NO ONE IS SAFE : ARE YOU PREPARED FOR THE NEXT STEALTH CYBERATTACK ?

🤖 Dear internet users and fellow Cyberdefenders,

According to a recent study by KnowBe4, nearly one in two French employees has already been the victim of a successful cyberattack. This is no longer a hypothesis. It’s a fact. The battlefield is everywhere. And we’re losing.

While some celebrate their annual audits or ISO compliance, the attackers are moving forward, adapting, bypassing. They’re not waiting for DPO approval to exploit a vulnerability. They don’t send invites for spear phishing.

The enemy is agile. You are not.

In the United States, even critical infrastructure is at risk, lacking basic defenses like firewalls and patching.

In the United Kingdom, the state has banned ransom payments after a cyberattack caused a patient’s death.

Meanwhile, deep in the web, over 2,000 MCP servers linked to AI are exposed without authentication, turning cyberspace into a hunting ground for any well-equipped script kiddie.

Yet strongholds remain. Counter-offensives are taking shape. For instance, Orange Cyberdefense just acquired Ensec, a strategic Swiss player. A clear move to fortify European cyberpower.

Think you're protected? Reality might prove you wrong.

Join those who want to understand, anticipate, and defend.

Read. Share. Subscribe. Cyberspace does not forgive unpreparedness.

HIGHLIGHTS

👉 Are the French the most vulnerable to cyberattacks worldwide? 🇫🇷

👉 U.S. critical infrastructure: a ticking digital time bomb 💣

👉 Ransomware: The UK mandates an end to public ransom payments 💼

👉 AI & MCP protocols: 2,000 unprotected servers online! 🧠

👉 Orange Cyberdefense: Swiss conquest through Ensec acquisition 🧡

If this letter was forwarded to you, subscribe by clicking this link !

🗞️​ Guess what ?

🤓​ Would you like to know more?

1️⃣​ Are the French the most vulnerable to cyberattacks ?

Summary : KnowBe4’s report highlights a structural failure in cybersecurity awareness in France: nearly 1 in 2 employees admits to having been successfully attacked. If you include those unaware of compromise, the situation is even worse. Confidence in their own abilities ranks among the lowest globally, particularly against phishing, smishing, or deepfakes. This lack of maturity arises in a context of soaring incidents reported by the government, exposing a gap between real threats and response capacity.

Details :

• Persistent human flaws : 47.7% of French employees say they’ve been victims of cyberattacks. Likely an understatement, this illustrates immature cybersecurity culture, where denial and ignorance prevail.

• Lack of confidence: Fewer than 68% feel able to detect phishing emails. Confidence drops even further for deepfakes and modern threats — a sign of poor adaptation to social engineering techniques.

• Global comparison : France is the only country in the survey with under 70% confidence. By contrast, the U.S. and the Netherlands exceed 85%, highlighting a serious cultural lag.

• Incident explosion: Over 348,000 attacks recorded in France in 2024—a 74% rise in 5 years—demonstrate the industrialization of threats, often aided by generative AI tools.

• Structural emergency : Traditional training is no longer enough. Awareness campaigns remain too generic. It's urgent to rethink strategy and adjust real behaviors and cognitive biases.

What should be remembered ?

France's vulnerability is no longer just technical—it is cognitive and cultural. The end user is now the critical weak point in an increasingly targeted ecosystem.

 —————————————————————————

2️⃣ U.S. Critical Infrastructure: A Digital Time Bomb

Summary : At the Global Cyber Innovation Summit, former NSA, FBI, and energy officials raised concerns : cybersecurity basics are being ignored in U.S. critical infrastructure. As systems interconnect and move to the cloud, the lack of firewalls, patching, and coherent authentication leaves architectures wide open to systemic attacks. Experts call for a model that’s toxic to attackers, requiring tighter norms, public-private coordination, and rapid cultural shifts.

Details :

• Basic failures : Core practices like network segmentation, MFA, and vulnerability management are too often absent. Some critical systems run without active firewalls or updated patches.

• Tech-policy gap : While politics focus on AI and quantum, field operators lack basic tools. This disconnect fuels a false sense of security.

• Network complexity : Cloud migration, AMI infrastructure, and increased interconnectivity have multiplied attack surfaces. Traditional segmentation is gone—lateral movement is easier than ever.

• Poor information sharing: Coordination between public and private sectors is still occasional, not systematic. Smaller providers often lack resources to act appropriately.

• Call to action : Experts agree—action is urgent. Endless debates hand the keys to the most determined adversaries.

What should be remembered?

America’s cyberculture gap in critical sectors puts it at risk of systemic failure unless fundamentals and standards are urgently reinforced.

 ——————————————————————

3️⃣​ Ransomware: The UK Bans Public Payments

Summary: In response to the industrialization of ransomware attacks, the UK government is taking a bold stance : no more ransom payments for public services, and mandatory reporting for private firms. The aim is clear—disrupt cybercriminal business models, while supporting entities faced with difficult decisions, especially those dealing with internationally sanctioned groups. This is part of a broader national cyber transformation strategy.

Details:

• Economic disruption : The ban cuts off funds to ransomware groups by making institutional targets less profitable.

• New governance : Private companies must now notify authorities before making any payment. This allows legal support, especially against sanctioned actors.

• Catalyst event : The attack on King’s College Hospital, which resulted in a patient’s death, shocked the nation and accelerated this policy shift.

• Long-term vision : The plan aims to make attacks less profitable and promote a coherent, industry-supported national response.

• Emerging international standard : This mirrors Australia’s approach and could inspire other European countries.

What should be remembered?

This policy signals a structured and offensive state-level cyberdefense. By targeting cybercriminal business models, the UK is triggering a strategic shift Europe should watch closely.

  ————————————————————-

4️⃣​ AI & MCP Protocols: 2,000 Unprotected Servers Online !

Summary : An analysis of nearly 2,000 MCP protocol servers—used to connect AI models to business tools—reveals a massive security flaw : no access control. This open architecture exposes critical functions to malicious actors. The fast adoption of AI, driven by “plug and play” tools, outpaces users' ability to secure them. MCP highlights a rushed tech deployment where ease-of-use trumps risk management.

Details:

• No barriers : Of 119 servers tested, none required authentication. A simple HTTP request grants access to critical functions—a worrying level of negligence.

• Sensitive tools exposed : Some servers interface with internal tools, client databases, or legal platforms, showing experimental tools in production without safeguards.

• Abuse scenarios : Attackers could exfiltrate data, exploit servers remotely, or launch Denial of Wallet attacks—draining cloud resources. Financial and reputational damage could be significant.

• Shared responsibility : While Anthropic has specified its protocol, it does not enforce security by default—leaving untrained users vulnerable.

• Maturity deficit : Easy AI tools attract users without security backgrounds. Security must be built in from the start, not retrofitted.

What should be remembered?

AI cannot thrive without solid cyber governance. MCP is a serious warning : productivity-driven protocols must embed security by design, not as an afterthought.

5️⃣ Orange Cyberdefense: Swiss Conquest via Ensec Acquisition

Summary : Orange Cyberdefense has acquired 100% of Swiss cybersecurity firm Ensec to boost its presence in German-speaking Switzerland. Ensec brings 40 experts and 130 clients in critical sectors, enhancing Orange’s local field expertise. The move supports Orange's pan-European ambitions, with local roots, technical excellence, and strengthened customer proximity—also reinforcing European digital sovereignty.

Details:

• National coverage : Previously focused on French-speaking Switzerland, Orange now covers nearly the entire country—crucial in a multilingual environment.

• Sector expertise : Ensec brings strong experience in regulated industries like finance and energy, plus skills in managed services and security consulting.

• Ecosystem logic : Integrated with Orange Business, the firm can now offer pan-European solutions while maintaining local client relationships.

• Competitive edge : This dual focus—local presence + global power—gives Orange a unique position versus purely global players.

• Continental ambition : This acquisition aligns with Orange’s strategy to become Europe’s go-to cyber partner, especially for critical sectors.

What should be remembered?

Orange is no longer just a tech provider—it aims to guarantee European cybersecurity, balancing proximity and scalability.

LIEUTENANT’S REPORT 🏆

Aembit – Identity Management for Workloads

Aembit is a U.S.-based startup specializing in Identity and Access Management (IAM) for workloads (machines, containers, cloud functions). Its platform supports zero-trust policies and automated temporary permissions.

Noteworthy :

Featured in Rising in Cyber 2025, Aembit stands out for tackling cloud-native and serverless architecture challenges. As automated workloads grow, Aembit limits privileges in time and traces every action in production. At a time when service identity vulnerabilities fuel insider threats, Aembit offers granular control that clients say greatly reduces permission-related risks.

CYBERTRIVIA - DID YOU KNOW? 🤔

In 2023, 61% of data breaches in B2B companies involved third-party partners or vendors. This phenomenon, known as supply chain compromise, is now among the most feared attack vectors by CISOs.

The SolarWinds attack (2020) remains the iconic example—but since then, SaaS vendors, cloud providers, and IT contractors have become frequent indirect attack targets.

As a result, even well-defended companies can fall victim to their partners’ vulnerabilities. 

Third-party risk management is now a strategic imperative for all B2B cybersecurity policies.

SURVEY 📊

👉️ Let me know if you need further adjustments !