Cybersecurity, an essential business challenge

At a time when most companies are accelerating their digital transformation, detecting and responding to cyberthreats is becoming a major challenge. Here is an interview with Théodore-Michel Vrangos, co-founder and CEO of TRACING Group, a French cybersecurity services firm.

There has been a resurgence in cyberattacks over the past several years. What’s causing it?

One of the main causes is the shift in digital technology that we are seeing in all economic sectors. Covid lockdowns obviously acted as a catalyst in furthering this trend, particularly as remote-working became more widespread. Inevitably, the digital activities of companies and of users more generally has greatly expanded the range of potential points of attack and, hence, of possible entry points for hackers.

Companies used to have their own secured-access datacentres to host their apps and strategic data. This is no longer the case. Data are now outsourced, and the cloud, an interface between the traditional company and the virtual world, has eliminated this physical dimension, opening up accessibility in mobility to all IT systems. Core-business applications like Salesforce and Office365 are also hosted in the cloud.

This digital migration is therefore being driven by a strong drive towards openness, by making ever more information accessible to users, including banking, personal, medical and other data. Inevitably, these new uses create vulnerabilities – vulnerabilities that are promptly exploited. Accordingly, companies are becoming more and more aware of disruptions to their information systems.

In simple terms, how do these threats unfold?

In most cases, users are involved in the attack chain and are the main entry point for intrusions into companies’ IT systems. So, it is essential to train employees and raise their awareness of these threats and of the risks that they incur.

When browsing on a website, clicking on a link or opening an email attachment, they may be downloading a malware, which could potentially collect, destroy or exploit data or block access to equipment. Ransomware is the most common type of attack. It blocks access to data, offering to restore access in exchange for a monetary payment. However, companies shouldn’t give in to blackmail, and they should have back-ups updated and tested regularly. Otherwise, they often take a double hit – loss of activity and payment without recovering data.

And how is the cybersecurity market trending?

This is a fast-growing market that has made a huge leap in the past five years. Digitalisation and the resurgence in hacks mean that companies must set up adequate mechanisms to provide a sufficient level of security to protect their information systems and their users. Nowadays, large and mid-sized companies allocate between 10% and 15% of their IT budget to cybersecurity and are expanding their cybersecurity staff. This is a lot but not nearly as much as the costs that could be incurred by a cyberattack. Ultimately, companies have become aware that this is a true matter of survival.

 How can we integrate cybersecurity into companies’ strategies?

It is essential to identify the risks involved, to coordinate overall coverage, and to monitor constantly against new threats. There are two main categories of external providers for doing so – publishers and makers of solutions that design software and protection tools, and the engineering companies that deploy these solutions and adapt them to the company’s individual context, apps, customers, and users.

But rolling out these solutions is not enough. IT systems are living things that are constantly evolving and must therefore be adapted constantly to keep them in operating shape. It is also crucial to be alert to what are called weak signals, i.e., suspicious traces, such as a series of small incidents that are abnormal but benign, for example, repeated attempts to connect with an app, a user’s simultaneous connection from two physically different places (office and home office, for example), and so on. By analysing, interpreting, and comparing them to sources of attacks and behaviours that have already been identified worldwide, we are able to detect potential threats. If need be, we can block them and isolate them in order to limit the attack to a particular zone so that it cannot spread throughout an information system. Companies must therefore adjust now to this state of readiness.

What will hacking look like tomorrow?

Today’s threats are more sophisticated than they were five or 10 years ago. From where I stand, we will certainly see more and more attacks via smartphones, as well as attacks targeting people’s personal space. For example, a businessman may be targeted through his children via social media such as Instagram, Facebook and Snapchat. They are often connected to these networks through easily identified email accounts and, once their accounts are hacked, lots of personal information like photos can be retrieved. After that, it’s business as usual – the hacker will demand a ransom in exchange for not divulging this information. We are seeing this type of approach more and more.

Another type of threat that we’re seeing more and more are attacks against large groups via their subcontractors, suppliers or attorneys, for example. In this case, smaller companies are targeted at their n-1 or n-2 levels, which are used as springboards to their ultimate targets. These companies invest far less in cybersecurity. Real-world examples have occurred in France and elsewhere in Europe in recent years, including a highly publicised case of a level 1 high-tech supplier of a major European aerospace company.