Digital security and sovereignty
Brice Duprieu
Cybersecurity Consultant, Orange Cyberdefense
Data is as essential an asset for SMEs as it is for large organisations. Data corruption, loss or theft can severely hamper a company’s operations. Unfortunately, however, data is often transferred, processed and stored in systems that are not adequate given their strategic importance. Some businesses found that out the hard way when they were hit by WannaCry and NotPetya. Saint-Gobain estimated lost earnings to have been around €220 million in 2017. A North American group claimed $100 million in damages following a NotPetya attack but its insurance company refused to pay on the grounds that the virus was, to all intents and purposes, an act of war.
Meanwhile, companies are facing unprecedented risks in cybersecurity, including fraud, operational disruptions, hacking, and data loss or disclosure. The risks are becoming increasingly varied, as are their origins (which can range from disgruntled employees to government agencies). And these risks now also affect smaller organisations, which up until now had come under attack less often and were less reliant on IT systems.
Three pillars for trustworthy systems
As cybersecurity risks are difficult to quantify, and insurance against them are also difficult to assess. But that doesn’t make the risks any less real. Businesses need to work together to create an extensively trustworthy system. They need to provide the resources to safeguard data and long-term operations. This trust is based on three pillars: organisation, solutions and people. The first pillar involves organising cybersecurity to hold businesses accountable. The second pillar calls for effective measures to protect data and detect security-related incidents. The third and most important pillar focuses on raising awareness and holding everyone working with data accountable for its security. After all, an unreliable memory stick is sometimes all it takes to corrupt an entire system.