Through Hugues-Olivier Dumez
Published on 23 May 21 at 20:10
–
When reality catches up with fiction. As in the series ” The Legends Office », Hospitals now find themselves at the mercy of hackers.
On the night of February 8 to 9, 2021, the hospital center of Dax (Country) had been the subject of a cyberattack. A few days later, it is the hospital of Villefranche-sur-Saone (Rhône) who was the victim of a “ransomware” attack: hackers demand payment of a ransom to unlock computers.
Ransomware attack
In this age of digitization of medical records, should we be concerned? Questioned in the Senate during questions to the government, the Secretary of State for the digital transition Cédric O had stated ” 27 major hospital attacks in 2020 ”and one per week since 2021.
Hospitals are not the only ones to be the target of this type of cyber attack. Companies are experiencing the same fate. Last November, the newspaper West France, had also been the subject of a ransomware attack. An attack that had also impacted other titles of the group, including Actu.fr.
Criminal organizations
According to a study revealed by Europe 1, for six out of ten French companies, the budget allocated to cybersecurity hardly exceeds 1,000 euros per year. An insufficient sum, faced with a phenomenon of professionalization of hackers grouped together as criminal organizations.
Are companies sufficiently aware of these issues? Are individuals aware of the dangers? Are training courses offered to meet these challenges?
An event in Toulouse
June 11, 2021, as part of the Toulouse Hacking Convention, a day of IT security conferences is organized to respond to these challenges. On the program for this fifth edition, exclusively online, because of the health context: conferences, question-and-answer sessions, and a roundtable format.
Among the organizers of this event, the researcher Vincent Nicomette, take the opportunity to make a call. The latter is a teacher of the training TLS-SEC (for Toulouse-Sécurité), training in information systems security carried out by INP ENSEEIHT, INSA Toulouse and ENAC. Interview.
News: Cybersecurity is an expert’s business. Why do you want to raise awareness of these issues?
Vincent Nicomette : In recent years, we have seen an increase in cyber attacks. Crypto software takes your data hostage by encrypting the hard drive and demands a ransom from you. This year, hospitals were affected. Until then, it was rather large groups. Mafia organizations are behind all of this. It is also sometimes a war waged by states, in order to paralyze the economy of a country. The threat evolves with the rise of the Internet of Things. Tomorrow, attacks will focus more on connected objects. These are accessible by nature, because they have various means of communication. At LAAS-CNRS, the systems analysis and architecture laboratory where I am a researcher, we are working on the analysis of the vulnerabilities of these connected objects as well as on the proposal of countermeasures to improve their security.
Are there enough training courses in Toulouse?
VN: The directors of engineering schools are well aware of the needs in this area. In addition to the TLS-SEC training (for Toulouse-Sécurité), training in information systems security carried out by INP ENSEEIHT, INSA Toulouse and ENAC, there is the Master in Information Systems Security and Network (SSIR) at Paul Sabatier University, as well as the professional license in Computer Networks and Telecommunications, Computer Networks Mobility, Security (RiMS), in Blagnac. We also have a specialized master’s degree in computer security carried by INP ENSEEIHT, INSA and ENAC. In the private sector, the AN21 offers work-study programs for students or people retraining to become a developer and expert in cybersecurity. At the national level, it is the Brittany and Île-de-France regions which are at the forefront. Occitanie is making efforts to catch up. We must react. We lack training, there are clearly not enough engineers who are experts in cybersecurity.
Which companies are recruiting?
VN: Within the TLS-SEC (for Toulouse-Sécurité) training, students easily find a job immediately. Thales, Airbus, Air France and companies in the banking sector are recruiting. We also have all the IT service companies like Sopra Steria or Capgemini. Not to mention SMEs that are really specialized in cybersecurity such as Quarkslab in Paris. In the public domain, the National Navy, even state services with the General Directorate of Internal Security (DGSI) or the National Information Systems Security Agency (ANSSI) come to explain their problems to us in recruiting then within the TLS-SEC training. Generally speaking, there are a lot of requests, but few trained people.
–
