Telindus won the IT Security Provider of the Year Award at the IT One Gala last December in Mondorf-les-bains. The jury rewarded its comprehensive approach to cybersecurity which relies on four pillars: "Define the security strategy", "Secure the business", "Monitor and validate the security", "Communicate and foster awareness”. We met the company to know more about their vision of the sector in Luxembourg and understand why Cybersecurity is, according to them, not only a question of investment.
How important has cybersecurity become for companies, especially in Luxembourg?
Successful digital transformation of companies cannot be performed without considering cybersecurity as the core of the critical success path: impossible to digitalise business activities without considering the protection of one’s own and customers’ data.
Some attacks like ransomware have a real impact on the operations and business activities but also on the reputation of targeted companies. Hence, since several years, cybersecurity has become the main concern for most companies, especially in Luxembourg.
- Estonia has decided to open the world’s first data embassy in Luxembourg, which should become operational at the beginning of 2018 ;
- Last January 11th, the European Commission proposed setting up the headquarters of the EuroHPC in the grand duchy ;
- Luxembourg is also a precursor with the electronic archiving bill, which recognises probative value of electronic copies of documents.
These announcements, among many others, confirm Luxembourg’s vision and weight on the European and worldwide digital map.
As the financial sector plays an important role in the Luxembourg economy, sensitive and confidential data must be protected, therefore cybersecurity is critical to foster trust. Luxembourg’s Fintech market is well developed and continues to grow, Regtech area is increasing thanks to the long regulation experience in Luxembourg. Luxembourg’s cybersecurity ecosystem is very strong, established since 15 years already and still one of the most active in Europe.
The maturity level increases as cybersecurity is no longer a topic for geeks. There is a change of paradigm, meaning that information security and cybersecurity are now considered corporate risks and therefore tackled at Board of Directors level along with financial, reputation of operational risks.
A recent insurance study reveals Cyber incidents (e.g. cybercrime, IT failure, data breaches) are the second most important business risks in 2018, ranked second just below Business interruption (incl. supply chain disruption), but far above Natural catastrophes (e.g. storms, floods, earthquakes). Source: Allianz Risk Barometer 2018
By combining all of above, the success of the digital transformation companies in Luxembourg is closely linked to the cybersecurity consideration. With all its assets, Luxembourg is right to have the ambition to be one, if not the first, of the European leader countries in the cybersecurity field.
What are your best pieces of advice for CIOs when it comes to cybersecurity?
Remember that it’s not only a question of investment. Strategy, flexibility and awareness of staff are fundamental points of the cybersecurity defence.
We can quote the Security & Risk Management takeaways provided by Éric Mansuy, Group CIO - Chief Information Officer - at KBL European Private Bankers, at the round-table organised during the conference before the ITone awards ceremony: “consciousness, vigilance, preparation, monitoring, detection, maintenance of systems, vulnerability management, patching and be prepared to respond in case of attack”.
We fully agree with this, and, would like to add three aspects:
- Risk management to be levered by efficiently managing and allocating your resources where they will be the most efficient while preventing to spend time and money on activities that are not efficient enough to securely reach your business objectives ;
- The required change of mind-set that aims to consider the cybersecurity from the very beginning of every project. Considering Security-by-Design and Security-by-Default always guarantees a positive return over investment ;
- Finally, take advantage of the most efficient security measures you can have: your staff. Train your staff. Educate your staff. Increase your staff’s awareness. They are your last and your best resort when it comes to cybersecurity.
What are the main security trends to keep a close on eye in the months to come?
There are many cybersecurity solutions that protect organizations from advanced threats and attacks on the market. To protect a company you must have a complete security infrastructure. But now most companies start to be connected to cloud solutions in order to have more flexibility. Cybersecurity solutions need to adapt protection and detection for this new attack vector.
At the end of 2017 it would have been easy to answer: data leaks, 0-days attacks, evolution of ransomware, improving of phishing attacks, espionage, consequences of malicious exploitation of IoT (Internet-of-Things), protection benefits from new technologies such as AI (Artificial Intelligence) and Learning-Machine, and obviously privacy and data protection with the upcoming application of GDPR and the NIS Directive in May.
2018 started with reports on microprocessors weaknesses with the so-called Meltdown and Spectre attacks. It is important to leverage these weaknesses to recall the required necessity of security-by-design in every device.
This confirms vulnerabilities are not only on the software level but can also touch hardware and the kind of equipment that is to be found in computers and smartphones, but also in your car, your tv… The first vulnerabilities of 2018 show hardware component of computers such as processors would be the next playfield of attacker. As these components are the heart of every system, consequences in terms of confidentiality and integrity of data could be terrible. As from now, we’ll have to expect new vulnerabilities, as it is proven there are weaknesses in this area too and more and more security researchers will increase in skills by checking these areas.
Finally, it reminds us that in cybersecurity we are all interdependent and therefore cybersecurity is everyone’s concern.
Crédit photo : Dominique Gaul
Publié le 12 mars 2018