Hyperconnection or the need to develop a security culture
In the Internet-everywhere era, individuals and machines are permanently connected and their communications are multiplying. This hyperconnectivity creates new vulnerabilities that must be taken into account. Nicolas Arpagian, Strategy & Public Affairs Director at Orange Cyberdefense, gave an update on this issue at the recent International Cybersecurity (FIC 2018).
How is this hyperconnectivity affecting businesses and countries?
Nicolas Arpagian: This growing interconnectivity has resulted in the “extended enterprise”: a company that opens part of its IT system to its partners (suppliers, customers or service providers). This marks the end of what is called “perimeter security”. Previously, an organisation’s IT was a bit like a castle with a well-defined boundary, narrow openings and a single access via a drawbridge that was permanently protected. In short, an easy place to defend. Conversely, with this growing interconnectivity, an IT system is now more like an airport: with different types of people, luggage and freight all circulating. So the challenge becomes how to secure an information system that’s evolved beyond recognition! This concerns businesses, local authorities and even households, which sometimes have more users and connected devices than a small business.
What is cyber-resilience?
N. A.: Cyber-resilience is an organisation’s ability to return to normal after an attack or intrusion. Growing interconnectivity is a source of risk. For example, in 2017 the Wannacry ransomware did not target France. However, it paralysed French websites that belonged to French companies operating factories in Slovenia or Ukraine – places that were affected. It’s therefore impossible to defend against all attacks: some can’t be prevented. In light of this, a company or administration has to establish a detailed IT map and think about which users have what rights according to their job function. The sooner an intrusion is detected; the better the company or community can contain its IT and prevent the virus from spreading. At the same time, organisations need recovery tools to distribute safe data after an incident.
How can a business or country protect itself?
N.A.: The first question is: “what should we protect?” Each organisation needs to think about its core business and essential assets. They should also be aware that the value of any given data might vary according to the period and context. For example topics covered in a future exam no longer need to be protected once the exam is completed. Then, they have to proportion the constraints according to the value of the data. Security is often about constraints: organisational, access, financial etc.
How do you change behaviours and practices to meet this new era of hyperconnection?
N.A.: It starts with education! Every smartphone or computer user must understand that his actions have consequences: clicking, downloading, inserting a USB key … it’s also necessary to measure social media conversations: employees can unintentionally give away information about their devices or connectivity to a potential hacker. It’s therefore necessary to create an entire culture around security and never believe that you’re risk free.
International Cybersecurity Forum 2018: how Orange Cyberdefense is responding
The 10th edition of the International Cybersecurity Forum (FIC), of which Orange is a partner, takes place on 23 and 24 January 2018. Held in Lille (France), this European event brings together key industry players including security experts, risk management specialists, architects and developers, and lawyers. This year’s theme is hyperconnection and resilience.
Experts from Orange Cyberdefense, the Group’s cyber security business line for enterprises and administrations, including Thomas Fillaud, Industrial Partnerships Director, and Nicolas Arpagian, Strategy & Public Affairs Director, will be taking part in a roundtable on resilience and cyberspace.
Find out more about FIC 2018: https://www.forum-fic.com/