{"id":10148,"date":"2017-10-30T11:52:00","date_gmt":"2017-10-30T10:52:00","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=10148\/"},"modified":"2020-01-02T15:17:43","modified_gmt":"2020-01-02T14:17:43","slug":"cyber-resilience-bend-without-breaking-12","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/","title":{"rendered":"Cyber-resilience: bend without breaking (1\/2)"},"content":{"rendered":"<p style=\"text-align: left;\"><em>Successive cyber attacks, Wannacry and NotPetya, have highlighted the limits of current resilience and business continuity plans, as well as the full capacity of cyberthreats to cripple Information Systems. The affected organizations paid a high price. What can we learn? What actions can we take to prepare for major cyberattacks? How can we ensure cyber-resilience?<br \/>\n<\/em><\/p>\n<p style=\"text-align: left;\">When confronted with a major cyber attack, whether destructive or leading to a loss of trust in vital systems, the first reaction of a majority of companies is to activate their business continuity plan (BCP). This strategic element of resiliency is enacted \u00a0to ensure the organization\u2019s survival against disasters whose magnitude causes computing resources, communication infrastructures, buildings, and possibly even users to be unavailable.<\/p>\n<p style=\"text-align: left;\">Yet major cyber attacks, have not been taken into account when developing most BCPs, even though they can be as destructive in scale as either Wannacry or NotPetya, or, more often, lead to a loss of trust in the basic components of the infrastructure (network, access control, inventory, etc.). By Focusing on an availability agenda, organizations fail to address the issue arising from the simultaneous destruction or the loss of confidence in Information System (IS) caused by cyber attacks.<\/p>\n<p style=\"text-align: left;\">Moreover, these IS continuity plans are frequently intimately linked to the resources they protect and are equally affected by the attacks. For over a decade, continuity processes (either user fallback or IT recovery) have adopted principles of infrastructure pooling and \u201chot\u201d recovery to cope with both rapid business recovery and the need for better operability.<\/p>\n<p style=\"text-align: left;\">In effect, this \u00ab proximity \u00bb between the regular IS and its recovery counterpart makes continuity plans vulnerable to cyber attacks.<\/p>\n<h2>What vulnerabilities in business continuity systems?<\/h2>\n<p style=\"text-align: left;\">As an example, various dedicated and connected recovery stations of fallback sites were contaminated by NotPetya and were useless for the remediation.<\/p>\n<p style=\"text-align: left;\">Legacy \u00ab cold \u00bb recovery\/emergency plans (often consisting \u00a0of activating a recovery system in case of incident) concern fewer and fewer applications, and the remaining ones are often secondary.<\/p>\n<p style=\"text-align: left;\">Unfortunately, when dealing with a deep compromise of systems, backups often onboard malevolent elements such as malwares, base camps, or modifications meticulously operated by attackers beforehand, due to the fact that intrusions go undetected for long period of time (detection often happens hundreds of days following the initial infection). Not to mention that the continuity of the backup systems themselves is often neglected. During the management of the NotPetya crisis, the backup management servers were also destroyed. Restoring them took several days, due to their complexity and nested nature within the information system; an ActiveDirectory was necessary to launch the restorations while the ActiveDirectory backup was a prerequisite to rebuild it.<\/p>\n<p style=\"text-align: left;\">The same findings hold for industrial IS. Industrial digital systems are resilient against technical breakdowns or anticipated mechanical incidents. However, they were rarely designed with the consideration of the possibility of human malice and as a result often lack advanced security systems. To compound on this, industrial IS has lifecycles of several decades which expose them to old vulnerabilities. Finally, the independence of control channels from the digital systems which they oversee is not always implemented.<\/p>\n<figure id=\"post-10151 media-10151\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-10151\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-1-cyber-resilience.png\" alt=\"\" width=\"1447\" height=\"680\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-1-cyber-resilience.png 1447w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-1-cyber-resilience-406x191.png 406w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-1-cyber-resilience-768x361.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-1-cyber-resilience-71x33.png 71w\" sizes=\"auto, (max-width: 1447px) 100vw, 1447px\" \/><\/figure>\n<h2>Two illustrated major attack scenarii<\/h2>\n<h3>Logical destruction or the unavailability of a large chunck of an Information System<\/h3>\n<p>Made real by attacks from true-false ransomware, Wannacry and NotPetya. This type of attack causes mass unavailability of services due to the encryption of data files and\/or the operating system. The companies affected by this attack (Merck, Maersk, Saint Gobain, Fedex&#8230; as well as Sony Pictures and Saudi Amramco) lost up to 95% of their Information Systems (tens of thousands of computers and servers) in a timeframe that often lasts less than an hour. At the start of such crisis, the situation is highly difficult since there is no longer any means of communication or exchange mechanism within the affected company, including ISD. Victims have outlined losses of several hundred of million euros following these attacks.<\/p>\n<h3>A compromise and loss of confidence in Information Systems<\/h3>\n<p>It concerns a targeted attack does not challenge the proper functioning of the system. Rather, it aims to give attackers access to all of the company&#8217;s information systems (email and messaging, files, business applications, etc.) allowing them to steal the identity of any employee and carry out actions in their name. The attackers may then extract any type of data or carry out business actions which require several successive validations. These attacks affected a large number of companies across all sectors incurring massive fraud as a result, including the bank of Banglasdesh. These attacks also affected financial and payment data theft as was the case for several distribution groups in the United States including Target and Home Depot. The situation at the start of the crisis is complex since there is no confidence in the Information System and there is considerable uncertainty about what the attacker could do and their motives. It involves quietly investigating until being able to remove the attacker and rebuild a secure system. Victims affected by these attacks have also reported financial impacts worth several hundred million euros.<\/p>\n<figure id=\"post-10157 media-10157\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-10160 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-2-cyber-resilience-1.png\" alt=\"\" width=\"266\" height=\"336\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-2-cyber-resilience-1.png 435w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-2-cyber-resilience-1-151x191.png 151w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/images-2-cyber-resilience-1-31x39.png 31w\" sizes=\"auto, (max-width: 266px) 100vw, 266px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Successive cyber attacks, Wannacry and NotPetya, have highlighted the limits of current resilience and business continuity plans, as well as the full capacity of cyberthreats to cripple Information Systems. The affected organizations paid a high price. What can we learn?&#8230;<\/p>\n","protected":false},"author":15,"featured_media":10131,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3266,2777],"tags":[2875,2871,3327,2879,3365,2877,2878,3366],"coauthors":[837,821],"class_list":["post-10148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security-en","category-cybersecurity-digital-trust","tag-cyber-crisis","tag-cyberattack","tag-cyberresilience-en","tag-is-compromission","tag-notpetya-en","tag-strategy","tag-vulnerabilities","tag-wannacry-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cyber-resilience: bend without breaking (1\/2) - Risk Insight<\/title>\n<meta name=\"description\" content=\"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber-resilience: bend without breaking (1\/2) - Risk Insight\" \/>\n<meta property=\"og:description\" content=\"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-30T10:52:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T14:17:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, Frederic Chollet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Cyber-resilience: bend without breaking (1\/2)\",\"datePublished\":\"2017-10-30T10:52:00+00:00\",\"dateModified\":\"2020-01-02T14:17:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\"},\"wordCount\":846,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"keywords\":[\"cyber crisis\",\"cyberattack\",\"cyberresilience\",\"IS compromission\",\"Notpetya\",\"Strategy\",\"Vulnerabilities\",\"Wannacry\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\",\"name\":\"Cyber-resilience: bend without breaking (1\/2) - Risk Insight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"datePublished\":\"2017-10-30T10:52:00+00:00\",\"dateModified\":\"2020-01-02T14:17:43+00:00\",\"description\":\"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"width\":3873,\"height\":3873},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber-resilience: bend without breaking (1\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber-resilience: bend without breaking (1\/2) - Risk Insight","description":"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/","og_locale":"en_US","og_type":"article","og_title":"Cyber-resilience: bend without breaking (1\/2) - Risk Insight","og_description":"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/","og_site_name":"RiskInsight","article_published_time":"2017-10-30T10:52:00+00:00","article_modified_time":"2020-01-02T14:17:43+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, Frederic Chollet","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, Frederic Chollet","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Cyber-resilience: bend without breaking (1\/2)","datePublished":"2017-10-30T10:52:00+00:00","dateModified":"2020-01-02T14:17:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/"},"wordCount":846,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","keywords":["cyber crisis","cyberattack","cyberresilience","IS compromission","Notpetya","Strategy","Vulnerabilities","Wannacry"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/","name":"Cyber-resilience: bend without breaking (1\/2) - Risk Insight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","datePublished":"2017-10-30T10:52:00+00:00","dateModified":"2020-01-02T14:17:43+00:00","description":"Successive Wannacry and NotPetya attacks showed in reality how fragile information systems can be and how destructive a cyber-attack can be.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","width":3873,"height":3873},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/10\/cyber-resilience-bend-without-breaking-12\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cyber-resilience: bend without breaking (1\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=10148"}],"version-history":[{"count":12,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10148\/revisions"}],"predecessor-version":[{"id":10167,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10148\/revisions\/10167"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/10131"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=10148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=10148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=10148"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=10148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}