{"id":10123,"date":"2017-10-10T10:00:43","date_gmt":"2017-10-10T09:00:43","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=10123\/"},"modified":"2019-12-31T09:59:39","modified_gmt":"2019-12-31T08:59:39","slug":"cyber-resilience-plier-pas-rompre-12","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/","title":{"rendered":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2)"},"content":{"rendered":"

Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des syst\u00e8mes d\u2019information et la capacit\u00e9 d\u2019une menace cyber \u00e0 rendre indisponib<\/em>les pendant plusieurs semaines des parties importantes de syst\u00e8mes assurant le bon fonctionnement d\u2019une entreprise. Les soci\u00e9t\u00e9s touch\u00e9es ont durement pay\u00e9 les cons\u00e9quences de ces attaques. Qu\u2019en retenir et comment mettre en place une strat\u00e9gie de cyber-r\u00e9silience efficace en cas de cyberattaques majeures\u00a0? <\/em><\/p>\n

Face \u00e0 une cyberattaque majeure, qu\u2019elle soit destructive ou qu\u2019elle entra\u00eene une perte de confiance dans les syst\u00e8mes cl\u00e9s, le premier r\u00e9flexe pour une majorit\u00e9 d\u2019entreprises est d\u2019activer le plan de continuit\u00e9 d\u2019activit\u00e9 (PCA). Celui-ci est un \u00e9l\u00e9ment majeur de la strat\u00e9gie de r\u00e9silience des organisations ; afin d\u2019en assurer la survie lorsque surviennent des sinistres d\u2019ampleur entra\u00eenant l\u2019indisponibilit\u00e9 de ressources informatiques, d\u2019infrastructures de communication, d\u2019immeubles voire de collaborateurs.<\/p>\n

Or les cyberattaques majeures, destructives comme Wannacry ou NotPetya ou provoquant une perte de confiance dans les infrastructures (r\u00e9seau, gestion des acc\u00e8s, gestion du parc\u2026) comme les attaques cibl\u00e9es en profondeur (APT), n\u2019ont pas \u00e9t\u00e9 prises en compte lors de l\u2019\u00e9laboration de la majorit\u00e9 des PCA. Ces derniers, focalis\u00e9s sur un enjeu de disponibilit\u00e9, n\u2019appr\u00e9hendent pas les probl\u00e9matiques de la destruction simultan\u00e9e et de la perte de confiance dans le SI induites par les cyberattaques.<\/p>\n

En effet, les dispositifs de continuit\u00e9 du SI, le plus souvent li\u00e9s aux ressources qu\u2019ils prot\u00e8gent, sont \u00e9galement affect\u00e9s par ces attaques. Depuis plus de dix ans, les dispositifs de continuit\u00e9 (utilisateurs ou informatiques) ont adopt\u00e9 les principes de mutualisation des infrastructures et de secours \u00ab \u00e0 chaud \u00bb \u00e0 la fois pour r\u00e9pondre aux exigences de reprise rapide et d\u2019une meilleure exploitabilit\u00e9. De fait, cette \u00ab proximit\u00e9 \u00bb entre le SI nominal et son secours rend vuln\u00e9rables les dispositifs de continuit\u00e9 aux cyberattaques.<\/p>\n

<\/h2>\n

Quelles vuln\u00e9rabilit\u00e9s pour les dispositifs de continuit\u00e9\u00a0?<\/h2>\n

\u00c0 titre d\u2019exemple, lors d\u2019une intervention de crise suite \u00e0 l\u2019attaque NotPetya, l\u2019id\u00e9e d\u2019utiliser les postes de secours pr\u00e9sents sur le site de repli a tr\u00e8s rapidement \u00e9t\u00e9 \u00e9voqu\u00e9e. Malheureusement ceux-ci avaient \u00e9t\u00e9 d\u00e9truits de la m\u00eame mani\u00e8re que les sites nominaux car ils partageaient les m\u00eames syst\u00e8mes de gestion de parcs et les m\u00eames vuln\u00e9rabilit\u00e9s. Les investissements et les efforts investis dans les dispositifs de continuit\u00e9 ont sembl\u00e9 \u00e0 ce moment tr\u00e8s vains.<\/p>\n

Enfin, les sauvegardes, \u00e9tablies sur une base souvent quotidienne, constituent pour la plupart des organisations le dispositif de dernier recours pour reconstruire le SI.<\/p>\n

Malheureusement, en cas de compromission en profondeur, du fait de l\u2019ant\u00e9riorit\u00e9 de l\u2019intrusion (souvent plusieurs centaines de jours avant sa d\u00e9tection), ces sauvegardes embarquent de fait les \u00e9l\u00e9ments malveillants\u00a0: malwares, camps de base, mais aussi les modifications d\u00e9j\u00e0 op\u00e9r\u00e9es par les attaquants. De plus, la continuit\u00e9 en tant que telle des syst\u00e8mes de sauvegarde est souvent n\u00e9glig\u00e9e. Lors de gestion de crise sur NotPetya, les serveurs g\u00e9rant les sauvegardes ont eux-m\u00eames \u00e9t\u00e9 d\u00e9truits. Les restaurer a pris plusieurs jours vu leur complexit\u00e9 et leur imbrication dans le SI (n\u00e9cessit\u00e9 de disposer d\u2019un ActiveDirectory pour lancer des restaurations alors que la sauvegarde de l\u2019AD \u00e9tait n\u00e9cessaire pour le reconstruire, reconstruction de l\u2019index des bandes de sauvegardes d\u00e9truit avec le reste\u2026).<\/p>\n

S\u2019agissant des SI industriels, les constats sont tout aussi manifestes. Les syst\u00e8mes num\u00e9riques industriels sont r\u00e9silients \u00e0 des pannes techniques ou des incidents m\u00e9caniques anticip\u00e9s. En revanche, ils n\u2019ont que rarement int\u00e9gr\u00e9, d\u00e8s leur conception, les potentialit\u00e9s d\u2019une malveillance humaine et ne disposent souvent pas de m\u00e9canismes de s\u00e9curit\u00e9 avanc\u00e9s. Du reste, leur cycle de vie long (plusieurs dizaines d\u2019ann\u00e9es) les expose \u00e0 l\u2019exploitation de vuln\u00e9rabilit\u00e9s parfois anciennes. Enfin l\u2019ind\u00e9pendance des cha\u00eenes de contr\u00f4le (Syst\u00e8mes Instrument\u00e9s de S\u00e9curit\u00e9, cf. encadr\u00e9 ci-apr\u00e8s) vis-\u00e0- vis des syst\u00e8mes num\u00e9riques qu\u2019elles supervisent n\u2019est pas toujours appliqu\u00e9e.<\/p>\n

\"\"<\/figure>\n

Des sc\u00e9narios d\u2019attaques majeures illustr\u00e9s par des attaques r\u00e9centes<\/h2>\n

La destruction logique ou l\u2019indisponibilit\u00e9 d\u2019une grande partie du syst\u00e8me d\u2019information.<\/h3>\n

Concr\u00e9tis\u00e9 par les attaques de vrai-faux ran\u00e7ongiciels Wannacry et NotPetya, ce type d\u2019attaque entra\u00eene une indisponibilit\u00e9 massive du fait du chiffrement des fichiers de donn\u00e9es et\/ou du syst\u00e8me d\u2019exploitation. Les soci\u00e9t\u00e9s touch\u00e9es par ce type d\u2019attaque (Merck, Maersk, Saint Gobain, Fedex\u2026 mais aussi Sony Pictures ou Saudi Aramco) ont perdu jusqu\u2019\u00e0 plus de 95% de leurs syst\u00e8mes d\u2019information (des dizaines de milliers d\u2019ordinateurs et de serveurs) en un d\u00e9lai souvent inf\u00e9rieur \u00e0 1h. La situation au d\u00e9marrage de la crise est tr\u00e8s difficile car il n\u2019y a plus aucun moyen de communication et d\u2019\u00e9change au sein de l\u2019entreprise, y compris au sein de la DSI. Les victimes ont communiqu\u00e9 sur des pertes de plusieurs centaines de millions d\u2019euros suite \u00e0 ces attaques.<\/p>\n

La compromission et la perte de confiance dans le syst\u00e8me d\u2019information<\/h3>\n

Il s\u2019agit d\u2019attaques cibl\u00e9es qui ne remettent en pas en cause le bon fonctionnement du syst\u00e8me mais qui visent \u00e0 donner aux attaquants l\u2019acc\u00e8s \u00e0 l\u2019ensemble des syst\u00e8mes de l\u2019entreprise (messagerie, fichiers, applications m\u00e9tiers\u2026), leur permettent d\u2019usurper l\u2019identit\u00e9 de n\u2019importe quel employ\u00e9 et de r\u00e9aliser des actions en leur nom. Les attaquants peuvent ainsi exfiltrer tout type de donn\u00e9es ou r\u00e9aliser des actions m\u00e9tiers demandant plusieurs validations successives. Ces attaques ont touch\u00e9 de tr\u00e8s nombreuses entreprises dans tous les secteurs avec comme cons\u00e9quences des fraudes massives, comme celles ayant touch\u00e9 la banque du Bangladesh, ou des vols de donn\u00e9es financi\u00e8res et de paiements comme celles ayant touch\u00e9s plusieurs groupes de distribution aux Etats-Unis dont Target ou encore Home Depot. La situation au d\u00e9marrage de la crise est complexe en raison d\u2019une conjugaison de plusieurs \u00e9l\u00e9ments aggravants : perte de confiance dans le syst\u00e8me d\u2019information et flou grandissant sur les actions et objectifs. Il s\u2019agit alors d\u2019investiguer discr\u00e8tement jusqu\u2019\u00e0 pouvoir d\u00e9loger l\u2019attaquant et reconstruire un syst\u00e8me sain. Les victimes touch\u00e9es par ces attaques ont fait \u00e9tat d\u2019impacts financiers de plusieurs centaines de millions d\u2019euros.<\/p>\n

\"\"<\/figure>\n

 <\/p>\n

Cet article est issu de notre focus “Cyber-r\u00e9silience : plier pour ne pas rompre<\/a>“.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des syst\u00e8mes d\u2019information et la capacit\u00e9 d\u2019une menace cyber \u00e0 rendre indisponibles pendant plusieurs semaines des parties importantes de syst\u00e8mes assurant le bon fonctionnement d\u2019une entreprise. Les soci\u00e9t\u00e9s…<\/p>\n","protected":false},"author":15,"featured_media":10130,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36],"tags":[3313,590,244,1241,2470,2868,447,1203,2874],"coauthors":[837,821],"class_list":["post-10123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","tag-bcp-cyberresilience","tag-compromission-du-si","tag-crise","tag-cyberattaque","tag-cyberresilience","tag-notpetya","tag-strategie","tag-vulnerabilites","tag-wannacry"],"acf":[],"yoast_head":"\nCyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight<\/title>\n<meta name=\"description\" content=\"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-10T09:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T08:59:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2)\",\"datePublished\":\"2017-10-10T09:00:43+00:00\",\"dateModified\":\"2019-12-31T08:59:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\"},\"wordCount\":1139,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"keywords\":[\"BCP & cyberresilience\",\"compromission du SI\",\"crise\",\"Cyberattaque\",\"cyberresilience\",\"Notpetya\",\"strat\u00e9gie\",\"vuln\u00e9rabilit\u00e9s\",\"Wannacry\"],\"articleSection\":[\"Cloud & Next-Gen IT Security\",\"Cybersecurity & Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\",\"name\":\"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"datePublished\":\"2017-10-10T09:00:43+00:00\",\"dateModified\":\"2019-12-31T08:59:39+00:00\",\"description\":\"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"width\":3873,\"height\":3873},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight","description":"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/","og_locale":"en_US","og_type":"article","og_title":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight","og_description":"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/","og_site_name":"RiskInsight","article_published_time":"2017-10-10T09:00:43+00:00","article_modified_time":"2019-12-31T08:59:39+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, Frederic Chollet","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, Frederic Chollet","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2)","datePublished":"2017-10-10T09:00:43+00:00","dateModified":"2019-12-31T08:59:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/"},"wordCount":1139,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","keywords":["BCP & cyberresilience","compromission du SI","crise","Cyberattaque","cyberresilience","Notpetya","strat\u00e9gie","vuln\u00e9rabilit\u00e9s","Wannacry"],"articleSection":["Cloud & Next-Gen IT Security","Cybersecurity & Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/","url":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/","name":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","datePublished":"2017-10-10T09:00:43+00:00","dateModified":"2019-12-31T08:59:39+00:00","description":"Les attaques successives de Wannacry et NotPetya ont montr\u00e9 concr\u00e8tement la fragilit\u00e9 des SI et la capacit\u00e9 de destruction d\u2019une menace cyber.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","width":3873,"height":3873},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/10\/cyber-resilience-plier-pas-rompre-12\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cyber-r\u00e9silience : plier pour ne pas rompre (1\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=10123"}],"version-history":[{"count":4,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10123\/revisions"}],"predecessor-version":[{"id":10252,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10123\/revisions\/10252"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/10130"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=10123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=10123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=10123"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=10123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}