Editorial n°17: what did this year’s FIC bring up for the cybersecurity sector?

Initiating the year 2020 with an overview of the milestones of the year 2019, the #Panocrim conference organized by the Clusif brings alarming figures to light: in 2019, phishing accounted for 58% of global messaging traffic ; 65,000 fake applications were put online ; and ever more vulnerabilities are spotted on day-to-day smart devices such as voice assistants. The International Cybersecurity Forum (better known by its acronym, the FIC) also marked the beginning of the year, a key event for the industry that takes place annually in Lille. This year, the show was the opportunity to announce the signing of a emblematic agreement between the government and the French IT industry, materialized by the signing of the strategic contract for the “Security Industries” sector. This collaboration is intended to structure the entire French security industry, which today includes 4,000 companies, 130,000 jobs and whose turnover amounts to 25 billion euros. The shared objectives of this association revolve around three main issues: firstly, both parties wish to create an offer of “confidence” at the national and European levels. Then, the objective is to develop solutions to create digital identities that are free of the GAFAMs. Finally, the agreement aims to reinforce actors’ sovereignty over the Cloud. To achieve these objectives, both parties agreed to collaborate on five different projects: cyber security and IoT security, the security of major events, the development of a trusted digital environment, a digital identity and trusted territories. The Forum was also an opportunity to talk about the development of the “cyber campus”, a project supported by Thalès, Orange Capgemini and Atos, and presented at the FIC jointly by the Secretary of State for Digital Affairs, Cédric O, and Michel Van der Berghe, CEO of Orange Cyberdefense. Born out of the government’s efforts to support the collaboration of the whole IT industry according to Van der Berghe, the campus aims to host both research and commercial activities with the leadership of the Presidency. The Secretary of State emphasized the need to create an overarching structure that is adapted to the size of the digital economy, whose annual turnover amounts to ten billion annually. This campus should thus boost France’s cyber strength on a global scale: indeed, Cédric O argues that “no economic or diplomatic interaction today misses a digital dimension”. If the location of the campus is yet to be announced, the “cyber campus” should be operational by 2021.

The #Panocrim conference also discussed the ransomware phenomenon. A true gold mine for hackers, ransomware is as popular as ever in 2019: IT security researchers have identified nearly 1,100 variants of the virus, with losses estimated in the millions of dollars. However, their modus operandi has evolved. Attacks on individuals and SMBs are in sharp decline, probably as a result of increased awareness and declining interest in these less profitable targets. Hackers are now turning to more lucrative targets such as municipalities and hospitals, which respectively account for 29% and 7% of victims in 2019. Kaspersky details a “corporate-like” methodology involving multiple “service providers”: a Red Team, third-party developers to control the spread of the virus, “accountants” in charge of laundering the money extorted, or even a translator should the language be an issue. At the Clusif’s #Panocrim conference, the losses were estimated at 700 million for SMBs, complemented with 7 to 9 days of complete paralysis for these companies. In addition to the bill, companies face communication and business rehabilitation, as well as the definitive loss of 8% of data on average.