Sectoral approach in cybersecurity: a necessity in the face of threats in critical sectors
Does cybersecurity need to take a sectoral approach? Motivated by financial or sabotage goals, do cybercriminals have a sectoral logic that defenders must respond to in a mirror manner?
Cybercriminals are becoming more professional, which implies a form of specialization. Their goals may vary depending on the target sector. Data theft, ransom, destabilization operations... their motivations adapt to economic, geopolitical and event contexts. Are all sectors in the same boat in the face of the evolving threat?
The experts gathered at our May 2024 Expert Round Table, in partnership with Sopra Steria, provided some answers.
.jpg)
Strategic sectors under threat from pirates
Malicious actors don't pick their targets at random. Some sectors are systematically in their crosshairs.
Health: a priority target
Today, the health sector is under attack on a daily basis. Some cyberattacks are taking on an insane scale. Last February, UnitedHealth, an American insurance company specializing in health, has been the victim of a cyberattack claimed by the Russian ransomware group BlackCat.
Pharmacies could no longer forward claims for their patients, creating significant delays in dispensing medication. In total, the health data of a third of Americans was stolen.
“This sector is of great interest to hackers because there is health data and personal data that are very monetizable on the dark web.“, explain Laurent Gibelli, technical and safety director of CNAM.
Finance: a prime area for cyberattacks
The world of finance remains a priority target. The potential gains are high, and the increased digitalization of establishments multiplies the exhibition area.
According to A study of sophos published in June 2023, ransomware attacks against the banking sector increased by 64% in one year. In June, data from 30 million customers of santander, Spanish bank, were put up for sale by the group Shiny Hunters.
Transport and energy: critical infrastructures under threat
Transport and energy can suffer major impacts in the event of an attack. IT systems in railways or power plants are prime targets, as their disruption directly affects society.
“These two sectors are slightly less affected, but the impact of cyberattacks is extremely strong.“, explain Fabien Lecoq, security director at Sopra Steria.
Thus, several sectors stand out from the crowd. But the target map may change depending on the events.
The impact of context on cyberattacks
Hackers often adapt their strategies according to events.
“There are attacks linked to geopolitical upheavals“, light up Henry Hemery, CISO from GRDF.
“There is a real event phenomenon, as was the Olympics.“, adds Fabien Lecoq.
During Paris Olympic Games 2024, cyberattacks have been multiple : counterfeit banknote fraud, password spaying, sabotage attempts, fraud on the president... A clearly opportunistic approach.
Crises also influence targets. “For the Olympic Games, for example, the field of chemistry or pharmacy is likely to be less affected. However, during Covid, the groups of attackers generally targeted these sectors.“, confide Fabien Lecoq. THEEuropean Medicines Agency (EMA) was particularly targeted in 2020 when it was deliberating on the authorization of several vaccines against Covid-19.
As pointed out Arnaud Martin, director of operational risks at the Caisse des Dépôts group:
“The sector is only the window that a major event like the Olympics can offer. It's opportunism. We are not on something that will specifically attack the banking sector, for example. The sectoral approach is in fact the event and everything that is connected.“
Diversity of attackers' motivations and strategies
Each hacker has their own motivations.
“Each attacker has different goals. Some will want to make financial gain, others will want to destabilize a business because there is a competitor.“, declares Carlos Martin, cybersecurity director at La Banque Postale.
Competition and cooperation between attackers complicate the landscape.
“There is also a form of competition between attackers. For example, some will have an interest in the Olympic Games taking place to evade counterfeit bills, others will do everything to disrupt the operation.“, confide Henry Hemery.
“Hackers use the methods of other hackers and manage to reach several sectors. They complement each other“, explain Laurent Gibelli. This complementarity maximizes their chances of success and diversifies the targets.
Do we need a sectoral approach in cybersecurity?
Can the same cybersecurity be offered to a major bank, a medtech or a car manufacturer? Probably not. The key element: risk analysis.
Each strategy should start with solid analysis, which will vary depending on the sector and regulatory context. Banks protect themselves against fraud and the theft of sensitive data. Hospitals need to secure critical medical information or risk putting lives at risk.
By adopting a sectoral approach, cyber defenders can better understand the threats specific to each domain, adapt tools and protocols to legal requirements, and build resilience in the face of targeted attacks.
This specialization is not only used to react effectively: it allows proactively prevent incidents. And in a context where threats are both specialized and opportunistic, the sectoral approach is no longer an option: it is the only way to anchor cybersecurity in the reality of threats.
To find all our other items, see the complete library of our cybersecurity articles.
As for our programs, from which this article is based, you can check out our YouTube channel.
.avif)