Cyber security is now a major concern for French local authorities. In recent years, they have become a prime target for cybercriminals. According to the government’s latest study on the maturity of local authorities in terms of cyber security, ‘1 in 10 local authorities say they have been the victim of one or more cyber attacks in the last 12 months’. And the consequences of attacks can be dramatic for public services and citizens. What are the challenges facing local authorities in this area? How can they strengthen their resilience to cyber attacks?
The rise in cyber attacks against local authorities
Local authorities have never been so exposed to the threat of cybercrime. According to a recent report published by the Banque des Territoires, computer attacks targeting local authorities are on the rise again in a worrying way. Despite a relative drop in ransomware attacks in 2023, with 40 incidents representing 22% of the incidents handled by ANSSI between January 2022 and June 2023, local authorities remain highly exposed to these threats due to their chronic lack of resources dedicated to cyber security.
Ransomware, malicious software that encrypts data and demands a ransom, remains particularly destructive for local authorities. The financial and operational damage can quickly reach considerable sums, not to mention the loss of public confidence.
Read also: Cybersecurity report 2024 and outlook for 2025: what are the trends?
The Senate launches a targeted legislative response
In response to this alarming situation, the French Senate has decided to explicitly include support for local authorities in terms of cyber security in a new legislative text. The aim is to strengthen the support provided to local authorities in terms of preventing, assisting and managing cyber attacks.
The legislation includes measures to facilitate local authorities’ access to technical and financial resources, thereby strengthening their resilience in the face of the cyber threat. The parliamentarians’ stated aim is clear: to create an environment conducive to greater cyber security at local level, through training, support and closer collaboration with specialist bodies such as the “Agence nationale de la sécurité des systèmes d’information” (ANSSI).
The Senate has clarified precisely which public bodies are covered by this directive. All major local authorities are included, but agglomeration communities that do not include at least one municipality with a population of more than 30,000 have been excluded from the scope of essential entities, in line with the position defended by the Association of French Mayors (AMF). The text also specifies the economic sectors concerned, in particular heating and cooling networks, hydrogen and wastewater treatment.
Local authorities: a weak link despite growing awareness
Awareness is certainly growing among local authorities, but there is still a long way to go. According to the Banque des Territoires report, inadequate training, a lack of in-house expertise and often restricted budgets make local authorities particularly vulnerable.
What’s more, local authorities are having to deal with the digital transformation of their services, which further increases their exposure to cyber attacks.
Smaller authorities are particularly vulnerable because of their limited resources. Cyber criminals exploit these weaknesses to gain access to sensitive data, disrupt essential services or extort funds.
Yet few are aware of the danger: according to a study conducted by Cybermalveillance.gouv.fr, the assistance platform for victims of attacks, 65% of local authorities with fewer than 3,500 inhabitants think that the cyber risk is low or even non-existent, or do not know how to assess it.
‘We note that the gap is widening between the smallest local authorities, which still think that they cannot be potential victims, and those with more than 1,000 inhabitants, which are stepping up their efforts. More than ever, therefore, it is necessary for the subject of cyber security to become everyone’s business, and for local authorities of all sizes to continue to be made aware of the issue so that they can take the necessary measures to protect themselves in the best possible way.
The importance of prevention
Faced with these challenges, prevention is the best strategy. Raising awareness, training and equipping public servants and local councillors has become essential. Implementing strict IT security policies and raising awareness can significantly reduce the risk of successful attacks.
It is becoming essential to implement technical solutions tailored to these specific environments. For example, the use of tools to secure information exchanges, protect internal networks and prevent the introduction of malicious software is becoming essential.
Among the practical solutions available to local authorities, decontamination of USB peripherals remains one of the most effective. USB sticks are one of the main points of entry for malicious software into local authority information systems.
Tyrex Cyber offers an innovative and particularly effective USB decontamination solution. By installing decontamination terminals, civil servants and elected representatives can analyse and clean their removable peripherals before plugging them into their local authority’s IT network. In this way, they are protected against a wide range of malware.
Are you a local authority looking to strengthen your cyber security? Discover the Tyrex Cyber solution today and protect your infrastructure for the long term.