Various bodies, including inter-professional organizations (Medef, U2P, CPME), the consular networks of Chambers of Commerce and Industry (CCI) and Chambers of Trade and Crafts (CMA), will be responsible for relaying it to the companies with which they are in contact. In concrete terms, this document will contain details of the risks detected, the systems concerned and the measures to be implemented.
Cyber attacks quadruple in one year
With this system, the government wants to ensure that companies are alerted as quickly as possible, without overwhelming them with messages, the aim being to maintain a high level of vigilance for each new alert.
In the context of successive confinements and remote working, companies have accelerated their digital transformation, and the cyberattacks recorded in 2020 by ANSSI have quadrupled in one year. More precisely, during this period, the French service received 2,287 reports, or around 6 per day, of which 759 were actual incidents. These represent 33% of the total number of reports, 7 of which were major incidents, and around 20 of which gave rise to cyber defense operations.
Ransomware is one of the biggest threats to businesses. These malicious programs, which block access to files by encrypting them, and demand that the victim pay a ransom to gain access again, have spared no one, affecting citizens right up to the largest administrations and companies. According to ANSSI, the perpetrators of these attacks specialize in breaking into information systems or in ransomware, and have "an extremely strong capacity to cause harm".
The alert system introduced by the government should help companies to better understand their difficulties, to consider their overall level of security, and to harden their systems without stopping working.