Wednesday the 15th of June at Viva Technology, Olivier Nautet – Group Chief Information Security Officer and Head of Security Fraud at BNPP and Zeina Zakhour – CTO Digital Security at Atos took the floor alongside Jeniffer Schenker Founder and Editor-in-Chief at The Innovator to discuss the subject of cybersecurity and the cost of unpreparedness. They took the floor in turn to talk about the importance of securing a company’s digital, industrial and corporate systems and the repercussions of being unprepared for those eventualities.
What do we know about Cyber Attack?
The number are clear, according to Cyber Security Venture, global crime cost are going to grow from 50% per years over the next few years reaching US$10.5 trillion US dollars anualy by 2025.
This drastic increase is due to the frightening growth of organized crime hacking, organized criminal gangs, as well as organized crime sponsored by hostile nation states. The cost of the damage caused by these “attacks” include lots of damages :
- Distraction of data
- Fraud or stolen money
- Loss of productivity
- Theft of intellectual property, personal and financial data,
- Post attack disruption to the normal coast of business & forensic investigation
- Restoration and deletion of hacked data and system and reputational harm.
it is no wonder why this is on the top of the agenda for nearly every CEO. – Jeniffer Schenker – interviewer
Cyber issues according to Ukraine and tension between Europe and Russia, what is the situation of BNPP & ATOS
Following the invasion of Ukraine, many companies have been victims of cyber attacks. However, national infrastructure like energies have been targeted to malware few years ago, leading Ukraine to get ready for further attacks. Even thought the country have been targeted to cyber attacks, they have been able to identify malwares for those attack to be less impactful.
Now a day Cyberwar is clearly part of todays War. According to Atos and BNPP when a compagnie is targeted to cyber attack his partner and environment could be impacted too. Today they have not notify any specific impact but they are worried of collateral damages.
Is it enough to protect your own company? What about the supply chain?
Even if you the due diligence of an organisation have been secured in the most precise way possible. They will always be things you can’t 100% control. For example, third parties are usually a part of the chain that you cannot control.
Lots of government institution have provided guidance about how do you secure a supply chain – Zeina Zakhour – CTO Digital Security at Atos
In the contexte of Viva technology, most of the compagnies are leading organisation or Starts-up providing digital products and services. In the main conception of their service and product, founders and designer should always remember to include security by design, to ensure a long living life for your product or service but above all to their compagnies. This matter should never be an after thought when compagnies decide to develop a products. They also have to think about how secure they are, considering the best practices they are implementing. Getting ready is the best way to minimise the collateral damage of cyberattacks.
As a matter of fact, European government is currently working on cyber security app which will come up in the coming months specifically targeted on: how to secure digital product and services by design?
It’s important for us that everyone, as soon as they’ve got our data, need to make sure that everything is correctly secured to insure the security and confidentiality of our data. Even when it’s outside of our primacies. Everyone needs to be includes in the whole chaine because the weakest link will be at the end the biggest problem for you. – Olivier Nautet – Group Chief Information Security Officer and Head of Security Fraud at BNP
Is Artificial Intelligence (AI) serving for or against security by design?
AI is a true help in detecting the “small noises” hidden in the huge amont of data compagnies are managing all day long. It alert potential attacks or intrusion in general and help compagnies to be prepared for intrusion. In terme of security the better way to think is always:
- How fast do you detect
- How fast do you react
Artificial Intelligence can be use for different purposes : marketing and customer experience or even to predict maintenance for instance. The only remaining questions should always be :
Why are you using this data and is it secured by design?
In the bank industry, AI is generally use to manage data. In termes of fraud concernes, manual process takes hours to days to detect problems. People are able to take them in charge only afterward. With AI instant, decision could be taken thanks to machine learning with dedicated patents.
With machine learning we also have to insure that the bad guys don’t exactly understand what we are doing. – Olivier Nautet
Facial or vocal recognition are tools used by the bad guys to fake identity. in that precise case, AI seems to be the best option to fight against it too. To insured the security of your process and your automation, AI auditability should also be your priority. Auditability will help you to remains aware of any flaws in the system.
What is the best way to protect your company?
They are different process a company should follow. The first step, is to identify the risk: companies can’t protect what they can’t see. They need to identify their critical assets and the cyber risk that falls on those asset. This is a key step.
If we took the question from another angle, founders and designer could also wonder “is my company able to reconstruct something or to deliver the business even though it is suffering from an attack ? “ in this concerns their principal matters should always be :
How can I make sure that in all those versions of my product I remain in the same level of security. That is something we need to properly monitor, in addition to detection and reacting, as fast as possible. You cannot control everything when we talk about cyber security but, you need to be ready to be able to detect and react as fast as possible. Because, when you are ready you can at least limitate the impact and you can react fast enough. – Zeina Zakhour
How banks position themselves to face fraud?
From a cyber perspective, banks are not competitors but considers themselves in the same level. They are dealing with the same actors and attackers. They are well aware that IBAN are reused a lot and today they know that they need to fight all together against them to become stronger. They need to communicate about cyber attacks to all their clients and make sure they have a global communication to them about fraud.
CyberSecurity: What companies needs to keep in mind ?
Today it’s not a question of “are you gonna be attack“ we talk more about , “when are you gonna be attack”, so be prepared. – Jeniffer Schenker
Don’t consider security as a cost but consider security as an investment that create value for you. This global trust is what your customer are looking for and that is what is going to grow you business. – Zeina Zakhour