“Just because we are an SME does not mean we are safe from cyberattacks”

Recently, the Agglo d'Agen and the Saint-Esprit hospital had to face cyberattacks, the same for that of Marmande in 2020. In Lot-et-Garonne as elsewhere, SMEs are also potential targets, and, sometimes, they are reluctant to report these attacks. A Garonn'Hack will bring together experts at the Digital Campus 47, in Agen, Thursday November 7. The event will be the occasion for round tables in the presence of big names like Airbus, the 48^e RT, the gendarmerie or Coaxis; to carry out free diagnostics, while a hackathon will take place, during which nearly 100 students will compete in teams around IT challenges of varying levels of difficulty to solve.

“The hackers negotiated by chat with polite expressions: it was business, a mafia”

Garonn'Hack is organized by Bunkerity, Campus Ermitage, Campus Numérique 47, Esiea, and Owlcub. Florian Pitance, the founder of Bunkerity, specializing in cybersecurity, supports companies “by putting themselves in the attacker's shoes” to correct vulnerabilities before an attack takes place and secure web services. Romain Bogdanovic created OwlCub (the little owl). It offers software that can be used by non-experts and offers advice on strategies to protect themselves: “The interest is that small structures can then fend for themselves with the help of AI (artificial intelligence). »

“Our targets are SMEs and communities, such as small town halls, to encourage an upgrade in terms of security,” explains Lucile Bonnamour, deputy director of Digital Campus 47. “States can also be targeted via small businesses , for example by targeting an SNCF subcontractor, which does not have the same protection tools,” explains Romain Bogdanovic. It is not because we are small that we are safe: “Hackers are very opportunistic: if they see that the door is open, they enter,” adds Florian Pitance.

Updates

“We still underestimate cybersecurity due to ignorance, but an attack against an SME costs it 500,000 euros on average, with a direct financial loss when it is blocked, but there are also salaries to pay, insurance to take into account. account and legal costs, specifies Florian Pitance. It's not just a computer that breaks down, there are also psychological implications and we can draw a parallel with Covid: overnight, we are prevented from working. » And the company can go so far as to go out of business.

“We know that we risk being attacked at any time. The idea is to prepare, to install backups to protect essential data, or even to take solutions other than IT, with paper and pencil…” according to Romain Bogdanovic. “You have to be ready, like a car, to have servicing every year,” adds Florian Pitance.

“Computer hygiene”

The Agglo d'Agen and Coaxis will come and testify about the attacks they suffered and the way they responded to them, “I also supported a hacked start-up from which 20,000 euros were demanded. The hackers were very professional, negotiated by chat with polite expressions: it was business, a mafia… The company ended up paying to recover its data,” explains Florian Pitance. “Many of these attacks are not reported to law enforcement. However, it is absolutely necessary to warn them to try to follow the trail,” insists Lucile Bonnamour.

“We have daily hygiene and it’s the same for IT. We don't pick up just any USB key, we don't open just any e-mail, we don't go to unknown sites, in the same way that we don't leave our computer on on the train when we’re going to have a coffee,” asserts Florian Pitance.

Another benefit of getting in tune with IT security is that the European NIS 2 law will soon require companies working with states to protect themselves, under penalty of possible sanctions.