Cybercrime knows no crisis. According to Orange Cyberdefense, the number of cyberattacks in France increased by 13% in 2021. The first attack method used by cybercriminals: phishing, over 80% of attacks. In terms of financial losses, Cybersecurity Ventures estimates the amount of extortion extorted from companies around the world in 2021 at $6,000 billion, and in 2025, the loss forecast is $10,500 billion!
Faced with the proliferation and variety of cybercrime methods—phishing, denial of service, cyberfraud, CEO scams, and more—companies are increasingly weakened and lost when they fall prey to them. Who to notify? What steps to take?
Cybercrime: a legal framework that is still too fragile
In theory, any company that is the victim of a cyber attack or cyber fraud should quickly file a complaint with the nearest police or gendarmerie. But, if such an approach is relevant for insurance, then for the conduct of legal proceedings it turns out to be ineffective or even ineffective. And for good reason: complaining is often useless. Written by gendarmes and police commissioners, whose daily lives rarely face this kind of situation, it suffers from a lack of useful information for understanding the working methods of cybercriminals and their profiles.
For their part, the contractors, completely distraught by the situation, do not collect or provide elements related to the attack. Outcome: Complaints are unusable because they are not well documented or too disparate to be tangible data.
In an attempt to curb this situation, report templates have been developed and made available to these professionals to provide support and assistance in their testimony. A commendable initiative, but which, alas, is ultimately ineffective, because the existence of these models is often not known, and they quickly become obsolete.
Another drawback: the lack of communication between the police and the gendarmerie and between the brigades. Once a complaint is registered, it is saved and… forgotten. Thus, cross-references with other cases become impossible, greatly reducing the chance of detecting malicious networks.
Finally, for image reasons, many companies prefer not to notify the police and gendarmerie in the event of a cyber attack.
Whether it is the reasons for the shortcomings in filing complaints or the lack of them, the consequences are the same: France lacks reliable information to effectively combat cybercrime.
Solutions to strengthen the fight against cybercrime
We know that the daily life of police stations and gendarmerie consists of many and varied activities. In this abundance, cyberattacks and cyberfraud are rare offenses and considered minor compared to what they have to deal with. Therefore, it is difficult for them to succeed in activities that they practice only from time to time. In this context, why not reorganize these activities and connect the national territory with police stations and/or gendarmerie trained in this type of business? This professionalization will allow streamlining the filing of complaints through better control of the elements that need to be collected, some standardization of documents and the exchange of all information collected in these bodies. Essential foundations for better cyber defense management.
Another leverage: raising awareness among companies about best practices to follow in the event of a cyberattack. It is necessary to inform them upstream about the main elements to be collected in case of fraud and/or attacks: phishing emails, fraudulent ribs, IP addresses, etc. Very often they erase all this data, too concerned with recovering their computers.
Finally, the third lever: the consolidation of all data and information related to cyber attacks by companies. Because if companies are deploying solutions to combat cyberattacks, the number of hackers and their increasingly effective professionalism allow them to interfere with these tools. The only way out is to join forces to get to know cybercriminals better, understand their working methods and apply common fighting techniques. Without this cyber defense community in place, companies will not be able to fight cybercrime.
Process initiated by the Ministry of the Interior
It is from this perspective that Minister of the Interior Gérald Darmanin announced during FIC 2021 the creation of a national cybercrime service, integrating police and gendarmerie services. “Cyber is a new area of wrongdoing that affects every Frenchman, every company, every administration. It would be pointless to reserve it for the force, it’s like saying now only the police have a car,” he said. But in mid-January, the project was suspended due to lack of approval. between two bodies, each of which considers it most legitimate to carry out this mission.
An unfortunate decision when you know the importance of data in understanding and fighting cybercrime. It’s time to share all the information regarding cyber attacks and cyber fraud in order to get the means to prevent intrusions and take action.