The number of cyber attacks in France increased fourfold in 2020. From the private sector to the public sector, no structure is spared. These attacks result in staggering costs that can amount to several hundred thousand euros for the victims.
Olivier Dumons, head of information systems security and journalist at Le Monde, trains the newspaper's employees, both administrative staff and journalists, on the challenges of cybersecurity. Every week, he provides training to educate, alert and prevent possible attacks. In 2021, he decided to move up a gear with the help of Riot: "There were no 36 solutions: either I gave a lecture to the entire staff, or I presented them with a fait accompli, a real exercise. The collaboration with Riot began. "I had heard about this start-up that was thriving in the United States, and it was exactly what I was looking for: a reliable, secure and French tool.
A few weeks later, a trap mail was sent to the entire staff of the newspaper. The exercise concerns 1650 people including 900 journalists, it was configured by Olivier with the help of Riot's teams. Together, they agreed on sending a phishing email that resembled those of the new meal ticket card used by the staff. On April 1, 2021, after returning from their lunch break, Le Monde employees received an email alerting them that the card had been suspended due to a fraudulent payment. "All the criteria were met for the exercise to work: the system involved the personal wallet, the meal ticket card had recently been installed in the company and finally, the solution concerned all the staff, which justified sending the same email to all the employees.
A few hours later, the verdict was clear. Despite regular staff training, a large proportion of those trapped had clicked on the link and entered their identifiers. "Out of 1,650 emails sent, less than a hundred people reacted well, by alerting Le Monde's cybersecurity unit or by contacting the company that manages the meal ticket card directly".
The phishing exercise was not chosen at random: "The weakest link in the chain is the basic employee and the major risk is the e-mail", reminds Olivier Dumons. The media have become a privileged target for hackers. "My biggest concern is that the voice of Le Monde is usurped. If hackers manage to change the front page of Le Monde, it would have terrible consequences for democracy, the image of the newspaper and France.
Olivier Dumons and his teams are still marked by the cyberattack of an unprecedented scale against TV5 Monde in April 2015. On April 8 and 9, 2015, no signal was transmitted on the 11 channels broadcast in more than 200 countries. All video feeds stopped while the website and social networks broadcast jihadist propaganda. The attack is claimed by CyberCaliphate. The hackers were identified as APT28, considered by FireEye as the spearhead of Moscow. In total, the attack will have cost 20 million euros over five years.
Three weeks later, all Le Monde employees received an email from the IT department to debrief the exercise, "we sent a link to a Riot lesson that explains how to spot a phishing email and we asked them to pay extra attention because email is the main vector of attack," recalls Olivier Dumons.
Phishing is the most common attack. It is an attempt to defraud people of personal data, such as bank details or passwords. The reason they are so formidable is that they emphasize the urgency of the situation: the fear of having one's card blocked, of having one's electricity cut off due to unpaid bills, etc. With the increase in telecommuting and the explosion of internet traffic, phishing emails increased by 667% during the health crisis. In November 2020, the Google Transparency Report presented alarming figures: 46,000 phishing sites are detected every week.
A company's security depends on the least careful employee. That's why, after the audit, Riot offers to support employees in their ongoing practical training, "after the exercise, we had to find a solution. That means setting up a learning experience so that they don't fall back into the trap.
The education is provided by Albert, Riot's chatbot. It guides its users step by step in their understanding of cybersecurity. Available on Slack or directly via the website, Albert walks employees through the year via interactive courses that cover everything a team needs to know about cybersecurity. Employees are educated on phishing as well as targeted attacks, president fraud or ransomware, they go over mobile security and mobile footprinting as well as data breaches. Since the introduction of these training courses, Olivier Dumons has noticed an increased vigilance on the part of employees. The number of e-mails sent to the IT department is constantly increasing, whether they come from professional or private mailboxes. "I keep saying it: cybersecurity is not just a business issue. Not being vigilant in your private life can have an impact on your business account.