Cyberattacks in 2021: ransomwares, still threat n°1

Gérôme Billois — Wed, 20 Oct 2021 11:23:00 +0000

On the launch of the European Cybersecurity Month and for the Assises de la Sécurité (from 13 to 16 October 2021), Wavestone unveils the new edition of its benchmark of cybersecurity incidents. To this end, we reviewed the interventions of the CERT-Wavestone crisis management team between September 2020 and October 2021.

This represents 60 major security incidents that led to business interruption or advanced IS compromise in a diverse sector: industry, public sector, agri-food, information technology, finance, etc. The objective of this benchmark is to shed light on and show the evolution of the state of the cyber threats, whilst also providing the keys for better anticipation and reaction.

A strong preponderance of ransomware in the panorama of cyberattacks

Ransomware accounts for 60% of the cyberattacks encountered by CERT-W for our customers. Furthermore, attackers are becoming increasingly more organized and skilled at carrying out more effective attacks

“Cybercriminal groups have succeeded in their digital transformation and their organization into a platform has made it possible to majorly make their attacks more efficient and faster” Gerôme Billois, Partner Cybersecurity

Beyond the simple blocking of the IS, the combination with data theft is becoming more and more present. Indeed, 30%of the ransomware attacks observed include combine the blocking of the IS and the theft of data, the latter being an additional lever to obtain financial gains.

Faster and more targeted ransomware attacks

We see a reduction in the average time between initial access and deployment of ransomware in the system with a minimum of 3 days for the fastest attack and an average of 25 days on managed cases. Attackers are becoming more and more determined to harm their victims. Indeed, they now go so far as to target and destroy the backup mechanisms in order to force the payment of the ransom (21% of cases).

We also find that in 90% of cases data has been irretrievably lost. It should be noted that we are seeing a significant decrease in ransom payments this year (from 20% the previous year to 5% of cases). Multiple factors can explain this decrease, between the better understanding of the low interest to be paid (the payment of the ransom does not accelerate the time of resolution of the crisis), the actions of awareness and pressure on the payment intermediaries by the different authorities.

Other types of attacks are still raging in the background

The ransomware threat should not make us forget the attacks of data theft, fraud and the gain in attack capacity that remain well present (25%) even if they are less frequent.

When it comes to accessing channels to break into systems, the main gateways are still the use of valid accounts (23%), fraudulent emails, phishing to obtain information (20%) and remote access services using security vulnerabilities or configuration defects (18%).

How not to be an easy target? Some tips from CERT-W

56% of victims did not anticipate being the potential target of a cyberattack. They did not have an incident response contract or a cyber insurance and 42% of victims had not thought about their resilience in the event of an attack

“Even if diplomatic and judicial actions have weakened the cybercriminal ecosystem, it is not a question of stopping efforts, we must prepare now thanks to simple actions to put in place” Nicolas Gauchard, Head of CERT-W

The most important actions are known:

Identify and protect the most critical systems and data, including mention technical systems such as Active Directory
Improve the efficiency of attack detection with a specialized 24/7 service
Know how to manage a major crisis by training through crisis management exercises
Strengthen backup security and practice rebuilding immediately
Subscribe to a cyber insurance and a contract with a specialized service in case of crisis

Download the publication

Contact-us

Cet article Cyberattacks in 2021: ransomwares, still threat n°1 est apparu en premier sur RiskInsight.

Industrial sites cybersecurity : benchmark on 40 assessments

Arnaud Soullié — Wed, 26 May 2021 09:28:12 +0000

Over 40 assessments of industrial sites

Over the past two years, Wavestone’s auditors have conducted more than 40 cybersecurity assessments of industrial sites in various sectors (pharmaceutical, food processing, energy, etc.).

These assessments have enabled us to benchmark the level of cybersecurity of these sites on a selection of themes.

Our assessment methodology

Wavestone has developed an industrial site assessment framework, adaptable to the specificities of the sector or the client, allowing a global assessment of the cybersecurity level of a site or a production line.

Focus on 5 key themes

This benchmark of the level of cybersecurity of industrial sites is based on a selection of themes: governance, network segmentation, remote access, system administration and resilience. For each of these categories, we share successes, failures and recommendations, concluding with our key actions to get a good start on a site security program.

If you want to know more, you can find the detailed study.

Cet article Industrial sites cybersecurity : benchmark on 40 assessments est apparu en premier sur RiskInsight.

benchmark - RiskInsight