In this article, we will see what the current threats are, their impacts on communities, and the protection strategies to put in place to secure local infrastructures and maintain the trust of citizens.
Illustration depicting cybersecurity with a hand typing on a laptop keyboard, and a lock icon surrounded by digital connections and protection symbols, suggesting the security of data and digital communications.
Digital services for public communication
Wherever they are located in France, local authorities face three major digital challenges: e-government, e - democracy and the dematerialization of calls for tenders . Ensuring an efficient and continuous public service requires being aware of this.
Electronic administration is now a strategic tool for public service. The French now have access to their town hall from their phone or computer . After the COVID-19 health crisis and the various lockdowns that followed, this approach has become more widespread, including in small municipalities. Online forms, personal space to manage services, etc., many procedures are just a few clicks away. But taking cybersecurity issues into account is essential to avoid chaos in the event of breakdowns or cyberattacks.
This is also the case for e -democracy, namely everything gcash database that concerns interactions between the community and the citizens . If the digital media vary (strong interaction with direct exchanges, moderate interaction with online surveys or social networks, weak interaction with occasional feedback), cybermalveillance makes no distinction. Targeted cyberattacks can thus lead to loss of personal data, which would break the trust of citizens and impact their future participation.
As for the dematerialization of calls for tenders, although it has made life easier for SMEs , it is also vulnerable to cyber risks. The slightest attack can significantly harm the credibility and economic efficiency of communities .
In any case, it is important to understand that the impacts can be direct (data theft, interruption of administrative services, etc.) or indirect (financial costs for restoring digital services, damage to reputation, legal consequences, etc.). For all these reasons, public actors must be extra vigilant.
Webinar
Cybersecurity: How to prevent cyberattacks on your website?
Watch the webinar
Cyber risks vs. public digital
During this summer of 2024, the AP-HP was faced with the paralysis of its servers . This obviously affected its digital tools and public services, such as welcoming patients, reading medical analyses or transmitting files. Although it has since been confirmed that this was a breakdown and not a cyberattack, this incident still reveals the significant risks to which communities and territories are exposed in terms of cybersecurity. An issue that was subsequently confirmed with a flaw detected at a Microsoft service provider.
With more than 5 million employees in France , public services, administrations and communities are a prime target for cyberattacks. According to the 2023 activity report " At the heart of cyber action ", published by the GIP ACYMA ( Public Interest Group Action against cybermalveillance), phishing represents the main threat to local authorities, with 27% of requests for assistance , an increase of 26% compared to 2022. Note that there are different types of phishing: emails , SMS ( smishing ) , phone calls ( vishing ), publications on social networks, sponsored links on search engines, or even QR codes.
Whatever happens, these forms of cybermalware seek to provoke a sense of urgency or interest in victims, in a legitimate and credible way, to encourage them to take action . This may involve extracting personal or confidential data from them (passwords, credit card numbers, validation codes), or even making them download malware or a virus to take control of their device.
After phishing, ransomware attacks account for 21% of incidents, followed by online account hacking at 17.5%. Although these figures have changed little in terms of proportions, the increase in volumes is alarming: +73% for website defacements, +71% for malware and +54% for fake technical support fraud. There is even a 45% increase for data breaches.
Table showing the main cyber risks for communities in 2023.Table of the main cyber risks for communities in 2023
(source: 2023 activity report “At the heart of cyber action”, published by GIP ACYMA)
For communities, these are all constantly increasing threats which illustrate the need for better protection:
Sensitive data ( civil status, social benefits, finances);
Online services ( payment of fines, tax returns, school registrations, canteen management, etc.);
Systems and infrastructures (information and communication systems, energy networks, etc.).
The role of public policies and the legislative framework
To counter these increasingly numerous acts of cyber-maliciousness, public policies have legislated and introduced strict regulations. These have three main objectives:
Strengthening user confidence in digital services;
Guarantee the protection of their personal data and the infrastructures that host them;
Protect vital activities and essential services.
