Insights.

Discover cybersecurity stories you've never heard before. From ransomware threat to data analytics with organisational insights, this is where cyber enhances business.

Science shows that the method that almost all companies adopt to solve 70% of cybersecurity problems is NOT the right one.

Science shows that the method that almost all companies adopt to solve 70% of cybersecurity problems is NOT the right one.

This should concern us. But rest assured: nothing will change. Because this isn't cryptography or any other sexy topic in the field (EDR, blockchain security, crypto post-quantum, you name it). The cybersecurity market has already chosen a completely different direction. What is it about? Researchers at the Swiss Federal Institute of Technology Zurich (ETHZ) have just demonstrated that phishing test practices, those commonly found in companies, are the exact opposite of what should be done…

The widest mobilization is the only viable and sustainable lever to counter cyberattacks

The widest mobilization is the only viable and sustainable lever to counter cyberattacks

Our collective vision of cyber, as much among non-specialists as among experts and leaders, needs to be re-examined in depth. To maximize the effectiveness of our individual interventions and our collective protection. Because the attackers' ecosystem is evolving much faster than the defenders'. The collective efficiency of attackers is formidable. The ecosystem is industrializing. Cybercriminals think "customer" much more effectively than defenders when it comes to cyber issues. And they are…

The cold rationality of attackers versus the operational unpreparedness of companies

The cold rationality of attackers versus the operational unpreparedness of companies

For the cyber attacker, the only thing that matters is his own goal: to complete the attack. For a cybercriminal: to obtain the payment of the ransom, even if it means negotiating. Because the cost structure of the attacker is just like the business model of SaaS startups: the cost of attacking an additional company is close to zero. Worse: the attacker's operational risk is very limited, protected by several jurisdictions and many layers of technology between his target and his digital…

Financial evaluation of cybersecurity remains a path not very frequented

Financial evaluation of cybersecurity remains a path not very frequented

One explanation: for many organizations and cybersecurity professionals, the study of the return on investment (ROI) of cybersecurity remains complex. It's often taboo for the current generation of CISOs, who still rarely have the codes of the financial domain. Moreover, while current cyber methods are very good at assessing risks at the level of an application or IS project, they do not easily pass the test of a group scale. How many companies have evaluated the ROI of their cyber? There is no…

Cybersecurity: designed to fail.

Cybersecurity: designed to fail.

Over the past three years, the acceleration of ransomware damage has generated an awareness of cyber issues. Yet, in this cyber domain, the majority of companies of all sizes remain "designed to fail" and citizens are disarmed. There is still time to start a cyber revolution. It is indispensable . Awareness is growing, but the cyber debt is inexorably increasing. In large companies, the awareness of leaders is accelerating. This is evidenced by reports from the World Economic Forum (WEF) and…

Misconception n°3: The digital transformation director can't do much about cybersecurity

Misconception n°3: The digital transformation director can't do much about cybersecurity

Why is this misconsception false? Paradoxically, the CDO is probably one of the only executives, if not the only one after the CEO, who can do something decisive on cyber / digital security . The CISO, when restricted to a technical perimeter, will not be able to carry this vision to this strategic level. Because many CISOs still depend on a CIO or a CTO. Their background is rarely business and without a sufficient dose of digital. Too rarely, they allow themselves (or are allowed to) think…

Misconception n°2: Digital transformation is a separate matter from cybersecurity

Misconception n°2: Digital transformation is a separate matter from cybersecurity

Why is this misconsception false? In October 2016, Microsoft¹ identified 4 pillars : for digital transformation, which held as its definition: 1/ Engage customers: give them new experiences they will love, 2/ Empower employees: reinvent productivity and enable a data-centric culture. 3/ Minimize operations: modernize portfolios, transform processes and skills 4/ Transform products: innovate on products and business models. If these 4 pillars are not directly applied to cybersecurity, the…

Misconception n°1: Using modern/nextgen technology makes you safer

Misconception n°1: Using modern/nextgen technology makes you safer

Why is this misconsception false? In January 2019, Accenture showed that 79% of digital transformation projects did not include cybersecurity at the right level. Since then, the Covid situation and its accelerated transformations, have largely exacerbated the phenomenon. Unless adopted correctly, cloud architectures, containerization (docker and kubernetes), the extended use of open-source libraries such as npm packages, or APIs (even in GraphQL), and microservices, without forgetting AI and…

Strengthening enterprise cybersecurity through people

Strengthening enterprise cybersecurity through people

Aware of the chaotic scope of cyber attacks and the weakness of their cybersecurity, managers no longer hesitate to make substantial financial efforts and recruit excellent experts to protect themselves against them. But in this quest for resilience, they tend to neglect the crucial role of the first actors in the field of cybersecurity: the employees. Cyber attacks: the undeniable weight of human failures With the widespread use of cutting-edge technologies (AI, 5G , robotics, etc.) and the…