Interview with Joël Boutet, Director of Operations at Ellisphere, on the many cybersecurity challenges facing companies today and tomorrow. What they have to face, what they have to prepare for; through the enlightening example of Ellisphere, a company specializing in business information.

What specific cybercrime challenges are you facing at Ellisphere?

By way of introduction, it should be remembered that the impact of cybercrime on businesses is critical, and can result in substantial financial losses, major business stoppages or slowdowns, reputational risks, risks to industrial or intellectual assets, and many other risks besides.

Our major challenge is, of course, to keep pace with evolving cyberthreats, which will continue to grow in number and sophistication. Especially as attacks such as ransomware, industrial espionage and targeted attacks become more complex and difficult to detect.

In the face of increasingly challenging technological environments, we need to continue detecting and resolving the vulnerabilities inherent in our evolving IT systems, and the resulting security breaches.

Maintaining and constantly developing our cybersecurity skills is a major challenge for us if we are to face up to and protect ourselves against all current and emerging threats.

Cybersecurity regulations are becoming increasingly stringent, and our partners more demanding in this area. For example, more stringent standards for data protection (personal data or sensitive classified data) mean that we need to keep abreast of these regulations to ensure that our systems are compliant and remain so in the long term.

At the same time, cybercriminals are increasingly using Artificial Intelligence (AI) to carry out more sophisticated attacks. As a result, we need to explore the use of AI and RPA to detect, prevent and counter threats. These have become strategic investments for the company.

Attacks targeting individuals, such as phishing and social engineering, will continue to grow, increasing the risk of being "tricked". We must therefore continue to invest in training and awareness-raising to reduce the risk of human error.

More generally, in our relationships with our partners (customers, suppliers), we need to work together to share information on threats and cybersecurity best practices. We also need to ensure that the interconnections between us and our partners meet the required levels of security, to avoid rebound threats: whoever is infected can infect those interconnected with them!

A concrete example of the cybersecurity challenges Ellisphere must address?

We handle very large volumes of data, sometimes containing sensitive or even confidential information. So we need to protect ourselves against any threat that could jeopardize the protection and dissemination of confidential classified data. We use robust protocols and sophisticated monitoring systems to protect this information against leaks and breaches.

What is your strategy for protecting sensitive data?

We are carrying out a wide range of actions as part of a 360° strategy, which I can't go into in detail here.

The most important thing to remember is that we need to carry out a comprehensive risk assessment, map our vulnerabilities/threats on a scale of severity, and carry out regular penetration tests to detect and correct security flaws in the order of their severity; in other words, we need to constantly monitor and reinforce the security of our internal and external networks.

It is also necessary to continue and intensify our work and exchanges with external security experts to carry out audits and obtain independent perspectives on potential vulnerabilities. This includes exploring AI-enabled devices that can improve the detection, monitoring and blocking of suspicious activity. And of course, in parallel with this, we need to keep abreast of the latest trends in IT security and the new methods used by cybercriminals, so that we can adapt our security measures accordingly.

Of course, we must regularly ensure that all our security measures comply with data protection regulations (RGPD or other regulations), and engage in effective communication with stakeholders in the event of a systems and/or data breach.

Our CISO and his team are in charge of steering these action plans and ensuring regular follow-up.

This list would be incomplete without remembering that it is essential to involve all employees in this strategy, starting with continuous awareness of cyber risks.

How do you assess the effectiveness of your cybersecurity measures?

First and foremost, we ensure that our security policies and systems comply with the relevant security standards and regulations (ISO 27001, GDPR, etc.).

We regularly review and revise our existing policies and procedures: operational procedures, relevance and response times to security incidents are constantly monitored under the governance of our CISO.

We regularly review protection and detection devices such as firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). We check their configuration and operation in line with best practices.

We regularly carry out penetration tests to identify vulnerabilities and weak points in our networks and applications. This includes automated vulnerability tests and simulated attacks from both inside and outside the company, with or without knowledge of our authentication systems.

How do you measure results?

Within a monthly dashboard, we monitor KPIs that enable us to track the performance of cybersecurity measures, such as incident detection rates, incident response and resolution times, etc. These "rolling" KPIs enable us to track trends over time, in particular to detect any deviations that need to be quickly corrected. These "rolling" KPIs enable us to monitor trends over time, in particular to detect any deviations that need to be quickly corrected.

We also regularly measure the effectiveness of our security training and awareness programs by monitoring the behavior of Ellisphere employees in the face of threats, in particular by carrying out "fake" phishing attack tests several times a year, accompanied by re-awareness campaigns.

Raising employee awareness is at the heart of our strategy. How do you go about it?

Raising awareness of the challenges of cybercrime is everyone's business, whatever their role within the company, starting with the Executive Committee, which is deeply committed to this issue.

While it may seem obvious to say that all employees have a role to play in protecting company data and systems, we need to make this obvious fact a reality in our day-to-day work.

First of all, to involve and reassure everyone, we create a climate of trust where employees feel comfortable reporting security incidents or potential errors without fear of reprisal.

We regularly educate and train our employees, highlighting common phishing techniques and teaching them to spot warning signs, such as unusual requests for information or suspicious links.

We therefore regularly encourage our employees to be vigilant, and to question anything that seems unusual, such as dubious e-mails, links and attachments.

We warn them about the dangers of oversharing personal information on social networks and other online platforms.

We encourage verification of the authenticity of websites and sources before agreeing to provide personal and/or sensitive information.

We inform employees about the risks involved in using personal devices for work, and explain the safety measures to be taken.

And much, much more!

What emerging cybersecurity trends are you following closely?

There are a lot of them! I can think of at least seven very important ones.

New technologies

Cybercriminals are increasingly using Artificial Intelligence and machine learning to automate and enhance their attacks, making them ever more sophisticated.

As a result, more and more cybersecurity solutions are integrating these technologies to detect anomalous behavior and attacks in real time.

Sophistication and evolution of attack perimeters

Attacks on critical infrastructures are on the increase. These include attacks on power grids, water supply systems and telecom networks. These attacks can cause major damage and disruption.

Ransomware and digital extortion

Ransomware attacks continue to evolve, becoming more targeted and destructive. Cybercriminals can steal sensitive data before encrypting systems, increasing the pressure to pay a ransom.

Attacks on the cloud

Cloud services, which are increasingly used, can also be the target of attacks aimed at stealing sensitive data or disrupting our operations. So we also need to consider them as potentially sensitive devices, and protect ourselves against them.

Deepfakes and information manipulation

Data and information manipulation techniques are becoming problematic. They can easily be used to create misleading information with disastrous political, economic and social consequences.

Data manipulation can also have a detrimental influence on the use of AI, whose power relies on the quality and accuracy of the data manipulated by the algorithms.

Cybersecurity regulations

Cybersecurity laws and regulations are becoming increasingly stringent and diverse. It's important to keep abreast of these developments to ensure compliance and avoid penalties.

Ongoing training

Threats are constantly evolving, so it's crucial that we continue to invest in raising awareness and training our employees in cybersecurity best practices. The sinews of war!