Cybersecurity: my precious, my data!

The data of businesses, public institutions or individuals represent a goldmine, attracting the attention of hackers. Orange, a trusted operator for its customers, is setting up dedicated research teams covering the various aspects of cybersecurity to ensure the integrity of our future digital identity.

Data in hackers' sights

“Over the last 10 years, hackers' skills have progressed and the security flaws identified have multiplied, which has led to a surge in the number of cyberattacks”, explains Adam Ouorou, a researcher at Orange Labs. “The need to secure networks, through technical resources and training, has never been as strong”.

Hackers are tending to refine their techniques because they have identified a target with real value: the data hosted in organisations' information systems. From contact details for customers of businesses to banking information and state secrets, everything has become data. Although this information is virtual, it has real value for cybercriminals. Particularly in spaces like the deep web, where the guarantee of a certain anonymity allows hackers to carry out illegal activities.

And there are growing numbers of windows for penetration by cyber attackers: our increasingly connected world has an incredible range of devices and networks, with variable levels of security. The other vulnerability is human: each individual operating on a system can represent a potential source of vulnerability.

Cybersecurity: a technical issue...

To secure both consumer and industrial digital uses, Orange is involved in research activities to improve cybersecurity. This is focusing on several levels:

  • identifying and understanding the various types of threats,
  • designing technical solutions to protect information systems, such as intrusion detection and blocking,
  • developing dedicated arrangements and methodologies to be launched in the event of a cyberattack.

The areas of research covered by Orange's teams include connected devices. A key question of concern for them is: how can digital trust be guaranteed when there are so many sensors, which are not always sufficiently secured, and they offer new forms of access to networks? Today, research is looking into setting up joint security and interconnection systems. “Our research priorities include setting up 'by design' security strategies”, reveals Adam Ouorou. They are based on introducing security very early upstream, from the product's design stage.

Big Data and Artificial Intelligence represent a leap forward for digital life and will radically transform numerous industries and services. “The research underway on these technologies is looking at their benefits in terms of IT security, as well as their need for human supervision, because they can be deceived”, notes Adam Ouorou.

Adam Ouorou, Orange Labs researcher.
Our cybersecurity research priorities include setting up 'by design' security strategies.
Adam Ouorou, Orange Labs researcher.

While all business sectors are concerned, some of them represent preferred targets. “We are very involved in issues relating to data protection for the banking sector”, confirms Adam Ouorou. “This sector is one of the most widely affected by malicious acts: system attacks, ransomware, phishing, etc.”.

…but not just technical!

“The challenge is not only technical, it is also human”, explains Adam Ouorou. “It concerns the capacity to raise awareness and train individuals on digital security best practices”. In both personal and professional environments. In fact, some good practices need to be adopted to ensure total security when using digital tools: this is what is known as “IT hygiene”.

Lastly, cybersecurity research sometimes combines technical, human, political and legal aspects. The issue of data sovereignty clearly illustrates this: when a business outsources certain tasks, such as cloud storage, this raises issues in terms of legal liability in the event of a flaw in the system. Orange's research teams are already working in this area.

Find out more about cybersecurity