FIC2016: about a vision for cybersecurity in Europe
The International Cybersecurity Forum (FIC) that took place in January 2016 in Lille, aimed at promoting a pan-European vision of cybersecurity as well as strengthening the digital ecosystem to fight against cybercrime.
Digital transformation is in constant evolution and is profoundly changing our lifestyles and organizations. This digital ecosystem requires greater reliability and security in order to create the trust that is essential for developing new uses.
Cyberattacks on the rise
Cyberattacks are one of the biggest threats of the 21st century: weapons have changed from firearms to malware. McKinsey estimates that risk alone undermines trust and confidence in the digital economy, reducing its potential value by as much as $3 billion by 2020.
Cyberspace is expanding rapidly and at the same time the attacks are more and more sophisticated. Security becomes a major stake for business customers. According to the UK minister who spoke at FIC2016, 90% of big companies and 74% of small and medium enterprises experienced a cyber-attack in 2015. OpinionWay also found in its survey on cybersecurity awareness in major companies, that 82% of top management is aware of their company’s risk exposure and 45% think that an efficient cybersecurity policy can contribute to safety and dissuade cyberattacks.
Despite this increasing awareness, the situation can rapidly change. There are faster attacks, more far-reaching vulnerabilities, more files held for ransom and far more malicious code. Furthermore, as we see a shift from fixed to mobile communications, we can observe a significant growth in mobile malware.
Many people associate cyber threats only with PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec found that 17% of all Android apps (nearly one million in total) were actually malware in disguise.
The constant growth in mobile threats also raises concerns around security related to the Internet of Things (IoT), with attacks against Point of Sales systems, ATMs, and home routers, but also potentially cars, medical equipment and the billions of sensors and other types of devices where datas are aggregated for analytical purposes. Risks are exacerbated by the use of smartphones as a point of control for IoT devices.
No one is really safe on-line. In a Norton survey, one in four users admitted not knowing what they agreed to give access to on their phone when downloading an app (68 % were also willing to trade their privacy for nothing more than a free app). Almost no company, whether large or small, is immune. Cybersecurity should be a requirement for all individuals, businesses and governments, as most may be reluctant to face the costs of security. Because basic best practices such as blocking executable files and screen saver email attachments are not commonly adopted, the whole digital economy can be at risk.
Network supervision can significantly contribute to the protection against cyber threats
Orange employs over 1,000 security experts and can leverage over 30 years of experience in managing critical networks. As a connectivity provider, we believe that we can play a particular role in contributing to cybersecurity and in ensuring the cyber defense of our customers and their assets.
Because we operate infrastructure and need to optimize it in order to provide the best quality of service, we constantly monitor our networks as well as data traffic and prevent network congestion through predicting travel patterns (big social gatherings, rush hours) and anticipating availability problems. Thanks to this differentiating asset, we have a unique expertise on network events and an unparalleled knowledge on users’ traffic patterns (normal and abnormal). Through network supervision, Orange can detect a potential problem even before an end-user is aware of being affected by it. According to PwC’s Global State of Information Security Survey, in 2015, telecom companies reported a 45% rise in detected information security incidents over the year before. Telecoms are addressing escalating cyber-risks by implementing technologies such as cloud-based cybersecurity, Big Data analytics and advanced authentication.
Because needs in this area are booming, Orange also set up its own organization, called Orange Cyber defense, which is responsible for network security for our enterprise customers. There are 6 Orange Security Operations Centers (2 in France, 1 in Belgium, 1 in India, 1 in Mauritius and 1 in Egypt) that survey and react to incidents 24/7/365. These are supplemented by an epidemiology lab in Rennes, which gathers expertise and analyses cyber threats.
Furthermore, Orange serves as a service integrator through cooperation with leading companies in this field, in order to bring state-of–the-art protection to its customers. For example, the partnership between Orange Cyber Defense and Atos signed in 2015 will allow distributing Hoox, the most secure smartphone on the market, for Europe, the Middle East and Africa. Orange Cyber defense also signed a partnership agreement with Morpho (Safran) a leading security firm to market Morpho’s security and digital trust solutions, drawing on Morpho’s recognised expertise in biometrics.
On its own, Orange developed ‘Helios’ a service allowing us to model and predict the behavior of populations, individuals or machines (e.g. database servers) allowing us to identify deviant behavior. Thanks to Helios, we can prevent infected databases from trying to get on the Internet with FTP or email and thus stop the spread of identified malware. This innovative solution can be customized to the needs of a given industry.
A Call for action at the European level
Digital technologies and the Internet are the backbone of our society and economy; they are key enablers of prosperity and freedom. Network and information systems can be affected by incidents (human mistakes, natural events, technical failures or malicious attacks) that are becoming bigger, more frequent and more complex. Securing network and information systems in the EU are essential to ensuring prosperity and to keep the online economy running. With cyber threats not respecting borders, action at the European-level is crucial. We need European coordination and a more proactive policy to set up a coherent pan-European framework and favour a market in which security products are affordable, of high quality, and in which best practices are adopted by default.