“At some point, everyone will be affected by a cyber-attack”

Cyber-attacks keep exploding, and so is their incidence rate. Hence the importance for businesses to be aware of the potential cyber-risks, and then adopt a well-defined and effective cybersecurity strategy. Cédric Mauny, Head of Cybersecurity Services at Telindus, shares his expertise on the cybersecurity threats so as to provide essential keys to preserve your business - and your customers.

 Considering your experience and the current global context, what are the main challenges that companies are facing in terms of cybersecurity?

Today, digitalization is the main challenge and our dependence on it:  an opportunity, for sure, a source of risk, certainly! In the current globalized context, there is this concern about our dependence and interdependence. This aspect needs to be considered more than ever so as to perpetuate the activities of everyone, starting with the dependence on its subcontractors. No single company can ensure full control of the whole value chain. When subcontractors are troubled, the question is whether client companies will be able to keep providing services and producing goods with the usual quality level without major consequences for their value chain, of which we are a part. Not to mention the risk of loss of visibility and responsiveness, for which an overview of all the actors having access to the different resources is required to ensure control. 

At last, it is essential to consider the systemic effect of cyber-attacks on entire business sectors. Today, we are specifically talking about threats regarding the energy sector, and the risk of an industrialization of attacks on other entire sectors of the economy.   

Are companies in Luxembourg sufficiently well-equipped to deal with potential threats? 

Dealing with threats starts with being aware of these threats. For instance, when you are in a car, you wear your seatbelt because you are aware of the risks and consequences of a potential accident, not to avoid a fine. Some safety functions are now present by default, others are available to improve one's protection, according to one's taste for danger and means.

It is the same thing with companies where we now notice an awareness from top management to operational teams. The government is also taking note of the importance of the subject as the National Strategy has been recently amended with new services and ambitions.

To help improve the level of security, it is everyone's responsibility to communicate with their peers and within trusted groups and share best practices to enable the whole ecosystem to gain maturity.

What steps should be taken to implement an effective cybersecurity strategy?

A cybersecurity strategy needs to be communicated and especially understood. Bearing this in mind, it must establish a link between threats, risks and the business. Its main objective should be to protect the company by providing the best conditions for a quick reaction to ensure a return to normal business activities as soon as possible.

For companies, it is therefore essential to:

- Know the resources to be protected: make choices and identify the activities, zones and information to be protected first and foremost through risk analyses and business impact analyses
- Reduce the attack surface: expose only what is strictly necessary for the business in order to hinder the opportunities for attackers and raise awareness among all personnel by explaining how to identify threats and/or by updating the system, for example
- Improve their detection capacity: centralize, analyze and detect weak signals, precursors of attacks, thanks to a Security Operations Center. Collaborating with experts in this field allows you to benefit from their global view and to keep an active watch on new threats and attack patterns
- React quickly and effectively: contain the spread of an attack, eradicate the weakness(es) exploited by the attackers and restore information systems to working order... and this, in complete security and with prepared and trained teams.

What role do you think cloud computing solutions play in cybersecurity? 

Let’s remember that cloud computing does not necessarily go with by-default or even by-design when it comes to either "security" or "privacy". A company relying on the cloud does not inherit all the security levels that may exist or even be offered, but "only" those to which are subject to initial contract. Also, an important mindset to remember is that "trust does not exclude control". Cloud computing represents a tremendous opportunity in cybersecurity, presenting features that few companies could have available in-house. The downside though is that you have to ask yourself the right questions, accept to be accompanied by professionals, ask for the necessary guarantees and ensure that these guarantees are instantiated according to your needs and especially your risks... which you must know beforehand!

IT experts claim that most cyber-attacks can be anticipated, or even avoided. How can companies ensure the best prevention?

While regular updates and good design can help prevent systems from some vulnerabilities, it is important to be prepared for such, to be aware of the best practices to adopt and to be proactive. Better safe than sorry, but we must not forget that we are all vulnerable, including the most alerted and expert. We can sometimes be victims of a cyber-attack ourselves and contribute to its propagation without even realizing it. 

So, wouldn't the next step be prediction? It is now required to be able to identify patterns such as behaviours - driving potential maliciousness - that is taking place without even noticing. Sometimes we are limited to detecting known and documented behaviours, but we can succeed in anticipating them by setting traps in the right place to provoke or even trick the attacker and catch him in the act. This can for instance be achieved through network simulations: artificial intelligence is the tool to improve attack detection mechanisms by providing this prediction mechanism as an additional asset.

Let's not forget that this is a race against time with one certainty: at some point, everyone will be affected by a cyber-attack. In such a situation, how can you best optimize your chances of survival by reducing the time between compromise, detection and response? Detecting a compromise before it happens may be the next step in your security strategy.