Cybersecurity is crucial in France, Europe, and the world. Governments, businesses, communities, healthcare services, and individuals are all potential victims of ransomware, identity theft, or other cyberattacks, often with disastrous consequences. Hackers primarily seek financial gain, but may also engage in espionage or destabilization activities. They exploit poorly protected, vulnerable, or outdated systems as well as insecure data. Internet users are often weak in digital skills and can fall victim to phishing and other types of fraud. The evolution of new technologies and artificial intelligence has led to increased regulation of data due to its economic value and the growing digitization of society, which can lead to new abuses.
The applicable regulations
The Cybersecurity Act
The Cybersecurity Act, which came into effect on June 27, 2019, aims to ensure the proper functioning of the internal market while striving for a high level of cybersecurity, cyber resilience, and trust within the Union (Article 1). It is a real breakthrough for Europe’s strategic autonomy in cybersecurity. This text is the culmination of valuable work by the EU and national cybersecurity agencies.
The Cybersecurity Act consists of two parts:
– The first part formalized the mandate of ENISA (European Union Agency for Cybersecurity) or the European Union Agency for Cybersecurity (Article 3) and strengthened its capacities (Article 6);
– The second legislative framework concerns cybersecurity certification for ICT products, services, and processes (Article 56).
The Cybersecurity Act is the legislative framework for cybersecurity in the European space. The Cybersecurity Act has general and obligatory scope for all Member States. It is a regulation with direct application in all its provisions.
The actors of cybersecurity
There are various types of attacks. The most commonly used ones include:
• Phishing: Phishing is a fraudulent practice of sending emails or messages using well-known services (such as La Poste, a bank, government websites, etc.) to extract sensitive information that allows access to the Information System. New risks have emerged, such as those related to the use of AI.
• Ransomware: Ransomware is a malicious program that aims to block a computer’s resources in exchange for a ransom to unlock it.
• Typosquatting: Typosquatting is a form of cybercrime in which hackers register domains with deliberately misspelled names of known websites.
• Social engineering: Social engineering encompasses techniques used by cybercriminals to persuade unsuspecting users to send them their confidential data, thereby infecting their computers with malware or opening links to infected sites.
Implementation of cyber resilience
Phase 1: Identification et protection
Perform a risk analysis: The EBIOS RM methodology of ANSSI allows for a cybersecurity risk analysis. It aims to reduce the probability and impact of cyber-attacks by combining compliance and scenario-based approaches. EBIOS RM integrates a dynamic view with attack scenarios, considering both the attacker’s and the company’s perspectives.
Develop and disseminate an information system security policy: The ISSP (Information System Security Policy) is the document that describes the security and cybersecurity policy of the company. It can be static (compliance) or dynamic (considering the attacker). The ISSP may include the following elements:
• Key Performance Indicators (KPIs)
• Service Level Agreements (SLAs)
• Management of authentication and access control
• Architecture diagram
• Knowledge of vulnerabilities
• Detection and incident taxonomy
Phase 3: Respond and Restore
The BCP (Business Continuity Plan) includes a set of procedures, means, equipment, and architectures required to enable the continuity of a company’s activity regardless of the disasters that may occur.
A DRP (Disaster Recovery Plan) refers to various procedures (technical, organizational, security) that enable a company to anticipate, rebuild and restart an information system in the event of a significant disaster or critical incident.