When it comes to IT risk, small businesses are often the poorest. Operating on staff and often reduced resources, few can afford to have employees responsible for the security of their information system. Most of the time, this task therefore falls into the hands of the manager or IT manager of the company, who is not necessarily trained in security practices. To better reach this public, Anssi and Cybermalveillance.gouv.fr are today launching a new alert system on security breaches for these companies.
To business leaders: faced with the cyber threat, the @gouvernementFR and inter-professional organizations are by your side ➔https: //t.co/HpgcYy71dP
More info on the new alert system #cybersecurity ⤵️ pic.twitter.com/WujQuTjpaL
– Cedric O (@cedric_o) July 20, 2021
This new initiative aims to respond to the growing challenges in terms of cybersecurity and to offer a new tool intended for “small victims”, structures and organizations that are not covered by Anssi.
A CERT light
The objective will be to raise awareness and alert business owners with alerts on vulnerabilities, like what an organization like CERT-Fr already offers, but adapted and simplified to reach an uninitiated public. “The objective is to try to focus on the most important flaws so as not to flood companies with alerts that are not relevant” specifies Jérôme Notin, director of the Cybermalveillance.gouv.fr platform, at center of the device.
The operation of the alert is fairly simple: Anssi and Cybermalveillance.gouv.fr will analyze the known flaws and decide to activate the alert when a security flaw meeting the criteria is identified. The alert will consist of a brief summary of the risks, a description of the vulnerability, the systems concerned and finally the corrective measures to be taken to protect the system.
“We want to focus on dangerous flaws, which affect a large number of devices, and for which a fix is available,” explains Jérôme Notin. Criteria that should make it possible to sound the alarm bells between 2 to 5 times a year, by an email sent directly to the member companies of the employers’ organizations involved in the project.
This alert system is based on the partnerships forged between Cybermalveillance.gouv.fr, Anssi and the employers’ organizations such as Medef, CMPE and U2P “Through these partnerships, we hope to reach several hundred thousands of companies ”explains Jérôme Notin. No need to register or take any particular action to benefit from it, companies that are members of employers’ organizations will receive all alert messages automatically.
It is also within Medef that the idea germinated, explains Christian Poyau, chairman of the Medef technological changes and societal impacts commission: “The basic idea was to recreate something like weather alerts in order to “alert small artisans and small businesses to flaws that can affect them and that they can correct,” he says.