Loïc Guézo, Clusif - A Cyber Hero by CaptainCyber
Who are you?
I am Loïc Guézo, the secretary general of Clusif, the French information security club.
What is Clusif?
Clusif is the French information security club, it's a club, a 1901 association that brings together about 850 members, half suppliers, half end customers, users and CISOs.
Tell us about the Panorama of Cybercrime report?
This year, it confirms that ransomware is the number one scourge, and that it has evolved a lot from what we saw two years ago. Before, we had machines hit randomly in the general public who were asked for 500 euros a few dozen euros. Today, we have companies that are targeted over the long term and that, after a few weeks of computer intrusions and preparation, are under the thumb of a ransomware attacker who can demand hundreds of thousands of euros without difficulty.
What remains to be done to mobilize top managers?
Today, we can see that our CISO members are able to address the Executive Committee on cybersecurity issues, at least occasionally. But we haven't gone far enough yet. We now really need the Comex, the members of the Comex, to be able to take these cybersecurity issues into account individually, to form an opinion and to integrate it into their decision-making.
How can we solve all the problems related to cybersecurity?
I think the answer is to raise the bar. To arm this French ecosystem in a European and globalized environment to be able to meet the demands of this exploding cybercrime.
Do you have any advice for citizens?
Well, I think that the advice to give to a French citizen depends on his age. If they are very young, they should not hesitate to choose the path of cybersecurity, with of course a background of general culture and neutral technical culture. This is a sector where we need arms and heads, and for a long time. It's a real growth vector. And then, if he is a user, both personally and professionally, my advice is to integrate these cybersecurity issues into his everyday behavior.
What are good cyber practices at home?
I don't dare to say that I'm going to unplug as much equipment as possible to have the least amount of attack surface. But that's kind of the idea. That is, marketing, new personal features, personal assistants, connected TVs, etc. have some very interesting features. But you'd have to be able to, on a personal basis, consider them as a real information system with a colossal attack surface, so having a security policy mainly on strong, modified passwords, etc.