"It's very engaging, almost stressful": a simulated XXL cyberattack in Sophia Antipolis to better anticipate risks

In a small, specially prepared meeting room at the Sophia Antipolis Business Park, the atmosphere is tense. Since 10 a.m. this Thursday, the IT services of a fictional municipality have been dealing with a worrying data leak. "The worm had been in the apple for a week ," says Kevin Heydon, digital security delegate for the Provence-Alpes-Côte d'Azur region. "It all started with an advanced detection tool, a kind of antivirus, which was itself infected by malware."

To make matters worse, just before lunch break, a countdown has begun. The hackers are demanding a ransom. If the "digital fire" isn't extinguished quickly, the confidential information being siphoned off risks being leaked or sold.

This cyberattack scenario, dubbed Rempar25, mobilized 1,000 public and private entities across France for an entire day. That's 5,000 "players" with diverse backgrounds, placing them in a real-life crisis situation.

“There is no such thing as 100% protection.”

At the center of this major exercise, hosted by the Sophia Antipolis Urban Community, is the National Agency for Information Systems Security. This government department, under the authority of the Prime Minister and attached to the General Secretariat for Defense and National Security, supports businesses and communities in strengthening their "digital hygiene," that is, their cybersecurity practices. The last simulation of this magnitude dates back to 2022.

With the rise in cyberattacks, no one is safe. "There's no such thing as 100% protection, " warns Kevin Heydon. "But cleaning up the basics is already a huge step. Often, the breach stems from something very simple." Many companies and communities are still too vulnerable. "And the impact on supply chains can be enormous."

Moreover, at the end, practical guides will be distributed free of charge to participants.

“It’s very absorbing, almost stressful.”

On the ground floor, fifty participants (1) are divided into seven groups. No computer manipulation here: " The objective is to test the right reflexes when faced with a cyberattack, to apply the right procedures and to succeed in neutralizing the threat."

Legal and financial departments, communications, IT, human resources… Everyone has to collaborate until late afternoon, all under the pressure of an intense media simulation. "It's very demanding, almost stressful," confides a member of the IT department. His neighbor agrees: "It's an essential exercise. We should organize them more often."

1. Participants: the regional cyber campus, the Nice-Côte d'Azur Chamber of Commerce, the Telecom Valley association, Sictiam, the Clusir Sud-Paca association, the Urgence cyber région Sud association and the Paca gendarmerie region.