Badge Webflow Award Winner 2023

Cybersecurity: understanding and preventing corporate cyberattacks

Published on 
11/6/2024
-
Amended on 
17/6/2024
Reading time: 5 min
Photo of a cyber hacker working on a computer in a dark red universe
Written by
Icon digidop

The team Digidop

Web Agency

Explore cybersecurity threats and learn how to protect your business with tips and strategies from an OWN cyber attack expert.

Key points to remember

Cybersecurity is a key issue for companies. With the rapid evolution of technologies, both software and hardware, cyber-attacks are becoming increasingly sophisticated and frequent. Over the past three years, at Digidopwe've seen a clear shift in cybersecurity concerns among most of our new customers. These concerns are often due to a lack of understanding of this often opaque field.

After working alongside OWN, an expert on the subject, we decided to produce a podcast together, aimed at better understanding :

  • what a cyber attack is,
  • how to protect yourself,
  • and the best practices to adopt.

For this first podcast of the channel, we had the chance to talk with an expert in the field: Raphaël WalterDirector of Own's audit team, with 10 years' experience in pentesting. In the company of Lucas, developer and Webflow expert, and Thomas, co-founder of the Digidop agency, Raphaël reveals the key points and lessons learned from his experience in cybersecurity.

Summary of the podcast's key points
  1. Understand the types of cyber attacks: Attacks can target data confidentiality, integrity or availability.
  2. Importance of prevention: Implement preventive measures such as regular backups, system updates, employee awareness, security audits and organizational best practices.
  3. Incident management: Know how to react quickly and effectively in the event of an attack, by identifying and containing the threat, assessing the impact, communicating effectively, recovering systems and analyzing the incident to prevent it from happening again.
  4. Emerging trends: Keep abreast of the latest trends in cybersecurity, such as the use of AI and machine learning, critical infrastructure security, ransomware, the Zero Trust security model and IoT device security.

1. What is Cybersecurity?

Cybersecurity aims to protect the data used within companies and to keep people safe. It encompasses :

  • data protection,
  • intrusion prevention,
  • and incident management.

It's a field as vast as it is complex, and Raphaël Walter compares it to the medical field because of the diversity of its specialties.

"Cybersecurity is very broad. I tend to compare it with the medical world... just as many professions in the medical world as in the cyber world."

In today's fast-moving technological environment, companies need to be particularly vigilant. Cyber-attacks are becoming increasingly sophisticated, targeting various vulnerabilities in IT systems. Cybersecurity is not just a question of technical protection, but also of organizational management and employee awareness.

Raphaël also stressed the importance of this holistic approach:

‍"The idea of cybersecurity is really to cover all aspects, whether technical or organizational, to protect data and people."

Cybersecurity also includes regulatory aspects, such as compliance with standards and laws, like the RGPD (General Data Protection Regulation), which impose strict obligations in terms of personal data protection.

Implementing an effective cybersecurity strategy therefore requires a thorough understanding of these various aspects, and a proactive approach to anticipating and responding to potential threats . It's an ongoing effort that requires constant vigilance and adaptation to new technologies and attack techniques.

2. Types of cyber attacks and examples of vulnerabilities

Cyber attacks can target several crucial aspects of security:

2.1 Data confidentiality

The aim is to ensure that only authorized persons can access data. Attacks aimed at confidentiality seek to steal sensitive information such as personal data, financial information or trade secrets.

For example, a phishing attack, i.e. the sending of fraudulent e-mails urging recipients to reveal personal information or click on malicious links, may lead an employee to divulge his or her credentials, giving the attacker access to confidential information.

"If I take an example of a fairly common attack... on an e-commerce site, when I place my order, I receive an invoice. If we have a partitioning flaw between user accounts, I could potentially retrieve other people's invoices, and on those invoices, we'll find the person's address, phone number, and order, which can lead to a data leak."

2.2 Data integrity

The aim is to ensure that data is not modified in an unauthorized way. Attacks on data integrity can alter information, making it incorrect or misleading.

A common example is SQL injection, where an attacker can insert malicious code into a database to modify or destroy stored information.

"We're going to find logic problems... for example, on an e-commerce site, if I as a buyer can perform an action that normally a seller can, we're going to have a permission defect, a privilege that's too high, like if I'm a buyer but I can change the price of the item displayed on the site when placing the order."

2.3 Data availability

Ensure that services and data remain accessible.

Denial of service (DDoS) attacks are typical examples, where attackers overload a system or network with an excessive volume of traffic, making services unavailable to legitimate users. This can result in significant financial losses and damage to the company's reputation.

"A very telling example is the 'Capital effect' ... if you watch Capital on M6, there's often a company that's highlighted on the show. You can be pretty sure that within the next 10 minutes, that company's website will be down. Because if there are 2 or 3 million people watching the show, there are easily 200,000 people trying to visit the e-commerce site, which is only designed for 10,000 users. The site saturates and falls down, resulting in a loss of availability and potentially an immediate loss of sales."

Companies need to be particularly vigilant in the face of these types of cyberattack, as each presents specific risks. To mitigate these risks and be better prepared to defend their systems and protect their data, it is crucial to implement robust security measures.

3. Importance of Prevention

It's essential for businesses of all sizes to implement preventive measures to protect themselves against cyber attacks. Here are some of the key measures discussed in this podcast:

3.1 Regular backups

For Raphaël, "it's very important to have regular backups of the most vital data, and ideally for these backups to be on an external drive that's not connected to the network."

Indeed, in the event of an attack, having offline backups means that data can be quickly restored without suffering major losses.

3.2 System updates

Regular software and system updates are crucial. Vulnerabilities discovered in software are often quickly corrected by updates. However, if systems are not kept up to date, these vulnerabilities can be exploited by attackers.

3.3 Employee awareness and training

Employee awareness and training play a key role in prevention. Phishing attacks, for example, often take advantage of users' lack of knowledge. By training employees to recognize suspicious e-mails and establishing clear protocols for managing sensitive information, companies can significantly reduce the risks.

3.4 Safety audits

Regular security audits are another important preventive measure. They helpidentify system weaknesses before they can be exploited by attackers.

‍"The aim of an audit is to improve the security of the systems being audited and to provide an action plan so that behind it it can be corrected," Raphaël explains.

3.5 Good organizational practices

Good organizational and access management practices are essential. This includes :

  • Robust password management policies .
  • Network segmentation to limit access.
  • Application of the principle of least privilege, where users only have access to the resources they need to perform their functions.

By combining these different measures, companies can create a more robust defense against cyberattacks, reducing the risks and potential impact on their operations.

4. Website security: Open Source vs. secure solutions

"The core of WordPress and Drupal is secure thanks to audits and bug bounty programs, but plugins pose a real security problem if they're not well managed."

Vulnerabilities discovered in open source solutions are often corrected very quickly, thanks to the large community of developers involved. However, Raphaël explains that a common problem with this type of solution is that :

"The more people there are on a subject, the less control the subject has because everyone figures the other is watching."

‍Thiscan lead to reduced vigilance about potential vulnerabilities.

Raphaël also identifies three major risks associated with the use of plugins on open source solutions like WordPress:

  1. Plugin quality: plugins are often developed by companies of varying size and reliability. Some plugins may be well coded and secure, while others may contain real vulnerabilities.
  2. Recurring updates : Plugins require regular updates to correct security vulnerabilities. However, these updates are often not carried out, leaving "backdoors" open to attackers.
  3. Parameterization: Plugin parameterization can also pose problems. A well-secured plugin can have its security level degraded by incorrect configuration, increasing the risk of compromise.

An alternative would be to use solutions such as Webflow, which offer a more secure approach by limiting third-party plugins and ensuring rigorous code control. Webflow's more closed nature reduces the risk of introducing vulnerabilities through unverified extensions. This strict approach minimizes the risk of cyber-attacks and better protects sensitive corporate data.

Learn more about SSL, TLS & HTTPS security

5. Incident Management and Response to Attacks

When a cyber attack occurs, it's crucial to know how to react quickly and effectively to minimize the damage. Here are the key steps in incident management and attack response covered in the podcast:

5.1 Identification and containment

The first step is to identify the attack and contain the threat.

Raphaël stresses: "When I'm attacked, my first reflex should be to disconnect the network access of the compromised workstation. It's preferable not to switch it off, so as not to lose any traces of the attack."

Disconnecting from the network prevents the attacker from propagating further within the system.

5.2 Impact assessment

Once the attack has been contained,

‍"we need to understand the extent of the damage to be able to plan the recovery steps effectively".

This involves determining what data has been compromised, which vulnerabilities have been exploited and which systems have been affected. This assessment enables us to understand the extent of the damage and plan the recovery steps.

5.3 Communication and notification

Communication is crucial during and after a cyber attack. Companies need to inform internal and external stakeholders, including customers, employees and regulators.

Raphaël says: "You have to communicate... especially if you don't communicate, you end up with a bit of everything and anything published on social networks."

Transparent communication helps maintain trust and manage expectations.

5.4 Recovery and restoration

The recovery phase involves restoring systems to their operational state. This can include restoring data from backups and repairing compromised systems. It is essential to ensure that exploited vulnerabilities are patched to prevent future attacks.

5.5 Post-incident analysis

Once the incident has been dealt with, a post-incident analysis is necessary to learn lessons and improve the security posture.

Raphaël explains, "Post-incident is crucial to understanding what happened and how to avoid it happening again."

This analysis helps to identify weaknesses in security protocols and to implement measures to strengthen defenses.

By adopting a structured approach to incident management and attack response, companies can minimize the impact of cyberattacks and continually improve their resilience in the face of threats.

6. AI and emerging trends in cybersecurity

As technologies evolve, cybersecurity threats become increasingly sophisticated. Here are some of the emerging trends in cybersecurity discussed in the podcast:

6.1 Artificial Intelligence and Machine Learning

Artificial intelligence (AI) and machine learning (ML) are increasingly being used to both defend and attack IT systems. AI-based tools can analyze massive volumes of data to identify anomalies and suspicious behavior faster than traditional methods.

Raphaël notes that "AI and machine learning can be major assets for detecting threats in real time and automating responses to attacks. However, these technologies are also being used by attackers to create more sophisticated attacks."

6.2 Cyber attacks targeting critical infrastructures

Critical infrastructures such as power grids, healthcare systems and transportation networks are becoming prime targets for cyber attackers. Disrupting these systems can have serious consequences for national security and everyday life.

"Attacks on critical infrastructure are of particular concern because they can cripple essential services and cause major disruption," warns Raphaël.

6.3 Ransomware

Ransomware attacks continue to be a major threat to businesses of all sizes. These attacks encrypt victims' data and demand a ransom to decrypt it. The sophistication of ransomware has increased, with more advanced methods being used to avoid detection and maximize impact.

"Ransomware has become more sophisticated, using advanced evasion techniques and targeting backups to make recovery more difficult without paying the ransom."

6.4 Zero Trust security

The Zero Trust security model, based on the principle that no user or device, even within the network, should automatically be considered reliable, is gaining in popularity. This model imposes strict controls and continuous verification of identity and access.

"Adopting a Zero Trust approach can greatly improve the security posture by minimizing the risks associated with unauthorized access."

6.5 IoT (Internet of Things) security

With the proliferation of connected devices, Internet of Things (IoT) security is becoming increasingly critical. IoT devices can often be vulnerable entry points for cyber attackers.

"The security of IoT devices is often overlooked, making them a prime target for attackers. Securing these devices is crucial to protecting networks," Raphaël points out.

By staying abreast of emerging trends and adopting proactive strategies, companies can better prepare themselves to deal with the ever-changing threats in the cybersecurity landscape.

7. Recommendations for companies

Based on the discussions and insights provided by Raphaël, here is a summary of the first recommendations for strengthening your company's cybersecurity:

  • Adopt a proactive approach: Don't wait for an attack to occur before taking action. Implement security measures now and maintain them regularly.
  • Continuous employee training: Employee awareness and training are key to reducing the risk of human error.
  • Update systems regularly: Ensure that all software and systems are up to date with the latest security patches.
  • Perform regular security audits: Identify and correct weaknesses before they are exploited by attackers.
  • Adopt advanced technologies: Use AI and machine learning-based tools to detect threats and automate responses.
  • Apply the principle of least privilege: limit access to sensitive resources to only those users who really need them.

In conclusion, cybersecurity is a priority that needs to be integrated at all levels of the enterprise. By implementing robust security strategies and keeping abreast of emerging trends, companies can not only protect themselves against cyber-attacks, but also strengthen their resilience and ability to respond to incidents. As Raphaël Walter points out,

"Cybersecurity is a complex field, but with the right practices and constant vigilance, it's possible to effectively defend against threats."

--

Other resources:

  • Own
  • ANSSI Guide - Agence nationale de la sécurité des systèmes d'informations (French national agency for information systems security)
  • ‍RootMe - practice cyber attacks
Flomodia by Digidop
Coudac project by Digidop
project Heka by DigidopFlaw by project DigidopMorfo project by Digidop