The security market has known in recent years revelations. Although they were widely known by insiders, it confirms that attacks are no longer those of pirates, they come from foreign powers, government agencies, or private companies. The consequences are important and we realize, perhaps a bit late, that the defense of the information heritage is a major issue.
Many contracts have been lost due to massive espionage and many technologies are now being copied. In France the notion of OIV (Agency of Vital Importance) shows that our infrastructures must be protected thanks to a renewed and coordinated effort by all actors concerned.
More than ever, business digitization is accelerating. It translates into:
- A significant dematerialization of information systems to the cloud,
- An explosion of the Internet of Things (IoT) in an increasingly interconnected world (accessible from everywhere via mobility with smartphones, tablets …),
- An accumulation of data from users (Big Data).
In this context, there are more and more examples of cyberattacks related to digital transformation. Indeed, the risks of security breaches are constantly increasing, leading companies to rethink their approach to cybersecurity.
According to the 2019 edition of the Deloitte Cybersecurity Barometer, 2 out of 3 companies report their security indicators to the Executive Committee on a quarterly basis. However, only a quarter of them have a security organization that reports directly to the same committee, and only a third believe that their cybersecurity strategy is adequate to meet the needs of the business lines.
In the majority of the companies surveyed, little is done to encourage collaboration between the security department and the trades : only 13% of organizations include representatives of the business line in their cybersecurity structure. This separation does not contribute to a better consideration of the issues.
The security of operational systems is clearly the main issue at the moment. Problem, 75% of respondents feel they do not have the resources and skills to take care of it.
Innovative technologies such as Blockchain, Internet of Things (IoT) or Artificial Intelligence (AI) are also a source of concern for companies. 32% of respondents consider that their organization’s security strategy is inadequate for the development and marketing of connected objects. Regarding AI, cybersecurity is at the top of the list of concerns, cited by 51% of companies.
But despite all the technological investments in cybersecurity, educating staff and creating a culture of corporate security is very important to prevent cyber attacks. Staff members are often the weakest link in a company’s security.