Cybercriminals don't rest much. They are becoming increasingly professional, using ever more sophisticated and original approaches to achieve their objectives. We are indeed seeing bold developments in the modus operandi of attackers," confirms Pierre Zimmer, Deputy Managing Director of POST Luxembourg and in charge of cybersecurity within the POST Group. Today, their field of action is no longer limited to the digital world and traditional methods such as phishing, system hacking or denial of service. Increasingly, criminals are seeking to act in the real world, where the level of distrust is lower than in the digital world".
Indeed, we are seeing some bold developments in the modus operandi of attackers
Increasing exploitation of real-world vulnerabilities
As users become more aware of the risks associated with phishing, attackers no longer hesitate to turn up at their target's home to retrieve documents, get them to sign a contract or deliver a fake invoice. "When faced with a paper document or a person visiting us, the level of suspicion is lower than when dealing with an online communication. People are less suspicious of an invoice received by post, which they pay quickly using a QR code, than of the same document in electronic form," comments Pierre Zimmer. This trend is worrying a growing number of companies, whose identities can easily be stolen and customers swindled. What can be done about it? "Faced with such risks, authentication or electronic signature solutions, such as those offered by LuxTrust, make it possible to validate the origin of an invoice and to ensure, before signing, that the data relating to the issuer is indeed correct. The challenge is to be able to deploy them on a large scale", says Pierre Zimmer.
Remotely managed elements, a new source of problems
Another trend, another risk. A growing number of companies are equipping themselves with new equipment, which automates the management of their production lines or energy consumption linked, for example, to the production or distribution of energy. With this in mind, they are tending to open up their IT networks and expose themselves to new threats. "Indeed, many of these installations are maintained remotely by manufacturers, and the promise of the increased productivity that AI can bring is even encouraging customers to send sensitive data to external systems whose level of security is beyond their control," explains Pierre Zimmer. The problem is that, more often than not, these elements are not taken into account when planning penetration tests. So they are not formally integrated into the perimeter managed by the teams in charge of cyber security."
Information systems also incorporate a growing number of external components, such as computer libraries, functions coded in specific languages, and software. These components can be the source of a bug or breakdown, following an update for example. We still remember the Log4j flaw at the end of 2021, which left a large number of applications vulnerable. "This type of event is bound to happen more and more often, and should call for greater vigilance on the part of all players in order to guarantee the resilience of their operations. It is important to diversify the critical tools in one's environment and not become dependent on a single solution", says Pierre Zimmer.
Don't overlook the internal threat
The last type of threat not to be overlooked is internal sabotage. "We tend to forget that the threat does not necessarily come from outside. We often underestimate the risk of someone with privileged access, for one reason or another, stealing or destroying data and damaging the company's services," says Pierre Zimmer.
We tend to forget that the threat does not necessarily come from outside.
Security policies today have to take account of all these risks and threats. The first challenge, says POST's Deputy Managing Director, is to guarantee optimum protection for critical data and the services that rely on that data.
Adopting a global security approach
"At POST Luxembourg and DEEP, we take a holistic approach to our customers' security. The first challenge is to help customers gain a good understanding of the risks to their business, with a particular focus on the critical data underlying the smooth operation of customer services. The other stages are focused on reducing the impact and probability of an incident occurring. This necessarily involves diversifying the lines of defence and implementing IT environments tailored to a given service", explains Pierre Zimmer. In this area, there is no single best solution. To meet the various needs, DEEP offers an open Multi-Cloud approach, incorporating a sovereign Cloud under the control of our teams.
"Cybersecurity teams also need to be able to act proactively, anticipating possible future risks. This is possible thanks to the rapid integration of new technologies such as artificial intelligence, which can predict certain malicious actions and/or automate mitigation actions in near real time," continues Pierre Zimmer. Innovation must also enable us to prepare for the future. We are therefore committing our teams to research and implementation projects involving new techniques such as quantum cryptography and the latest generation of data anonymisation methods.
Coping with the worst
Finally, we also need to imagine the worst, so that we can envisage ways of restoring essential systems over time, whatever the scenario. "In this respect, our Cybervault solution means that a production environment for critical services is always available, based on data whose integrity can be guaranteed outside the company's perimeter. In the event of an incident, we can carry out a controlled restoration of production systems following a clearly established procedure, in the presence of third parties", assures Pierre Zimmer.
Over and above the security policies and solutions to be deployed, the first challenge is to help raise the maturity of organisations in relation to these crucial security issues. With this in mind, we need to be able to speak the right language, so that we can speak to and be understood by senior management," adds Pierre Zimmer. That's why we helped set up the Cyberscore label. In particular, it's important for every manager to be aware of the critical elements that can jeopardise the life of their company, so that they can help protect it properly".