Building a better cybersecurity model
27th May 2025 • Newcap Event Center, Paris, France
Are security professionals focusing on the right issues? And how can we all work together better to protect society, the economy and our institutions?
Co-operate, communicate, combine
We live in a new era in which continuous cyberattacks against public and private sector organisations are being used to extract money as well as undermine confidence in trusted institutions and processes.
This changes the meaning of cybersecurity: it is no longer enough to focus on narrow measures of business risk, and to treat security as an internal risk management problem. It’s not even enough to extend risk management to a narrowly defined group of third parties who we believe are most significant for our own organisations.
That thinking understates the true damage that continuous degradation and disruption have across our shared societal ecosystems. We are truly all in this together and we have a shared responsibility to protect society and citizens that extends far beyond the perimeters of our own P&Ls.
Of course, we cannot avoid also talking about specific threats, strategies and technologies and France has experienced significant recent attacks on multinational Schneider Electric (in which the ransomware group demanded payment in baguettes and crypto!).
We have seen critical disruption in pharmaceutical distribution with the recent ransomware attack on Cerp Bretagne Nord, orchestrated by the notorious group Hunters International. This attack has not only compromised the cooperative's data but also disrupted its essential services, impacting pharmacies across multiple French regions.
Free, France’s second-largest telecoms company, recently confirmed that it had been hit by a cyberattack, though the firm has not confirmed the total number of individuals impacted by the breach, not when it took place. In fact, the company’s acknowledgement of the incident only took place following a cybercriminal listing what they claimed were two databases stolen from Free, affecting more than 19 million customers, on a cybercrime forum.
This lack of transparency in security cannot continue. To protect society, we need transparency and collaboration by all, not a misguided focus on protecting our own reputations.
There have also been attacks in which criminals claim to have breached firms who then deny it.
The APT73 / BASHE / BASHE ransomware group targeted SFR, Société Française du Radiotéléphone), a large telecom operator in France, had to deny claiming to have exfiltrated 1,445,684 records containing sensitive information such as names, phone numbers, and addresses.
And in December 2024, a ransomware group claimed to have compromised an Atos database. Atos then announced that no infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed.
The picture is one of increasing attacks and increasing disruption. We must all work together to defeat a threat that may not be immediately existential to our organisation, but which is becoming a cancer on our economies and societies.
