Cybercrime: the experience of Giorgetti and Grosbusch, members of the Fédération des Artisans

Banque de Luxembourg and the Luxembourg craft federation, the Fédération des Artisans, have joined forces to deepen our understanding of cybercrime and its impact. Our awareness campaign focuses on hearing directly from businesses that have suffered a cyberattack.

In this second part of our campaign – a podcast – two of Luxembourg’s leading companies, Groupe Giorgetti, represented by Jean-Marc Sertic, Chief IT Officer, and Grosbusch, represented by CEO Goy Grosbusch, talk openly about their experience.

Listen to Giorgetti’s and Grosbusch's stories (only available in Luxembourgish)

Listen to the podcast

Podcast key points

• How the cyberattacks happened. The cybercriminals took advantage of a security breach on a Web server to install malware that encrypted part of the companies' infrastructure and rendered it useless.
• Real-life stories telling what happens before, during and after an attack.
• Practical advice and tips to prevent risk and protect business continuity.

What the experts advise

Adding to the lessons from these accounts, Charles Sunnen, Head of Corporate Business Development, and Samuel Lamort, Chief Information Security Officer at Banque de Luxembourg, bring their expert insights on the challenges of cybercrime and explain the best practices to implement.

• Anticipate the risks and call in an external specialist to assess the security of your infrastructure and make sure you are up to date with the latest best practices. It’s better to act straightaway rather than waiting for the breach to happen before taking action. The cost of investing in prevention is always lower than the cost of managing and remediating a successful cyberattack.
• Step up vigilance. Be extra alert to sources of compromise, especially emails (sender identity, message content, hyperlinks, attachments), text messages, instant messages and phone calls. Remember, your bank or LuxTrust will never contact you to ask for your account confidential login information.
• Set up strong authentication (two-factor authentication) for all remote access and strictly apply the principle of least privilege to ensure users only have access to what they absolutely need.
• Maintain strict software security by regularly applying operating system, anti-virus and software updates and security patches.
• Prepare your organisation to deal with a cybersecurity incident by defining and regularly testing appropriate procedures. External service providers can run penetration tests to pinpoint potential vulnerabilities and assess the resilience of your infrastructure to realistic attack scenarios.
• Respond immediately to anything unusual in an email, on a workstation or in your IT infrastructure. Increasing awareness across the organisation is a crucial part of your cybersecurity system. Ensure staff understand best security practices and how to detect signs of compromise.
• If in doubt or an incident occurs, contact your bank immediately to prevent any further fraudulent transactions. LuxTrust Mobile app users should contact LuxTrust support to block the use of their digital ID.
• When a cyberattack is confirmed, report it immediately to the competent authorities and arrange for a thorough analysis of your workstation or infrastructure by a specialist or CIRCL (the Computer Incident Response Center Luxembourg).
• Strengthen payment authorisations: where possible, introduce multi-level controls, such as joint signatures or double confirmation. This type of system significantly reduces risk, since compromising one workstation is not enough to make a fraudulent transaction.

Key takeaways

 

Click here for an interview with another businessman, Nico Betzen manager of Ferronnerie d'Art Nico Betzen S.A.