Cybermatine Scurit Nouvelle Aquitaine: Focus on the cyber strategies of Cdiscount and Dekra

Cybermatine Scurit Nouvelle Aquitaine: Focus on the cyber strategies of Cdiscount and Dekra Cybersecurity

For its penultimate stage of its cybersecurity tour of France 2020, in the New Aquitaine region, the editorial staff of Le Monde Informatique had the opportunity and the pleasure of speaking with the RSSI of Cdiscount Steve Herv – great witness of the morning – and Also Dekra’s IT, security and infrastructure manager, Christophe Coutant. Olivier Grall, regional delegate of ANSSI put cyber crime in perspective during a crisis period and spoke in debate alongside Police Commissioner Paul Bousquet and Ntech investigator from the National Gendarmerie Jean-Christophe Fedherbe.

While deconfinement was announced on May 11, the possibilities of carrying out physical conferences remain fragile. Continuing with the momentum of the first 4 stages of its Cybermatinée Security event, the editorial staff of Le Monde Informatique proposed a TV program broadcast on June 17, 2020 (recorded on June 9-10) devoted to the challenges of cyber security in the New Aquitaine region . The latter was articulated around several feedbacks and practical cases, a debate on the keys to raise awareness and fight against sophisticated attacks and also a great interview. This event was carried out in partnership at local level with Clusir Aquitaine, Cefcys, Club DSI Nouvelle Aquitaine and Digital Aquitaine as well as at national level with AFCDP, ANSSI, Cesin, Clusif, Gendarmerie Nationale and the National Police. For this morning, we thank the sponsoring partners who accompanied us: Darktrace, Eset, Rubrik, Trend Micro, Veeam as well as VMware / Cheops Technology.

For this New Aquitaine edition of Cybermatinée Safety 2020, we had the pleasure of exchanging with Paul Bousquet, Police Commissioner and Head of the financial division at the PJ of Bordeaux, Christophe Coutant IT Security and Infrastructure Manager of Dekra, Jean -Christophe Fedherbe, Ntech Investigator at the National Gendarmerie, Olivier Grall, New Aquitaine Territorial Delegate of ANSSI, Steve Hervé RSSI of Cdiscount, Patricia Jessé RSSI at the Ministry of the Armed Forces as well as Chloé Rousselet, member of the AFCDP.

Watch the entire TV show Cybermatinée Sécurité Nouvelle-Aquitaine

“There was an upsurge in cyber attacks, opportunistically during the Covid period,” said Olivier Grall, Territorial New Aquitaine delegate for ANSSI. (credit: LMI)

Among the highlights of this morning: the great interview of the editorial staff of LMI with Steve Hervé, RSSI of Cdiscount: “We have multiple defenses to protect ourselves from cyberattacks, relatively conventional technical means such as anti-DDoS mechanisms, firewall, and WAF, but also human resources: we carry the SOC of Cdsicount but also Casino, Franprix and Monoprix by constantly monitoring attempts to attack that would be potentially malicious, “explained Steve Hervé. “I am fortunate to have a pen test team by my side, it’s very interesting to be very agile, it’s a great advantage to be close to our development teams and do our tests in support developers. But it’s also interesting to have an external look, we’re also working with Yogosha for bug bounty, it’s a good approach which has the advantage of calling on the best hackers on the planet. “

Having several activities to its arc, Dekra is beyond technical control centers, also specialized in the management of automobile fleets whose entity is located in Gironde. As part of this activity, the company has developed Starfleet back office software, created in 1997, which was redesigned in 2012 before moving towards more agility and modularity. “We chose to go to Azure with Kubernetes Service. Our goal is to get out of the monolith with microservices, to have an improved delivery frequency and time to market, the maximum use of the possibilities of a Kubernetes type orchestrator and new DevOps design methods ”, a explained Christophe Coutant IT Security and Infrastructure Manager of Dekra. “On our production environment our servers are behind a next generation firewall with network filtering on the KB cluster and access to services, we secure the application with images by not letting the developers choose it for the containers, and put the nose in the source code to store usernames and passwords in Keyvault type safes on Azure. We use a registry container in which we have more than Validated and hardened images, patched every night, we do privileged account management, we block the root, we only apply users who only run this which is necessary ”.

Police superintendent, head of the financial division, PJ de Bordeaux

“There has been a sharp increase in phishing in a classic but more voluminous manner taking advantage of the crisis,” said Paul Bousquet, Police Commissioner and Head of the financial division at the PJ of Bordeaux. (credit: LMI)

Watch the entire TV show Cybermatinée Sécurité Nouvelle-Aquitaine

“There is a resurgence of cyber attacks, opportunistically in the Covid period, we find in the winning triptych ransomware which remains one of the main local threats, quite a few scams which use digital media to reach targets, and in third part, an upsurge in the exfiltration of data for economic purposes vis-à-vis local strategic companies, whether small or large, “said Olivier Grall, regional delegate of ANSSI who spoke in the debate on Cybermatinea Security New Aquitaine. “There has been a sharp increase in phishing with false emails from the Taxes, health insurance that have benefited from state aid, false emails from the ARS, from the World Health Organization, in the classic way but larger taking advantage of the crisis. Cybercriminals have also used RSDs to send fakes but to physge via fake Windows sites to commit scams to false transfers, “said Paul Bousquet.

Source: www.lemondeinformatique.fr

Rate article