The Musketeers, giants of the mass distribution sector, are one hell of a computing machine. Their activities require them to do so. Managing the cyber protection of such an entity is not easy, but the group shows ingenuity.
When we weigh nearly 48 billion euros in turnover, have nearly 4,000 points of sale, 56 factories, 45 logistics bases, 2,300 trucks, and rely on 150 000 employees, you have to have strong backs. Although the Les Mousquetaires group is one of the examples to follow in terms of IT security, it is not spared from hackers.
In Monaco, during the Security Conference, we questioned Fabrice Bru, cybersecurity director at Stime, which is none other than the information systems department (DSI) of the Les Mousquetaires group. Organization of cybersecurity for store employees and customers, identification of threats and attacks suffered, the expert did not rule out any subject at our microphone.
The Musketeers, a unique group of its kind, which requires a real cyber strategy
It is worth remembering that Les Mousquetaires is an entity which takes the form of a group of 7 brands: Intermarché and Netto for food; Bricorama, Bricomarché and Brico Cash for equipment and the home; and Roady and Rapid Pare-Brise for mobility. It is a cooperative of independent entrepreneurs, with boards of directors led by members. Owners of their store, they help to manage the group’s strategy during third-time work (a solidarity contribution allowing them to manage the Mousquetaires on a voluntary basis, 2 days a week).
Cybersecurity is taken very seriously at Les Mousquetaires, to the point that it has become, under the leadership of Fabrice Bru in particular, a sovereign function. It is regularly mentioned when members leave their store to meet in the Paris region, during STIME board meetings.
The major axis on which the Les Mousquetaires group is positioned is the detection of attacks. Risk scenarios; establishment of a SOC (operations and information security center); reflection on the uses of access to points of sale; protection of the “customer loyalty” aspect and the Drive service… You have to think of everything. And the group started from afar.
What priorities in the cyber strategy?
When he arrived at Stime, Fabrice Bru inherited almost obsolete systems, based on shared accounts. “ We worked on securing the computer stations that we make available to employees. », he explains to us. This goes from factories to points of sale and even the famous connected scale used to weigh fruits and vegetables, which is an information system. “ We worked with members to identify key point-of-sale processes, such as cash collection or customer loyalty. “.
After the COVID-19 pandemic, which allowed it to stand out from its competitors, the group was able to consolidate its strategy and work better to control threats. Its e-commerce platform, developed internally (and hosted on Google Cloud, with data that remains in France and Europe), is now better sized to accommodate more visitors and/or customers.
Bots: major problem facing Intermarché and the group’s brands
“ During the pandemic, we saw Drive slots being pre-booked, and some being pre-booked by dummy accounts », testifies Fabrice Bru. The Musketeers have long suffered from these bots which create false accounts, place false baskets and reserve availability on the Point of Sale Drive. And it is difficult to prove with certainty the origin of this activity.
“ Since the group is present in France, Poland, Belgium and Portugal, we have blocked all access from IP addresses located outside these countries or their neighboring countries. To summarize: if you were not European, you did not have access to the sites », he adds.
“ Concretely, we have set up services that make it possible to detect this type of attack. We have activated antibots and reviewed our security settings. For example, if the form is completed too quickly, we suspect the activity of a bot “. This episode made the vital importance of cybersecurity concrete.
Identity theft is also a real plague for Stime and e-commerce
The group also suffered the episode of credential stuffing, forced attacks aimed at engaging in identity theft. “ It’s difficult to explain to our customers that, to do this properly, they should have a username and password for each shopping site they visit. As a result, they are trapped and have their login and password stolen, which are exploited en masse “. Stime’s cybersecurity teams have already noted peaks of 10,000, 100,000, or even 150,000 connection attempts, the majority of which are rejected. But it only takes one or two successful connections for the hackers’ strategy to work.
The hackers have a goal here: to plunder customer loyalty pots, to resell them on toxic networks. For 30 euros you will get, for example, a purchase value of 100 euros. And Fabrice Bru added: “ If other flaws are added, hackers can modify the customer’s name and/or regenerate a loyalty card, and you don’t even need to be an expert to do that! » In this case, the alert often comes from specialized companies, which come across these proposals on the dark web. Generally, and when the piracy is proven, the brands end up recrediting the loyalty card.
An entire ecosystem to secure, but to raise awareness above all
The Les Mousquetaires group is largely dependent on the good (and bad) practices of its customers. Obviously, we know them: the combination of simple password and login repeated from one site to another is often the cause. But internally, we are obviously not immune. The group may be confronted with fraud attempts directed against its members. “ Right now, a cybercriminal organization is engaging in what we call “presidential fraud,” which I call “membership fraud.” The hacker tries to pose as the member to the accountant of a store, to obtain a transfer in his favor », notes Fabrice Bru. Hence the importance of regularly raising members’ and employees’ awareness of cyber risks.
Especially since the attacks are always more credible. “ They know the member, the store very well, and are really knowledgeable. » If there is the slightest doubt, Fabrice and his teams notify the store in question, telling them what to do so as not to fall into the trap.
Finally, and this is one of the hot issues on which Fabrice Bru is working, there are the cybersecurity issues linked to interconnections with the group’s suppliers: the suppliers. “ More and more incidents originate from our suppliers, between 40 and 45%. For example, if a subcontractor who manages the robotization of a site is hacked, should we cut off all access? And if we cut them, what are the possible impacts on the group’s activity? This is an all the more important issue as members can choose their own suppliers. On this level, we can only enlighten them. »
We thus come back to this dual priority of protection-awareness, which applies as much to customers, to service providers and suppliers as to Mousquetaires employees. A very delicate mission, but for the moment, the group is not doing too badly.
7