Despite the known precautions, each of us is still vulnerable when it comes to security. It is in our nature. A simple example: the business traveler or company member traveling by train.
Comfortably installed on his seat in front of his laptop screen, as soon as the train leaves, he is focused on the work to be done during the few hours of travel between Lorient and Paris. Equipped with his mask, perfectly executing the sanitary recommendations regarding the pandemic, using the hydro-alcoholic gel wisely, he forgets the "security" #cyber recommendations. He will not remember the phone call, important, urgent but also confidential, that he made in the bar area, between a hot coffee and two fresh croissants ...
Of course, this same traveler will have attended a morning of #awareness, where he will have been told that the man behind him at the bar listened to his conversation and even took notes. Yet, he was told that public WIFI was not the best way to go online securely. That a privacy screen attached to his computer screen does not cost that much in terms of the confidentiality of his work but preserves it a lot from the eyes of the neighbor.
No, our traveler was in a hurry and then the risk is for others ... he will never know, what he lost, anyway ... it was imperative to call ...
The evolution of the competitive and legal environment, the permanent evolution of attack modes and vulnerabilities (extraterritoriality, cyber, social media ...), make that an economic intelligence approach (#IE) emerges as the key factor in the reduction of risks, in the improvement of the knowledge of its environment and the actions of influence.
An approach that will allow companies to position themselves in a more favorable context to promote or defend their interests. Today's company must be able to evaluate the risks associated with its decisions, but also be open to the opportunities that arise and the challenges it faces.
In this changing, uncertain and unpredictable context, the priority is to transmit open information to the right person at the right time, information that will be analyzed and synthesized to become relevant and strategic, with a view to helping the decision maker. But, of course, in a strategic environment that has been protected and secured ...
Between 2016 and 2020, it is estimated that police and gendarmerie services recorded between 1580 and 1870 procedures related to ransomware attacks. The number of cyberattacks increased fourfold in 2020 (source Ministry of the Interior).
Since the beginning of the COVID crisis, we have all experimented with teleworking, appreciating the technological advances that allow for "hybrid" exchanges.
At the same time, companies have recorded an increase in cyber attacks, among which ransomware is at the top of the podium. Ransomware is evolving with each attack to become "Ransomware As A Service" (RAAS), thus broadening the spectrum of attackers, with cybercriminals no longer needing any special "technical" skills. The low level of protection and awareness among employees, combined with the widening of the attackable cyber-surface due to this new "hybrid" way of working, has made teleworkers one of the main targets of cyberattacks.
In 2021, despite the effective implementation in many entities of a cyber risk protection and an awareness of the teams (the human being must become the strong link of the security chain), the protection is still insufficiently effective. The cost, also becoming a major concern for the leaders of PME in terms of cyber protection.
It appears today as imperative to make the various employees aware of the multitude of stratagems they could be the target of, whether physical or digital. An additional precaution should be taken in the case of individuals working in small structures as subcontractors for companies in sensitive sectors, which can attract the predations of trained actors.
It would be advisable to train their strategic collaborators to certain traditional procedures (M.I.C.E/social engineering) in order to prevent as much as possible any involuntary leak.
"Today, everyone knows about economic intelligence. But the concept remains vague, especially for PME ... If we want to convince them of the interest of using EI techniques, we must put ourselves within their reach". Alain Juillet
The implementation of a specific monitoring system has become essential, to watch for the emergence of new risks (for example, in crypto-currencies), for companies of all sizes, concerned about their sustainability.
This watch must be reliable, agile, collaborative and innovative, in order to be able to set up effective protections.
If not, we risk regretting it. Have you ever said to yourself "If I had known this beforehand ... I would have taken advantage of it! Or "If I had been warned, I would not have been fooled ... I would have been more suspicious" ...
A watch that will be as much offensive as defensive ... without remaining static, adapting and evolving over time and questioning itself ... in order to reduce known risks but especially those that will impact the entity in the future. The new state of mind, will reside in the ability to pick up on weak signals, to be in motion and adapting in terms of protection, in order to force the cybercriminals to make mistakes and fail in their attempts.
Because, as General Didier TISSEYRE points out for the FIC of LILLE 2021 "Cyber attacks are multiplying and becoming more complex every year!
Of course, this monitoring approach should not be exclusively defensive.
Thus, in the Marketing/Communication department: at the dawn of 2022, with E-reputation, we no longer only monitor the image/brand but we seek to exploit the maximum potential of the information available on social media by talking about "strategic digital monitoring"...
The Sales department: with the anticipation of customers' needs, the identification of new growth relays which are an integral part of the department's toolbox.
In terms of risks: Legal, with the anticipation of regulatory changes impacting its market or through the Sapin 2 law, the obligation of compliance in terms of the fight against fraud, corruption and money laundering leading to the implementation of compliance studies for companies. In crisis management: capturing information to anticipate and defuse a crisis) and, of course, Cyber threats highlighting the RGPD and its obligation to implement protection measures on sensitive systems preventing files from being distorted or accessed by third parties (Art. 32 RGPD specifies that the protection of personal data requires taking "appropriate technical and organizational measures to ensure a level of security appropriate to the risk).
It is a matter of creating and developing a real "state of mind" integrating security in the life cycle of a project.
From the very beginning, analyze the various risks upstream. During the feasibility study, include adequate security measures and a cost estimate. During deployment, monitoring must be omnipresent as well as within incident management, particularly the question of the capacity for "Forensic" analysis (analysis of the information system (IS) after a computer attack). This integration of security within the life of the project will allow the company to properly manage its backups, scrapping or even the implementation of the business continuity plan.
This new state of mind of strategic intelligence, based on a simple and clear methodology, will involve all employees who will all feel concerned.
On the same principle, from step 1 of a #watch reflection, employees must feel involved and concerned. Depending on its size, ambitions and resources, the company will choose its specific tools (free/paid), methodology and whether or not to call on experts (coaching/training/turnkey service).
In the field of intelligence, artificial intelligence is becoming more and more a part of the daily life of the actors of the latter... Artificial Intelligence (AI), which by its computing power and its speed to link information, will free the staff from repetitive and time-consuming tasks. Artificial Intelligence (AI) will also be very useful in defensive matters to detect and alert threats. Of course, just like "DeepFake" or "DeepFake audio" used massively by attackers, artificial intelligence (AI) is already a tool for cyberattackers, especially through phishing or disinformation campaigns.
Information and disinformation are to be taken into account in a primordial way in 2022, with a form of conflict, where information plays a central role, a kind of war by information, where the States already oppose each other but in the same way as in the economic war. The entities of the territory, whatever their size, must be able to capture the "weak signals" on this theme.
It is essential that this approach be collective and participative, placing the "human being" at the center of the system, in a spirit of collective intelligence, sharing the information resulting from the watch between the different actors of the company...
"Never tell people how to do things. Just tell them what you want to achieve and they will amaze you with their ingenuity." George S. Patton.
This new mindset within teams will foster empathy and resilience. It will enable a culture of feedback and recognition to be established.
The business intelligence mindset that your employees will adopt must have the structural and managerial characteristics necessary to help detect weak signals, build prospective scenarios and anticipate current and future threats.
Very often, employees in the field are the best placed to detect "informal" information in order to initiate innovations. Being curious about what is going on in your environment is the best way to capture the famous "weak signals" that are so dear to the world of business intelligence... In addition, it will be of interest, sometimes beneficial for the entity but also for oneself.
This "strategic intelligence mindset" concerns all types of companies, PME and TPE in our region. It favors the promotion and protection of our local, regional, French and even European interests. It can be related to the following well-known principle: "If you continue to do what you have always done ... You will continue to get what you have always gotten! In order to get different results, either offensively or defensively, you must do things differently!". Therefore, you must interact with your environment and adapt to changes.
Mapping sensitive information to protect it and defining the zone of influence you want to work on is a must !!!
In terms of monitoring, I would take the example of the network of cyber threat referents of the Zonal Directorate of the Judicial Police. Within this framework, the reservists, beyond the regular training and sensitization on cyber threat issues, receive a news watch indicating the different attacks and new methods that are used. But also, each reservist in the field, in a proximity approach, can carry out his own monitoring by reporting "weak signals" from his region which will be shared between the different actors of the network in a spirit of transverse cooperation. Each entity, each company, following the example of this approach, can initiate the same thing, in defensive matters but also in the offensive or economic development field.
This highlights the importance of creating this collaborative state of mind, precious within an entity.
"Global efficiency is based on solidarity" Alain Juillet
Comments