‘To date, no French company has suffered a denial-of-service cyberattack of such intensity.’

Philippe Bertrand : We were hit by a DDoS cyberattack, which is a denial-of-service attack. The aim of this type of attack is quite simple: to overload access to the computer system by ‘bombarding’ it with billions of connection attempts in order to render it unavailable. This is a type of attack that we are familiar with and know how to deal with, even though, in this case, the cyberattack was unprecedented in several respects.

Philippe Bertrand : Firstly, this attack was unprecedented in terms of its technical sophistication. It proved to be extremely complex because our attackers constantly adapted to the defensive measures we put in place. It was also unprecedented in terms of its intensity. We are talking about billions of requests sent every second to our servers from millions of IP addresses, ‘zombie’ computers that hackers had taken control of. To give you an idea of the massive volume of requests directed at our online services, we recorded up to 3.5 billion data packets per second.

Finally, it was an unprecedented cyberattack in terms of its duration, as it began on 22 December and lasted until early January. No other company in France has ever suffered a DDoS cyberattack of such intensity.

It is important to note that while this attack did temporarily render our online services inaccessible, it did not result in any intrusion into our systems or any data leaks.

Philippe Bertrand : Detection capability is the top priority. We have cyber teams monitoring our IT systems 24/7. It is thanks to the strength of our organisation that we detected this attack immediately.

The second priority is response capability. We have trained teams capable of immediately implementing initial protective measures.

Then, of course, there is information sharing and coordination. La Poste is a large group. Many departments could potentially be affected, and our information systems are highly interconnected. The various teams must be mobilised very quickly so that urgent measures can be implemented with three objectives in mind: protecting our systems, preserving our customers' data and maintaining the operational functioning of the company. We were able to quickly complete these various steps, which enabled us to contain the attack, despite its severity.

Philippe Bertrand : No matter what measures are put in place, no organisation can prevent cyber attacks. Our responsibility is to have the means to deal with them. That is what we are doing. We have never been at a standstill. Our industrial sites and post offices have continued to operate. As proof, we delivered 180 million parcels during the holiday season, in line with our forecasts, and our customers who wanted to withdraw money were able to do so. La Poste Group stood strong thanks to the collective efforts of its 400 cybersecurity experts, postmen and women, and customer service representatives in post offices.

Philippe Bertrand : Two years ago, an attack of this magnitude was technically unthinkable. As computing power advances, malicious actors are also becoming more dangerous. We are no longer dealing with isolated hackers looking to make a splash, but with increasingly structured criminal organisations, sometimes backed by states, which have enormous resources at their disposal. While the number of attacks we suffer remains fairly stable, their power and intensity are increasing. That is why we are constantly adapting and will continue to raise our security levels. We also rely on exchanges with cybersecurity managers at other large companies and with government agencies such as ANSSI* and DGSI**, which are investigating this attack.

*ANSSI: French National Cybersecurity Agency. **DGSI: French General Directorate for Internal Security.