The establishment and development of the Internet since the middle of 1990 has given rise to a new type of white-collar crime. Cyber attacks are based on unauthorized intrusions into the computer systems of private or public users: data hacking, identity theft, introduction of malware, phishing attacks, etc. For any organization, a paralysis of its information systems can have very significant financial consequences, especially if it is necessary to rebuild them to zero or if it must pay a ransom to hackers.
No company is immune to the risk of hacking its computer data and no protection system is foolproof. Thus, despite its financial power (one of the first global capitalizations), the company Meta (Facebook) is struggling to protect the personal data of its users.
Organized cybercrime has reached an unprecedented level of predation. It has changed scale and now affects all kinds of organizations: ministries, town halls, banks, oil platforms, industrial companies, air passenger boarding services, hospitals and even schools and universities. It can take many forms: introduction of malware into cloud infrastructures, account hacking, data theft, etc. In France, the situation is worrying, many public institutions, factories, companies, supply chains… remain insufficiently protected even if the public authorities have significantly increased the budget of the National Security Agency for Computer Services (ANSSI). Many cyber attacks are triggered by criminal or delinquent organizations, more or less isolated, more or less structured, Others are of state origin and aim to access confidential industrial information and test defence systems.
Companies are facing the risks of increased digitalisation of companies and institutions in an open world. The rise of telecommuting, online switching of training and purchases have increased the risk of cyber attack due to the increase in the exposure area (sensitive, even critical, data goes beyond the protective framework of the company and is stored in the computers of employees, customers or suppliers).
What protections ?
To combat cybercrime, human resources (teams of computer scientists) and technical resources (anti-virus software, intrusion detection tools, data backup on external servers, etc.) are needed. Information and awareness campaigns should be regularly organized for employees (social engineering) because the human psyche remains the weak link in any security system. Indeed, the main flaw of computer systems is based on the behavior of human beings, their limited rationality and their cognitive biases.
In addition, it is possible to use providers specializing in cybersecurity, network protection and virtual infrastructure (these professionals provide a service of monitoring, detection, warning and reaction to computer attacks) and insure against a risk of business losses related to a cyber attack.
The main fragility of our post-industrial societies is now based on the friability of computer structures; the advent of a «Great Evening Crisis» (paralysis of all computers at the same time) is not only a working hypothesis. No one can rule out a cataclysmic scenario.
Computer viruses can cause as much damage as biological viruses, unfortunately cyber attacks on nuclear power plants, on electricity distribution networks or ballistic missile centers could tomorrow lead us to new disasters, even military conflicts caused by mistake or malice.
We are far from the utopias that presided over the birth of the Internet (the Web as a space of freedom and free access for all to knowledge), hell – we know – is paved with good intentions.
818, no 3, pp.
The experts who participated in this Flash:
Agrégé d’économie, Ancien élève de Sciences Po Paris et de l’ENS Paris-Saclay