Businesses can no longer pretend to be immune to cyber-attacks

It’s here. For months now people have been waiting for it, whilst others feared it, or even hoped it would give them more time to prepare. Since mid-2016, I have noticed as part of our interventions both a significant increase in cyber-attacks, particularly by ransomware, and a certain naivety of insured parties and their providers who have not changed their practices despite the emergence of this new risk. They clearly thought they were safe from this type of attack.

Within the GM Consultant group, we have worked extensively on user awareness, so that they are more and more vigilant. It is finally due to a security vulnerability present on the Windows operating system, discovered by NSA, that the attack could be carried out. The update, although published by Microsoft, would not have been deployed in many companies … Surely for good reasons, but which belong to the practices of the past when we know today the risks of such flaws.

Large corporations are making headlines. In France, Renault carries the national burden. Telefonica in Spain, the NHS in England, Fedex in the U.S.A., Deutsche Bahn in Germany, Sberbank in Russia: nobody is jealous! Beyond all the political and ideological aspects, it is greed that has triumphed. Financial gain is the only motivation.

It is no longer possible to argue that a company cannot be the potential target of a non-targeted attack. All companies and of course all individuals that have electronic data can be affected and, as such, it is now urgent to prepare for the next attack due to this new risk:

• manage vulnerabilities,

• modify existing technical architecture,

• invest in backup management and especially restoration testing,

• and of course continue to work on raising awareness.

So many possibilities to explore in order to limit the impact of cyber-attacks. It is especially essential to be prepared to manage this type of crisis or to be well advised and well accompanied.

This incident confirms the decision taken by the GM Consultant Group to invest heavily over recent years to be able to support professionals in their approach to securing their Information System, but especially in their approach to crisis management.

Our contacts:

Because every day that passes brings us closer to the next cyber-attack. And more victims are likely to be discovered over the coming days.

Alexis NARDONE, IT & Cyber Manager