{"id":2213,"date":"2012-09-11T08:00:26","date_gmt":"2012-09-11T07:00:26","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=2213"},"modified":"2019-12-31T12:06:12","modified_gmt":"2019-12-31T11:06:12","slug":"le-hack-as-a-service-haas-un-marche-florissant","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/","title":{"rendered":"Le Hack As A Service (HaaS), un march\u00e9 florissant !"},"content":{"rendered":"

Les cyber-attaques se multiplient et atteignent leur objectif de plus en plus fr\u00e9quemment. Elles suscitent un grand emballement m\u00e9diatique et un int\u00e9r\u00eat croissant de personnes malveillantes qui y voient l\u2019opportunit\u00e9 d\u2019utiliser les faiblesses des syst\u00e8mes d\u2019information pour atteindre leurs fins criminelles. En parall\u00e8le, les pirates comprennent l\u2019importance grandissante de leurs comp\u00e9tences et cherchent \u00e0 les monnayer de plus en plus simplement afin de cr\u00e9er un v\u00e9ritable march\u00e9 noir de la cybercriminalit\u00e9.<\/em><\/p>\n

La demande explosant, le besoin d\u2019industrialisation se fait ressentir. Cette situation aboutit \u00ab\u00a0naturellement\u00a0\u00bb \u00e0 la cr\u00e9ation d\u2019offres de \u00ab\u00a0Hack As A Service\u00a0\u00bb. Con\u00e7u sur le mod\u00e8le des services cloud, elle consiste \u00e0 disposer des services de hacking, simple d\u2019acc\u00e8s, forfaitaire et dont les co\u00fbts sont ma\u00eetris\u00e9s. Balbutiant depuis plusieurs ann\u00e9es, ce march\u00e9 \u00a0se d\u00e9veloppe et se structure de plus en plus.Voici un floril\u00e8ge des \u00e9volutions r\u00e9centes qui montrent indubitablement cette tendance de fond.<\/p>\n

Remarque\u00a0: afin d\u2019\u00e9viter toute mise en avant de sites offrant ce type de biens ou de prestations, aucun nom ne sera cit\u00e9 directement.<\/em><\/p>\n

La fourniture de logiciels d\u2019attaques performantes<\/h4>\n

Pour des tarifs \u00ab\u00a0raisonnables\u00a0\u00bb, tournant g\u00e9n\u00e9ralement entre 500$ et 4000$, il est facile de se procurer des kits de logiciels, comme Poison Ivy<\/em> ou encore Zeus \/ Spyeye<\/em>, permettant de mener soi-m\u00eame des attaques<\/a>.\u00a0En plus de fournir des outils permettant de trouver des mots de passe, rebondir sur le r\u00e9seau et faciliter l\u2019exfiltration de donn\u00e9es, ces kits fournissent tout le n\u00e9cessaire pour assurer la discr\u00e9tion et l\u2019anonymisation des attaquants. Gr\u00e2ce \u00e0 ces outils, plus besoin d\u2019\u00eatre un professionnel du domaine\u00a0pour \u00e9chapper aux protections classiques tels que l\u2019antivirus, ces kits sont souvent vendus avec des mises \u00e0 jour r\u00e9guli\u00e8re pour conserver leur avance.<\/p>\n

La r\u00e9alisation d\u2019actions malicieuses\u00a0\u00ab\u00a0au forfait\u00a0\u00bb<\/h4>\n

De plus en plus fr\u00e9quentes et de moins en moins ch\u00e8res, ces offres sont parmi les plus simples \u00e0 utiliser. En effet, aucune connaissance n\u2019est requise. Les prestations sont vari\u00e9es et peuvent aller d\u2019un simple d\u00e9ni de service \u00e0 un vol de donn\u00e9es sensibles en passant par du d\u00e9facement de sites web. Par exemple, hacker un compte Gmail<\/a> se chiffre autour de 400$ . Le paiement peut lui aussi \u00eatre anonyme en passant par le principe de monnaies virtuelles encore peu encadr\u00e9 aujourd\u2019hui.<\/p>\n

Le recel d\u2018informations personnelles ou bancaires<\/h4>\n

Pourquoi attaquer quand les informations convoit\u00e9es sont d\u2019ores et d\u00e9j\u00e0 exfiltr\u00e9es\u00a0? C\u2019est le principe des plates-formes de recel de donn\u00e9es personnelles et bancaires. Le prix des cartes de cr\u00e9dit, suivant la qualit\u00e9 des donn\u00e9es et le type de carte y \u00e9volue de quelques dollars \u00e0 plusieurs centaines dans certains cas. Des m\u00e9canismes de type \u00ab\u00a0try & buy\u00a0\u00bb permettent d\u2019ailleurs de v\u00e9rifier ais\u00e9ment la qualit\u00e9 des donn\u00e9es. Tout comme LeBoncoin ou eBay, ces places de march\u00e9 permettent la vente de ces informations.<\/a> D\u2019autres donn\u00e9es peuvent y \u00eatre vendues, comme par exemple celles \u00e0 caract\u00e8re personnel (adresses num\u00e9ros de t\u00e9l\u00e9phone, etc.) qui peuvent s\u2019y \u00e9changer pour pas moins de 25 centimes<\/a> . Ces trafics seraient \u00e0 l\u2019origine d\u2019un rendement financier sup\u00e9rieur \u00e0 celui du trafic de drogue en Russie.<\/p>\n

La vente d\u2019exploit zero-day<\/h4>\n

Ce march\u00e9 est encore limit\u00e9 car les prix et la capacit\u00e9 \u00e0 exploiter les donn\u00e9es d\u2019un exploit n\u00e9cessitent des comp\u00e9tences et des moyens particuliers. Cependant, il s\u2019agit d\u2019une arme imparable pour p\u00e9n\u00e9trer les r\u00e9seaux et bien utiliser ces exploits devient vite tr\u00e8s rentable. Les prix oscillent entre 5\u00a0000 $ pour des exploits simples<\/a>, visant par exemple Adobe Reader<\/em> et 250\u00a0000 $ pour des attaques visant les plateformes mobiles, l\u2019iOS en particulier.<\/p>\n

Que retenir de la d\u00e9mocratisation de ce march\u00e9\u00a0?<\/h2>\n

La cr\u00e9ation de ces nouveaux services montre explicitement qu\u2019il ne faut plus \u00eatre un attaquant chevronn\u00e9, disposer de contacts dans le milieu ou encore avoir d\u2019importants moyens financiers pour lancer une attaque. La probabilit\u00e9 d\u2019\u00eatre vis\u00e9 augmente donc aussi rapidement que les services se d\u00e9mocratisent et que les prix baissent.<\/p>\n

Ces exemples peuvent \u00eatre d\u2019int\u00e9ressantes pistes pour sensibiliser des \u00e9quipes trop r\u00e9ticentes ou encore trop na\u00efve sur les moyens n\u00e9cessaires pour attaquer une entreprise, ses collaborateurs et ses clients\u00a0!<\/p>\n

[Article r\u00e9dig\u00e9 en collaboration avec Xavier Paquin]<\/p>\n","protected":false},"excerpt":{"rendered":"

Les cyber-attaques se multiplient et atteignent leur objectif de plus en plus fr\u00e9quemment. Elles suscitent un grand emballement m\u00e9diatique et un int\u00e9r\u00eat croissant de personnes malveillantes qui y voient l\u2019opportunit\u00e9 d\u2019utiliser les faiblesses des syst\u00e8mes d\u2019information pour atteindre leurs fins…<\/p>\n","protected":false},"author":15,"featured_media":6344,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[474,3319,640,641],"coauthors":[837,936],"class_list":["post-2213","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-attaque","tag-audit-pentesting","tag-haas","tag-hackers"],"acf":[],"yoast_head":"\nLe Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Le Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Les cyber-attaques se multiplient et atteignent leur objectif de plus en plus fr\u00e9quemment. Elles suscitent un grand emballement m\u00e9diatique et un int\u00e9r\u00eat croissant de personnes malveillantes qui y voient l\u2019opportunit\u00e9 d\u2019utiliser les faiblesses des syst\u00e8mes d\u2019information pour atteindre leurs fins...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2012-09-11T07:00:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T11:06:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"573\" \/>\n\t<meta property=\"og:image:height\" content=\"214\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, Xavier Paquin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, Xavier Paquin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Le Hack As A Service (HaaS), un march\u00e9 florissant !\",\"datePublished\":\"2012-09-11T07:00:26+00:00\",\"dateModified\":\"2019-12-31T11:06:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\"},\"wordCount\":757,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg\",\"keywords\":[\"attaque\",\"audit & pentesting\",\"HaaS\",\"hackers\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Ethical Hacking & Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\",\"name\":\"Le Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg\",\"datePublished\":\"2012-09-11T07:00:26+00:00\",\"dateModified\":\"2019-12-31T11:06:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg\",\"width\":573,\"height\":214},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Le Hack As A Service (HaaS), un march\u00e9 florissant !\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Le Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/","og_locale":"en_US","og_type":"article","og_title":"Le Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight","og_description":"Les cyber-attaques se multiplient et atteignent leur objectif de plus en plus fr\u00e9quemment. Elles suscitent un grand emballement m\u00e9diatique et un int\u00e9r\u00eat croissant de personnes malveillantes qui y voient l\u2019opportunit\u00e9 d\u2019utiliser les faiblesses des syst\u00e8mes d\u2019information pour atteindre leurs fins...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/","og_site_name":"RiskInsight","article_published_time":"2012-09-11T07:00:26+00:00","article_modified_time":"2019-12-31T11:06:12+00:00","og_image":[{"width":573,"height":214,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, Xavier Paquin","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, Xavier Paquin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Le Hack As A Service (HaaS), un march\u00e9 florissant !","datePublished":"2012-09-11T07:00:26+00:00","dateModified":"2019-12-31T11:06:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/"},"wordCount":757,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg","keywords":["attaque","audit & pentesting","HaaS","hackers"],"articleSection":["Cybersecurity & Digital Trust","Ethical Hacking & Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/","url":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/","name":"Le Hack As A Service (HaaS), un march\u00e9 florissant ! - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg","datePublished":"2012-09-11T07:00:26+00:00","dateModified":"2019-12-31T11:06:12+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2012\/10\/Cybercriminalite1.jpg","width":573,"height":214},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2012\/09\/le-hack-as-a-service-haas-un-marche-florissant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Le Hack As A Service (HaaS), un march\u00e9 florissant !"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=2213"}],"version-history":[{"count":11,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2213\/revisions"}],"predecessor-version":[{"id":12466,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/2213\/revisions\/12466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6344"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=2213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=2213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=2213"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=2213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}