Cyber risks for sensitive sectors: How to protect your workspace

📑

The threats facing the workspace in sensitive sectors are numerous and sophisticated: from espionage and data theft, to attacks aimed at disrupting essential services.

Artificial intelligence also makes these attacks accessible to less advanced actors and facilitates the processing of data collected through theft or espionage operations.

How can you detect and respond to threats targeting the workspace in sensitive sectors such as essential services, aerospace, defense, healthcare, telecommunications, banking, and insurance?

Our experts provide an overview and give you the keys to effectively protect your workstations and servers against both basic and sophisticated attacks.

Threat landscape and outlook in sensitive sectors

The state of cyber threats

The cyber landscape in sensitive sectors is marked by the following phenomena:

The balkanization of the web linked to conflicts and geopolitical fragmentation and techno-nationalism – for example, certain regions of the world can see their internet access cut off (Iran, Ukraine, etc.)
The rise in attacks targeting the supply chain, shifting the target of attacks toward third-party suppliers – for example, Shai-Hulud (an intelligent computer worm that automatically sought to corrupt software dependencies)
The development of attacks using AI, marking the advent of “autonomous malware” and offensive automation, as observed with Promptflux (an attack leveraging Gemini AI to dynamically evolve malware)
Data poisoning via LLM-based tools that are particularly vulnerable – as was the case with Pravda (a campaign conducted in early 2025 by a network linked to the Russian state that flooded the internet with pro-Kremlin articles, significantly impacting popular LLMs)

The various examples mentioned refer to cyberattacks carried out successfully (from the attackers’ perspective) who are constantly seeking new vulnerabilities to exploit, while IT teams aim for continuous improvement of their security posture. It is a never-ending game of cat and mouse, with rules that evolve over time.

Cyber context: outlook for evolution

Cybercriminals, including the perpetrators of advanced attacks, are evolving their techniques by turning to new tools and new targets.

AI and cybercrime

With artificial intelligence, barriers are falling for less-advanced attackers who can easily launch automated phishing or ransomware campaigns – responding quickly becomes crucial in the face of accelerating attacks!

Data exposure and corruption

The Assume Leak model is gaining traction with a new objective: ensuring that data cannot be exploited. In other words, since the risk of data exfiltration cannot be completely avoided, if data is properly segmented and encrypted, the damage can be significantly limited.

Issues of autonomy and governance

Reliance on protection tools is growing, and the most critical assets and data are now managed and hosted by private entities that wield increasing influence over the legislative framework.

The amplification of physical impacts

Attacks have real operational consequences, capable of disrupting services, production units, or even an entire organization.

Furthermore, AI agents integrated into industrial systems represent a new entry point for attackers, blurring the IT/OT boundary. Indeed, OT machines are increasingly connected to IT, thereby expanding the attack surface of critical assets.

Focus on aerospace

In 2025, the aerospace sector experienced:

+600% in ransomware targeting its supply chain, including new targets (manufacturers, operations, communication infrastructure, maintenance, suppliers, satellites, etc.)

+118% in incidents compared to the previous year

This industry is targeted by specialized ransomware groups, and 16 countries are particularly targeted.

For example, the Scattered Spider group targets third-party suppliers in the aerospace industry, notably JAXA in 2024. The Japanese space agency suffered a major intrusion via network equipment (VPN) that led to the compromise of an Active Directory domain controller. This compromise exposed employees’ personal data, emails, and, most importantly, technical research documents shared with partners such as NASA or Toyota, forcing the agency to perform an emergency shutdown of large portions of its infrastructure.

Also worth noting for this sensitive sector: Lazarus (North Korea), which specializes in stealing intellectual property related to missiles and satellites; Fancy Bear (Russia), which sought to compromise NATO aerospace industries; TA455 (Iran), which sent promising job offers to aerospace engineers containing malicious files leading to DLL sideloading.

Given the sophistication of these attacks, companies in sensitive sectors have more advanced detection and protection solutions than those in other markets. They also face challenges unique to their industry. What are they?

Cybersecurity maturity in sensitive sectors

Workspace protection: industry challenges

Sensitive sectors such as defense, aerospace, healthcare, telecommunications, and banking and insurance handle especially sensitive data, face increasing compliance requirements (NIS 2, DORA, etc.), and rely on complex operational infrastructures with numerous interdependencies. Nevertheless, business continuity is critical.

Returning to aerospace, in 2025, Collins Aerospace was a collateral victim of a breach at an MSSP, which allowed ransomware to be deployed on the platform supporting the terminal systems at various airports (check-in, boarding passes, baggage tags, etc.). Several major airports were affected (London, Berlin, Brussels, and more), with damages estimated at over €1 billion.

In the industry, technological innovations are driving increased convergence between IT and OT, widening the attack surface, as we saw earlier.

To mitigate risks, On-Premises solutions address the unique challenges of sensitive sectors, particularly regarding sovereignty, confidentiality, and data protection… but we will see that the cloud has not yet had its final say.

Securing the workspace: the return of On-Premises

On-Premises solutions enable full control over data, limit the attack surface, and ensure compliance with certain regulations or laws that require isolated environments.

However, an On-Premises deployment requires maintaining a dedicated infrastructure, and thus in-house expertise.

If the organization’s resources and expertise do not allow for this – even small businesses can operate in a sensitive sector – the cloud can meet detection and remediation needs, particularly with secure versions that comply with standards such as SecNumCloud.

Cybersecurity: why the cloud remains relevant

Deploying cybersecurity platforms in the cloud enables simplified management, and notably allows the vendor or MSSP partner to respond more quickly in the event of an incident since they have visibility into the user’s infrastructure.

In terms of scalability, since the cloud requires no On-Premises infrastructure, expanding the scope of protection is usually faster. Furthermore, in response to the Cloud Act, cloud providers have organized themselves to offer sovereign solutions that meet the needs of sensitive sectors. They position themselves as trusted providers to address the constraints of organizations that lack the resources to manage a cybersecurity infrastructure in-house.

The challenge for sensitive sectors: customizing protection

As we have seen, companies in sensitive sectors have obligations unique to them, particularly in terms of data protection and regulatory compliance. Technical environments can be highly customized with specific configurations. More specifically, certain business teams may have specific needs regarding applications and data management specific to their operations, which they are the only ones to manage. Even within a single organization, the level of granularity can be significant.

Therefore, the deployment and configuration of security tools must be able to adapt precisely to this context, or risk providing inaccurate detection and insufficient protection.

Companies in sensitive sectors must ensure that their cybersecurity platform offers:

Custom deployment options

Integration with the existing ecosystem

Custom detection rules (e.g., binaries or executables in unusual programming languages, suspicious authentications, unusual naming conventions, etc.)

A whitelisting system (only intended uses are permitted)

HarfangLab meets these requirements, offering cloud and On-Premises deployment with the same features, numerous connectors for seamless integration with existing infrastructures, 100% open, customizable, and transparent detection rules, and a whitelist system to limit false positives and thus alert fatigue.

Despite the measures deployed by companies in sensitive sectors to protect the workspace, one of the persistent weak links remains in the supply chain. What are the risks, and how can we ensure protection against attacks targeting the Supply Chain?

Supply Chain: the eternal weak link?

In targeting entities that are potentially less mature and less well-equipped to respond to cyber threats, supply chain attacks are highly prized by threat actors. Some examples of targeted organizations:

CCleaner (cleaning software) fell victim in 2017 to a compromise of its update servers involving the insertion of a backdoor. Over 2 million copies of this compromised version were downloaded.
SolarWinds (IT monitoring) fell victim in 2019–2020 to an infiltration of its third-party update platform, with the deployment of backdoors targeting the infrastructure of government departments and agencies, affecting 18,000 customers, including over 100 critical ones. Undetected for a year, this incident marked the advent of Zero Trust.
MOVEit (file transfer) was the victim of a 0-day vulnerability exploit in 2023, affecting 2,700 organizations and resulting in the theft of 90 million pieces of personal data.
Notepad++ (text editor) suffered a compromise of its update infrastructure hosted via a third party in 2025, resulting in redirection to malicious servers and the installation of backdoors – the full scope of its impact remains unknown.
Qantas (airline) fell victim in 2025 to an intrusion on an offshore third-party platform used by customer service through a combination of smishing and social engineering – 6 million individual records were compromised.

With NIS 2, third-party service providers working with companies in sensitive sectors must also ensure optimal security against cyber risks. But since no tool is foolproof against constantly evolving attack techniques, good cybersecurity hygiene and best practices are essential. Here are some expert tips.

Areas for improvement regarding the risks posed by the Supply Chain

Assessments: audit your suppliers, conduct SBOM inventories, and validate your compliance with applicable laws and regulations
Design: implement a Zero Trust approach, strengthen your security policies, and ensure the integrity of your data
Deployments: plan for thorough testing phases, phased rollouts, and a business continuity plan
Operations: equip yourself with tools to secure your workspace through monitoring and continuous improvement of your security posture

The challenge: better data protection

Fragmentation is one of the challenges organizations in sensitive sectors may face with a proliferation of tools and processes, an extended supply chain, multiple assets with varying levels of criticality, heterogeneous environments, etc.

A unified security platform is essential for better governance and better control of cyber risks. And beyond tools, best practices – which players in sensitive sectors have already well established – remain essential: segmentation by criticality, hybrid architectures based on needs and the criticality of the assets and data to be protected, reduction of the attack surface, security processes, and forth.

In short, active and passive security are crucial.

Sensitive sectors, spearheading the cyber response

Beyond industrial and business challenges, in a global climate marked by geopolitical conflicts, cybersecurity is an integral part of the defense arsenal of sensitive and critical organizations. These are targets because of the value of their data and the potential impact of attacks, but also because their attack surface is particularly extensive.

IT security is just as important as physical security in a context where sensitive sectors and their third-party suppliers are targeted more than ever by threat actors.

Defense, aerospace, healthcare, banking and insurance, telecommunications, and all other sensitive sectors have a major role to play in protecting workspaces.

And for your company, what tools can you use to effectively protect your workspace?
Discover how to unify your cybersecurity shield: