• Posts
  • Cyber-risk - A problem of business, not technology

Cyber-risk — A problem of business, not technology

The figures are eloquent: at global level, more than 400,000 machines, in some 100,000 companies in over 150 countries were affected by the Wannacry virus in 2017, at a cost of four billion dollars.

In France alone, roughly 80% of companies experienced at least one cyber attack in 2017, according to “State of the Threat linked to Digital in 2018” by the French Ministry of the Interior. Ransomware takes first place (73% of attacks), and viral attacks and data theft come equal second (30%).

It is as serious subject, and very serious organisations have become involved. With reports, studies, training programmes, specialist companies and new innovations in AI, cyber security is a well-covered terrain.

From consciousness to efficiency

The problem is that those who talk the least about it are likely to be the ones who suffer most. When it comes to cyber security, the language is most often a matter for specialists. It is an expert language with concepts that are changing fast and approaches that are sometimes obscure.

The vocabulary of cyber security is growing all the time: DDoS, Trojan, APTs, RATs, botnets, malware, ransomware, wiper, defacing, phishing, spoofing and more.

Regrettably, cyberspeak is not within everyone’s grasp.

This is contributing to a further widening of the considerable gaps in maturity between the most advanced sectors (because they are subject to regulatory constraints, e.g. banks, insurance, telecoms) and the least digitalised sectors (mining industries, construction), between large groups and SMEs. By the admission of experts, a higher level of skill for all would be an assurance of greater resilience, which will be to everyone’s benefit.

And even in the most advanced organisations, there is sometimes a distance from consciousness to knowledge, and from knowledge to efficiency. As Guillaume Rablat, a specialist in the sector whose teams of experts support ETI and major groups in this area, points out, “companies that haven’t had problems sometimes have blind, misleading trust in the arrangements they have put in place. Time passes, no attack comes, and you’re sure you’ve taken the right steps. But you can be attacked without being a target. The question is not knowing whether you’re going to be attacked but when, and whether you’re well prepared for it.”