Hello ️🎉,
Welcome back to the January edition of the IT Recap. I think everyone can see it coming: we're going to talk about Donald Trump, who has already taken a number of measures as soon as he arrived. Don't worry, I'm not going to talk politics, I'm going to talk cyber.
Clusif held its 2024 panocrim. I'm going to give you a debrief on the Olympics.
📅 Today's agenda:
👉 Go !!
Before we start, I invite you to follow us 👉️
Organizing the Olympic Games means managing an ultra-connected, ephemeral city, where every IT system must function without a hitch... while at the same time being the target of continuous cyber-attacks. A titanic mission requiring over 4 years of preparation and constant vigilance.
The threat was real: 55 billion cybersecurity events detected, 71,000 alerts processed, and 2,200 incidents requiring human intervention.
DDoS, physical intrusion attempts, targeted phishing, supply chain attacks... The attackers were well prepared, but the cyber team was even more so.
The SOC (Security Operations Center) ran 24/7 for eight weeks, with around a hundred experts on permanent rotation. Field teams, nicknamed the "running squad", criss-crossed the sites to identify and correct vulnerabilities before they became exploitable breaches.
Passwords on Post-it notes? Data center doors stuck open? Fixed in a hurry, because every detail counted.
So how do you explain the fact that, despite this tsunami of threats, the Olympic Games went off without a major incident?
Three pillars have made the difference:
🔹 Anticipation: Preparation started very early, with repeated simulations and training.
🔹 Expertise: An ecosystem bringing together the best experts, both from private partners and public authorities.
🔹 Cooperation: Working hand in hand with ANSSI, the major cybersecurity players and all the stakeholders in the Olympics.
But above all, the key is people. Massive awareness-raising, intensive training, and a close-knit, sharp cyber team. A few months before the Games, a targeted spear phishing simulation showed impressive results: 0 clicks on malicious links. Proof that preparation pays off.
Cybersecurity for the 2024 Olympics is a success because it was a collective effort.
A reminder that safety is first and foremost a question of preparation, rigor... and the people who make the difference.
Source: Clusif conference, January 23, 2025 - speaker Franz Regul, cybersecurity director, COJOP Paris 2024.
Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news
The Trump administration recently disbanded key committees such as the Cyber Safety Review Board (CSRB), which investigated major cyberattacks such as "Salt Typhoon", attributed to Chinese-backed hackers. This decision is part of a drive to rationalize public spending and centralize initiatives for more direct management of national priorities. The aim seems to be to limit costs and avoid dispersal of effort, while favoring a more centralized approach to cybersecurity issues. However, it does raise concerns about the impact on cybersecurity.
I pushed the analysis further with this thought: what's the point? Perhaps the USA doesn't want to offend China, with whom tensions are already high. Independent experts will have no difficulty in pointing out security flaws in the American system, which the administration has no desire to show. A little opacity is preferable.
While this decision reflects a desire to simplify structures and refocus efforts, it could also create vulnerabilities in the medium and long term. Cybersecurity, a complex and constantly evolving field, requires a balance between administrative efficiency, international collaboration and the ability to adapt to emerging threats.
Source : LeMagIT
President Donald Trump recently rescinded Joe Biden's executive order framing the risks associated with artificial intelligence. This decision aims to stimulate technological innovation by removing regulations deemed restrictive, but raises debates about its short- and long-term impacts.
The repeal will accelerate the development of AI by reducing bureaucratic constraints. American companies will be able to bring their products to market more quickly, strengthening their competitiveness against powers such as China and Europe. This more flexible framework encourages investment and innovation, particularly in start-ups and emerging technologies. At the same time, a new working group will propose a national strategy to maintain American leadership.
However, the absence of regulation increases the risk of abuse. Technologies could be deployed without sufficient assessment of their ethical and security impacts, exposing the public to algorithmic biases or cyberthreats. What's more, this approach could weaken responsible AI initiatives and complicate international relations, particularly with the European Union, which advocates strict regulatory frameworks.
The balance between innovation and regulation will be crucial to prevent these advances from becoming sources of new societal challenges.
Source : APNews, TheVerge, LeMagIT
In 2024, CNIL observed a significant increase in personal data breaches, with a 20% rise on the previous year, reaching a total of 5,629 reported incidents.
Several of these breaches involved large-scale databases, affecting millions of French citizens. Faced with this worrying situation, the CNIL recommends that organizations strengthen their security measures to protect the personal data they hold.
At the same time, the re-use of personal data has become a central issue. The CNIL points out that any re-use must comply with the fundamental principles of the RGPD, in particular compatibility with the initial purpose of collection, obtaining the explicit consent of data subjects in the event of a new purpose, guaranteeing data quality and security, and informing individuals of their rights.
It is essential for organizations to remain vigilant and implement appropriate measures to ensure the protection of personal data, both when it is collected and when it is reused.
Source : CNIL
Would you like to receive our white paper on identity and access management?
Kiabi : cybercriminals penetrate 20,000 customer accounts, accessing personal data such as surname, first name, address and 🥁 IBAN. This attack is most likely of the credential stuffing type i.e. your data is sold and hackers attempt numerous sites with email + password (which is reused all the time).
Showroomprivé : a series of attempted connections to customer accounts has taken place. We are still dealing with a crendial stuffing attack. Showroomprivé has identified the accounts concerned and reset their passwords.
E.Leclerc: attempts to access Primes énergies accounts. The company recommends changing passwords. The data exposed includes surname, first name, e-mail address, login details, password, account number, etc.
Several sports federations: 4.5 million items of data were exflited. The federations concerned are: boxing, motor sports, motorcycling, roller skating & skateboarding, archery, mountaineering and climbing, strength, sports and culture.
ENGlobal: an American company that manages engineering and automation services for the US federal government and critical infrastructures has been hacked. Personal data compromised and access encrypted.
Deepseek : a vulnerability was exploited and 1 million lines of logs were exposed. It included clear discussions, API keys and back-end development details.
The right rights for the right person
Assigning the right rights to the right person also means regularly checking that this policy is always correctly applied.
At Youzer we have a module called 'alignment' which enables you to check that each user has access and rights in line with their basic profile.
Profiles are managed by application packages.
=> Youzer warns you if there is a discrepancy between the package that has been applied for a user and the accesses and rights currently assigned to him/her.
If the discrepancy is real, an automatic correction is suggested, otherwise you can ignore the recommendation.
Thank you for reading me this far!
Any feedback, want to discuss a project?
I'm here for that 👋.
We've sent you the newsletter and you think it's great? Sign up here 👇
Sharing this newsletter is what keeps it alive!
Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!
I'm Mélanie and I'm Youzer's marketing manager.
About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP 🧙🏼.
I do running and collective sport roller (don't look for it, it's dangerous).