Lise Charmel hit by phishing cyberattack
On November 8, 2019, 1,150 employees of the Lise Charmel Group, including 400 in the Lyon region, found themselves with files, data, and workstations "encrypted in France and abroad," as explained by Olivier Piquet, Chief Executive Officer. The Lyon-based French manufacturer of underwear, nightwear, corsetry, and luxury lingerie had just been the victim of a phishing attack.
The facts
According to investigations carried out abroad by forensic scientists, the origin of this cyberattack against Lise Charmel was, unsurprisingly, a phishing email, the most common type of attack, with humans remaining the most vulnerable link in an organization.
"A click on a private email account between noon and two,
on a very ordinary work computer," laments the CEO.
One click allowed ransomware malware to infiltrate the system. This type of malware encrypts and holds hostage all of an organization's data in exchange for a decryption key, which is, of course, obtained in exchange for a large sum of money in bitcoins.
"The sky has fallen on our heads."
"We were in shock for several weeks. It was incredibly violent," says
. "Production, design, logistics, stores—nothing was working. Not even the phones,"admits Olivier Piquet.
As we know, the consequences are often devastating. In addition to financial losses, there are losses related to the shutdown of business and production, the restoration of information systems, and reconstruction. "The amount of lost revenue has yet to be determined, but it will undoubtedly amount to several million euros," estimates Olivier Piquel.
Measures taken by Lise Charmel
Nevertheless, following this cyberattack, Lise Charmel showed resilience.
Not only did it decide not to give in to blackmail, preferring instead to turn to the police and IT security experts ("We want to remain discreet, but our decision was not to pay the ransom and to rebuild," said the CEO), but it also "applied to the commercial court." As a result, the group has been in receivership since February 27. This is to "shield us, protect us from any financial pressure while we catch up on production and delivery, move forward, and work with peace of mind," he explains.
Furthermore, in the interests of transparency and to protect its reputation, the company made a point of informing all its partners, producers, and customers. As a result, everyone "formed a chain of solidarity, is aware of the situation," and has supported the Group.
On a technical level, Lise Charmel was able to "put the pieces back together" thanks to the numerous backup programs he had put in place.
Cyberattack: no system is foolproof
" We had improved security, but that's not the main point,"
because no system is foolproof, says the CEO.
We must be prepared in case it happens again. "
In addition to technical solutions, it is now essential to combine organizational solutions. The human factor must become a major asset for any organization, rather than the weak link in cybersecurity.
Finally, “being prepared” means, above all, surrounding yourself with knowledgeable and vigilant employees who are aware of cybersecurity issues and trained to avoid phishing scams.
