Loïs Samain: “Attackers take advantage of the fact that companies are under pressure or poorly organised”

To launch this new section, we asked Loïs Samain to tell us what he has observed during these last few weeks in the media and the impacts he noticed on his CISO responsibilities. Loïs is a member of CESIN and of Les Assises’s steering committee, and co-funder of Le Comptoir Secu podcast (https://www.comptoirsecu.fr).

Loïs Samain - Les Assises blog

We can start by confirming that “yes, there is an increase of cyberattacks due to the high demand for information on Covid-19 but it is also due to problems in the infrastructures that manage this crisis” but “it is not the case for all sectors. Companies are not affected the same way.” It is no surprise that the types of cyberattacks Loïs most notices are phishing emails on Covid-19 or ransomwares using the pandemic to infect the targets. “According to a study led by Proofpoint, since January 29, more than 80% of cyberattacks are linked to Covid-19. But there is also an increase in standard phishing attacks. Attackers take advantage of the fact that companies are under pressure or poorly organized.” Among the other threats, we also witness social engineering attacks with fraud attempts on the President or bank accounts. Criminals use the fact that accountants are not physically at their companies’ headquarters and need to act quickly.”

We can add to those attacks other issues we need to manage very quickly: “about bandwidth: how to drive updates which are stored in the companies’ servers to every user’s computer via VPN. Moreover, in some organizations, users do not need to use a VPN to use the Internet. This represents a risk because many security elements, such as proxy servers, can only be found in the companies’ information systems. This leads us to globally rethink security measures and to head towards a zero-trust policy where security is as close to the user as possible, as in their workstation. Other problems also appear with quarantine: for example, how to change physical storing devices that are located in the datacenters when you cannot go to the office?”.

Even though this atmosphere is oppressive, Loïs wants to focus on the positive sides: “It is a great opportunity to remind all employees the phishing risks and the best security practices with the increasing use of communications means within the company”. Crisis management trainings are also being tested, even if we never imagined a scenario this big. “Trainings lead us to processes that we can set up and apply right now such as crisis management organization and its procedures”.

About the providers who have been communicating very often lately, Loïs is uncertain: “Some suppliers see this crisis as a way to better help and support their customers. Unfortunately, it is not the case for all of them. We can notice a rise in LinkedIn sales requests by invitations or by comments, proving opportunistic behaviors, looking like sharks. They discredit themselves…”.