1,000 and one ways to get hacked!

Long confined to technical teams and insiders, cyber security is now a strategic issue for management committees. For decision-makers, the question is no longer whether an attack can occur, but when, and above all at what cost. Because these days, even the smallest vulnerability can tip a company into crisis.

At the One to One Retail E-Commerce event, the ‘1,000 and one ways to get hacked’ conference set the tone. Brice Augras, President and cybersecurity researcher at BZHunt, took a sharp look at a reality that is all too often underestimated: the digital world is not only interconnected, it is also structurally vulnerable. And players in the retail and e-commerce sectors are now priority targets.

‘The image of the criminal hacker still clings to us, but that's not our reality’, he begins. This enthusiast works with teams who, for the most part, have trained themselves as self-taught individuals, and whose expertise is based on tens of thousands of hours of practical experience. Their day-to-day work involves detecting vulnerabilities before the attackers do, testing defences and helping companies to get ahead of the game.

In just a few years, the face of cyber security has changed. Faced with a growing threat, cybercriminals have organised themselves on a massive scale: HR teams, customer support, sales force... their organisation borrows all the codes of the company, except for one detail - they operate outside the law. This worrying degree of professionalism is upsetting our reference points and making it harder to fight back.

In e-commerce, some vulnerabilities are disarmingly simple. Manipulation of URLs, lack of control over prices or quantities, errors in business logic... Brice cites real-life examples: mattresses obtained free of charge via a bug, tickets sold for 10 cents because of an incorrectly checked field. These are not ultra-technical attacks: often, a simple click can cause a massive loss of sales or a reputational crisis.

And artificial intelligence doesn't help. Quite the opposite, in fact. While it optimises the customer experience, it also enhances the quality of the attacks. ‘Phishing written by an AI no longer contains any mistakes. Audio or video deepfakes can imitate personalities or people to perfection. Some attackers go so far as to manipulate AI assistants to obtain sensitive information’, warns Brice.

Faced with this situation, decision-makers need to change their approach. Cybersecurity is no longer an IT cost line; it is a lever for resilience, governance and trust. It affects a brand's reputation, customer relations and, ultimately, business continuity.

Brice advocates an integrated approach: mapping data, segmenting access, hosting critical models locally if necessary, and above all, never entrusting an AI with data it shouldn't see. ‘One user = One model = One dataset’, he sums up.

At the heart of this transformation lies one imperative: to acculturate organisations. Because a good tool is not enough if employees don't know how to use it, or if management doesn't take ownership of the issues. ‘Cyber is not just a matter for experts. It's a strategic issue that truly affects everyone - and spares no one.

1000 et une façons de se faire hacker !
Listen to the recording