- il y a 2 jours
Cybersecurity the Cost of Unpreparedness
Catégorie
🤖
TechnologieTranscription
00:00Good afternoon and welcome back to Viva Tech stage 3. My name is Dan Sobovitz. I'll be your host for
00:06this afternoon.
00:07If you're watching us online, I have to say there's an incredible atmosphere here at Port de Versailles Paris.
00:12If you're here in person, great to have you back in this post-pandemic version.
00:17For the next 90 minutes, we'll be talking cyber security. Next 90 minutes and also tomorrow morning at 10 a
00:23.m.
00:23First, we'll look into the threats and opportunities of cyber security both in the private and public sector.
00:29And in tomorrow's session at 10 a.m. here at stage 3, we'll look into the concept of ethical hacking.
00:35But the first session we're about to start is about the costs of under-preparedness.
00:39Because the successful attacks are often the result of organizations that underestimated or under-prepared for the attack to come.
00:53To discuss this phenomenon, I'd like to invite my dear Jennifer Schenker,
00:57founder and editor-in-chief of The Innovator, and our panelists to join us right here on stage.
01:20Hi Jennifer, good to have you back here in Paris.
01:23Paris, your panel is definitely not under-prepared to discuss cyber security, so we're really looking forward to your conversation.
01:30Thank you, Dan. It's great to be back at VivaTech.
01:34And we know that if there's one subject that's going to keep trending year after year, it's cyber security.
01:41So let's get right to it.
01:44It's my pleasure to share the stage this afternoon with Olivier Nodet, head of cyber security and digital fraud at
01:54BNP Paribas,
01:56and Zena Zakhor, vice president and global CTO of cyber security at ATOS.
02:03Now just take a minute to frame the discussion.
02:07According to cyber security ventures, global cyber crime costs are going to grow by 15% per year over the
02:16next few years,
02:17reaching $10.5 trillion US dollars annually by 2025.
02:23The damage cost estimation is a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities.
02:36And the cyber attack surface will be an order of magnitude greater in 2025 than it is today.
02:45So cyber crime costs, they include damage and destruction of data, stolen money, lost productivity,
02:54theft of intellectual property, theft of personal and financial data, embezzlement, fraud,
03:01post-attack disruption to the normal cost of business, forensic investigation,
03:07restoration and deletion of hacked data and systems, and reputational harm.
03:12So it's no wonder that this is at the top of the agenda for nearly every CEO.
03:20So let's dive right in and ask the experts.
03:25Are you seeing cyber issues attached to the invasion of Ukraine and the heightened tensions between Europe and Russia?
03:41Yes, sir. So hello, everyone. It's a pleasure to be here today.
03:44So indeed, if we're going to talk about the impact of the Ukrainian invasion,
03:49is that we've seen targeted cyber attacks targeting the Ukrainian company,
03:55what we call also the organization that provides essential services.
03:58So the national agency has reported a lot of attacks.
04:02Some of them are DDoS attacks. We have also seen in the wild wiper malware.
04:06So those are malware that will come and actually erase any data that could exist on the network of an
04:11organization if successful.
04:13And just recently, actually, I think it was a month or a month or two ago,
04:17we have identified as well targeted malware that are targeting national infrastructure like energy.
04:23So if you remember, a couple of years ago, they had a blackout in Ukraine because of an attack that
04:28has targeted their energy sector.
04:32Now they are better prepared. So they did see this malware in DDoS 3 or 2, it has been labeled,
04:36but they managed actually to counter it. They had no impact on their business.
04:40So they were better prepared.
04:41There have been a number of attacks, really thousands of attacks that were reported by the Ukrainian national agency.
04:46Today, we don't see anything that has been quite impactful.
04:50However, what is undeniable is that cyber war today is really part of kinetic war.
04:55So you have the war on the ground, but you have cyber war that is happening backstage.
05:00Today, there is no this big impact.
05:02What we worry about is if you become a collateral damage.
05:05You know, this slips from the geographical location and then might come and target organizations
05:10just because they created a malware that is exploiting a vulnerability that impacts you as an organization.
05:17Those are the things that every size of those are actually very worried about and on alert on this front.
05:23Olivier, what's the situation that began beneath Haribah?
05:26For us, same as what I heard is we haven't seen anything on our systems and we are monitoring globally
05:36our information systems.
05:37Of course, it can change in two minutes.
05:42It's what we are telling it's really now.
05:46We are waiting for that.
05:48Everyone was waiting for that and we don't know what will happen.
05:51So, of course, we are ready for that.
05:53But for now, nothing has been seen on our radar.
05:58Is it enough to protect your own company?
06:02What about the supply chain?
06:03You know, we have this solar winds attack and that sort of made everyone realize that even if you have
06:11your own parameters secured,
06:13you're still vulnerable.
06:15Yeah, of course, the castle model where you have everything in your own premise, it's finished, links to regulations, linked
06:24to the change of the world.
06:26We've got more and more an open world and we need to be more widely open.
06:42So, we have to manage our information systems.
06:47We have to manage our partner.
06:48We have to deal with partners who could have issues.
06:52We need to be robust for that.
06:54And I'm not a big fan of regulation, but the regulation will also help us.
06:59As with the NIST 2 version, DNC has just communicated on that, that it will be widely spread for all
07:08of companies in France and in Europe.
07:10And it will change the game.
07:13Zena, I think you have a message for some of the people in this room.
07:17Yeah, so actually, the first point is that the supply chain attack is not something new.
07:21We always say in cybersecurity, you are as strong as your weakest link.
07:25And indeed, when you have done all your due diligence as an organization, you have secured everything as much as
07:30possible again,
07:32then indeed your weakest link could be the third party, the thing that you cannot 100% control.
07:37So, this is a big issue today for the organization.
07:40However, there are standards.
07:41You have the NIST, for instance, that have launched actually a revised version of their supply chain risk management
07:47and advice about how do you secure it.
07:49The ANSI has something to say on that in UK as well.
07:52So, you have a lot of also governmental institution that has provided guidance about how do you secure the supply
07:58chain.
07:58The thing is, when I look at you today, I mean, we are in VivaTech.
08:02We have startups.
08:03We have a leading organization that are providing digital product and services.
08:07You need to include security by design.
08:09This is it about supply chain because you can become the weakest link of an organization,
08:14which means today security cannot be an afterthought when you're developing products.
08:20And another important thing as well is that how secure you are will depend about the best practices that you
08:26are implementing.
08:27And you need to be ready because you have a lot of organization today that changed their procurement process, as
08:32an example.
08:33And in their procurement process, they have a lot of requirements today that will actually address the security of a
08:39product.
08:40Add the security maturity of a product that has nothing to do with security that they are acquiring a digital
08:45product.
08:46And you have a regulation.
08:47So, Olivier mentioned regulation likeness too.
08:49But today in Europe, they are working on the Cyber Resilient Act, actually.
08:53And it's something that will come up in upcoming months.
08:56And this is specifically targeted about how do you secure digital product and services by design.
09:03So, in a way, you will have to be compliant as well with those type of regulation.
09:07Better start now and implement those best practices.
09:10Yeah, because today, you can have your doorbell or some other appliance in your house hacked.
09:20Because those products have not been designed with security in mind, correct?
09:27You wanted to say something?
09:29No, no. I was just on what I've heard.
09:32We are also thinking about, okay, we need to secure our information system.
09:36Then we have to take care about all the components and all the suppliers we are using.
09:41At the banking industry, our data now is widely open.
09:45So, our data could be also outside of our information system.
09:50So, it's important for us that everyone, as soon as they've got our data,
09:55they need to make sure that everything is correctly secure to ensure that the security and the confidentiality of our
10:04data,
10:05even when it's outside of our premises.
10:09It could be cloud.
10:11It could be fintech data as deal with the bank.
10:14Everyone needs to be included in the whole chain as well.
10:18I've heard that the weakest link will be, at the end, the biggest problem for us.
10:23Okay. So, let's talk a little bit about the role of some new technologies.
10:30So, AI, for example.
10:32It can be a two-edged sword because it can help you in your defense, but it also helps the
10:42bad guys.
10:43So, how do you view a technology like AI?
10:50Actually, you've summarized it very well.
10:52You have the positive and you have the negative.
10:54AI today is really helping us in cybersecurity.
10:58Today, cyber is leveraging AI in order to improve the protection, improve the detection,
11:04and even the response process in securing an organization or an environment.
11:09So, it's very important to understand that not only it does help us as well from a security perspective in
11:14terms of, you know,
11:15being able to analyze this crushing volume of data and see those small noises.
11:19And those noises could be actually the alert of a potential attack that is being prepared or an intrusion.
11:25You know, someone that has put just, you know, one foot inside the door.
11:28And that's so that you can react fast enough because in the end, insecurity is how fast do you detect
11:33and how fast do you react?
11:35And we should not forget that when we're talking about, for instance, nation-sponsored set actor, as you mentioned before,
11:41some of them are highly skilled.
11:42They can come in and out in less than 30 minutes.
11:46So, how fast can you detect that in this deluge of data?
11:49This is where AI has a big role to play.
11:52And afterwards, indeed, if I'm talking about AI project, I mean, you go here and you see so many startups
11:58leveraging AI and it's great.
12:00But, however, again, it takes us to the situation of, is it secured by design?
12:04First, is your AI leveraging personal data?
12:07You know, it could be used for marketing, for consumer or customer experience, for instance.
12:11Then, are you compliant with regulation, GDPR as an example?
12:14Those are key questions that organizations should ask themselves when they start this type of project.
12:18Am I respecting the privacy of the end users, you know, that I'm using their data?
12:25But also, we can use AI for predictive maintenance, which is a great, great use case for it.
12:30The question is, how am I securing the data?
12:32Because if you temper this data, you know, at the source, then your predictive maintenance is completely incorrect.
12:39And those are key concerns that organizations today have to tackle when they are implementing an AI-based project.
12:46And after that?
12:47At the banking industry, for a bank like BNP Paribas, you can imagine the number and the volume of data
12:54we've got.
12:55Human cannot manage that.
12:57So, we need AI or even machine learning or even AI to help us to really manage that and to
13:04monitor correctly the weak link we can see.
13:11And let's take an example. Before, when I'm talking about fraud, we got like manual process. So, it takes maybe
13:19one day or one hour to detect things.
13:23And then we are able to produce some stops, to stop, sorry, stop some flaws.
13:28With instant payment, it could be for corporate or for you when you're doing an instant payment.
13:36We need instant decision. And instant decision could only be taken by machine learning with dedicated patterns.
13:44So, for us, that's the future. So, that's the first point. But, of course, as the attackers will know exactly
13:51what we are doing with machine learning,
13:53we also have to ensure that the bad guys don't understand exactly what we are doing and are playing with
14:01our algorithm to be able to bypass our protection.
14:05Actually, just one point. I remember, you know, because you mentioned how the bad guys are using AI.
14:10And today, they are leveraging AI. I mean, it has been for a couple of years, if not more.
14:14They are leveraging AI when they launch phishing attack, for instance, or voice attack.
14:18So, they simulate, you know, the CIO of an organization and they contact the CFO to request a transfer and
14:25they are using the same voice, the same mimic.
14:27So, they are leveraging those type of AI and they are leveraging AI to launch evasive attack.
14:33So, that this malware then will be able to analyze the environment where it is and adapt to the environment
14:39so that it remains undetected for as long as possible.
14:43Which explains why we need to use AI as well from our side.
14:47I always say, in the end, we will come to this battle of the machines, you know, and we need
14:52to be able to be prepared.
14:54And another point that also Olivier mentioned, that when we are using it, we need to, because we are automating
14:59it, we need to also have this auditability of AI.
15:03Because in the end, again, it is part of the regulation for GDPR, for instance.
15:07We need to accelerate the process, but still make sure that we can trace, you can, you know, have the
15:12auditability of how this reasoning came from the machine.
15:16Because from a regulation perspective, we need to be able to prove this.
15:20And we need to have what we call ethical machine because we did have some nightmare stories, you know, about
15:25machine that became racist or whatever, you know, AI assistance.
15:30So, we really need to be very careful about how we are creating those machines so that we have ethical
15:35machines as well.
15:36Not only we are securing AI, we are securing the privacy, but we have ethical machines.
15:41So, while we're on the topic of new technologies and, you know, the positive and negative sides, quantum computing is
15:50coming at some point.
15:51And when it does, it's going to break the encryption technology that companies have been using for the last 40
15:59years.
16:00How can you prepare for that?
16:06Well, of course, we know that it will definitely disrupt what we've built for, I don't know if it's 40
16:12years, but for a long time ago.
16:14But the good thing is now we are pretty sure that algorithms that are managed to not be backed by
16:22quantum are existing.
16:24Crypto Next or any other companies or startups are dealing with that type of technology.
16:30So, for a bank like us, you know that, of course, we do innovate, but we've got a few legacy
16:38also.
16:39We now have to manage that to ensure that everywhere where we do have not quantum safe algorithm, we are
16:47able to change that and be ready for the future.
16:51Okay.
16:52Yeah, I would say, I'm fully aligned with Olivier, and I would say the main challenge for organization is already
16:57to understand what are the encryption keys that they have.
17:00I mean, this has not been very well managed by so many organizations that making the inventory of what you
17:06have today in terms of encryption keys to be able afterwards to be ready for this quantum era is already
17:12a big challenge for organization.
17:13Many have started today because, for instance, if you take in the US, there has been a memorandum of cybersecurity
17:19by the White House where they have instructed a federal organization to start doing their due diligence and prepare their
17:28migration plan for the quantum era.
17:30So, it means that many organizations today will be in this phase of discovery. I need to understand what do
17:36I have in terms of encryption keys and then what are the organizations that can help me.
17:41Like Olivier mentioned, Cryptonext is one example. And we know that I think this year or maximum early next year,
17:47the NIST will select the key algorithms because we have multiple algorithms indeed today that will actually sustain the quantum
17:55era.
17:56And they will select the key algorithms and those algorithms then we need to prepare for the implementation and the
18:02update of our cryptography environment. It's easier said than done.
18:09And it's also important for us to even now if some data are stolen and say, okay, it's encrypted or
18:17no worries, then maybe in two or three years, it won't be encrypted anymore.
18:21And so we will have to deal with that and to ensure that for now we really have to take
18:27into account these possibilities of attackers that I don't know, is it two years, three years, five years, but quantum
18:35will be there for everyone.
18:36Apparently, that's already a thing. I mean, it's called steal now, decrypt later.
18:40And that, you know, bad guys are going in, taking data, and even if they can't decrypt it now, they
18:46will do it later.
18:47So it's, as Zaina said, more important than ever to know where your vulnerabilities are, right?
18:53And so that's, I think, a good segue into my next question, which is, you know, given all that we've
18:59discussed so far, what do each of you think is the best way to protect your company?
19:08So, in my view, you know, there are different processes that we need to follow. First one is really to
19:14identify your risk. You cannot protect what you cannot see.
19:17I need to understand what are my assets, what are the critical assets, what are the cyber risk that falls
19:22on those assets. This is a key step. This is the first step.
19:25And again, it's not only, as Olivier said before, it's not only on your classical IT, it's your cloud, your
19:31edge, 5G now, private 5G networks that are being deployed.
19:35So it's really this entire digital environment or pseudo-digital with the industrial as well and the OT.
19:42So you need to have this clear understanding of your asset, the risk that falls on your asset, and then
19:47you need to put your protection layer.
19:49Again, it's about doing your due diligence, putting in place the proper security controls to be also in compliance with
19:56the regulation.
19:57And then afterwards, when you've done your due diligence, it's the question about how can I detect fast and how
20:04I react fast.
20:04And when I'm talking about detection, it's not only detecting if there's a cyber attack or an intrusion, but also
20:09detecting whether the security posture is still the same.
20:13You know, you launch a digital product, the digital services at T0, and you've done everything correct, and the product
20:19is very secure, but this product is going to live.
20:21You are going to have regular update. This is, you know, the famous CICD process, the DevOps process.
20:27So how can I make sure that in all those versions of my product, I still maintain the same level
20:33of security?
20:33This is something that organizations will need to really properly monitor, in addition to, of course, be ready to detect
20:40the threats and react as fast as possible.
20:44In the end, you cannot predict everything when we're talking about cybersecurity, but you need to be ready.
20:49You need to be ready for this black swan. I know it's an oxymoron to say you are ready for
20:53a black swan, but you need, in a way, to be ready for that.
20:56Because when you say we're ready for the unexpected, that at least I can mitigate the risk, I can limit
21:02the impact, and I can react fast enough.
21:05Yeah, because today, it's not a question of, like, if you're going to be attacked, it's when you're going to
21:10be attacked, right?
21:12So what's prevented me to sleep at night as a CISO definitely is ransomware.
21:17Yeah. I mean, in 10 seconds, you do not have any company. So I fully agree with what I heard,
21:24but I will take it a little bit reverse.
21:28Let's take the assumption that you might be dead tomorrow. So are you able to recover? So do you got
21:35your full backup systems? Do you know exactly what your process you need to do to protect and the process
21:42that needs to be restarted first?
21:43So for us, it's really what we are dealing now is ensuring that something happens. And believe me, it will
21:50happen. Are we able to reconstruct something or are we able to deliver the business even if we are suffering
21:59from an attack?
21:59This is exactly what we are doing now. Of course, we need to do everything about protect, detect, react. But
22:06this is exactly what we are spending a lot of money for us and not for a bank like us.
22:12So let's go back to what I discussed at the very beginning, you know, why it's so important to prepare.
22:22Like, what is the actual cost to companies when they are breached?
22:29Yeah, I can start if you want. Again, it's going to depend. It's going to depend on what type of
22:34cyber incident of data breach that we're dealing with. But we have a lot of organization that we're very candid
22:39and open about that. If you remember, for instance, in NotPetya, ransomware attacks, since we're talking about ransomware.
22:45And at the time, you have a couple of companies that mentioned that they have lost 150 million US dollars
22:54in terms of loss of cost of sale, because they cannot do their business, they are completely immobilized.
23:00And then you had the equivalent of 130 million just to recover. But this is again, this is the black
23:07swan that we were talking about. Not everything costs that much. You can have a couple of millions or whatever.
23:12But the question is, how do I make sure that this cost will be minimum? This is how can I
23:17prepare properly so that I mitigate the risk and I make sure that the cost of a cyber attack is
23:23really limited to an acceptable risk for an organization?
23:28And for a bank, the cost could be in Euro or dollar, but the cost is also about trust. How
23:35can a consumer will trust his bank as soon as he's seen something in the press saying that all the
23:41data has been in the wild or some money has been out of the bank?
23:46So for us, it's really a question of trust. And it's really complicated to calculate it and to put it
23:52in euros. But at the end of the day, we are investing that much. We are really working to ensure
23:58that we've got a digital trust with our clients.
24:01So, you know, given the high financial cost and the reputational costs that the two of you have just outlined,
24:11can you talk about the importance of cross sector, cross company collaboration, more collaboration between companies and government and companies
24:23within sectors?
24:25Well, the sharing of information is key as alone. We are dead. I mean, we are not able to know
24:33everyone, everything that has happened in the world. So sharing between the banking industry, at least at French level, at
24:40European level, it's really important.
24:43That's also a part of the French where we are there to share information. It's important also to have more
24:51sharing information between public and private. The private, of course, is company and public could be in university, could be,
25:00of course, the national estate industry.
25:02This is really also important as we need to ensure that, simple example, ensure that schools are providing enough talent
25:13for the future. So it's important that at the public, at a private level, we provide enough information to schools
25:21to know exactly what we are dealing and what we will need in the future.
25:25And, of course, between industry, when something happens at another bank, it's really important that we know the information that
25:34we will be able to answer that. And then we will be much more stronger altogether.
25:40Thanks. And Zaina, I think Atos is, you know, a very active member or maybe even a founding member of
25:46a group. Maybe you can tell us a little bit about that.
25:48Indeed. So I think the message is clear. It's only together that we can face the cyber risk. And the
25:55Charter of Trust is a good example. So we are the member of this organization.
25:59This organization, you have competitors, you know, industry competitors, competitors that are leaders in security, but they are all working
26:07together, sharing information, sharing that intelligence, building best practices, because we need to make sure.
26:14I mean, if you want to innovate more, if you want to develop this digital market, then we need to
26:18make sure that it is safe, because otherwise everything is going to collapse.
26:22And we are part of this Charter of Trust with this objective, that we share together all those information, we
26:26help each other, so that the entire industry moves up in terms of security maturity.
26:31I think it's worth mentioning here the fact that France has created this new campus cyber and that the banking
26:41and insurance industries now have, like, their own groups within that. Can you tell us a little bit more?
26:47Well, if something happens to one of us, that will be a domino effect. So definitely, at the cyber level,
26:55we are not competitors.
26:56We are dealing with the same actors that can attack us. We know that on the cyber fraud, we know
27:03that IBAN is reused a lot, that IP address is used a lot by the attackers.
27:09And for now, we were only fighting each other against the attackers. We say, OK, let's do it all together.
27:17That will be much more stronger. Then with the justice will be also much more stronger. If we go all
27:27together to the parquet, to the justice, that will be much more easier.
27:37To the courts, yeah.
27:38To the courts, yeah. And then have only one fight with all the action we've seen.
27:43So this is the purpose of the campus cyber force. And also, because it's really important that we are all
27:54together to communicate to clients, because client, at the end of the day, it's his money.
27:59And so we will all together have global communication to them, because sometimes they are using the trade name of
28:08BNP Paribas to attack Société Générale and the river.
28:12So all together, we will be much more stronger on that.
28:15How did the two of you see the role of the CISO, the Chief Information Security Officer at Companies, changing?
28:24Well, I would say for my CISO, I'm doing this job for about seven years now. I really see the
28:30difference during this year. At the beginning, we were building things, after we have to report things to the board
28:38of the bank.
28:39And now we are dealing with, we are fully involved in the business decision. So I really see the curve.
28:47I'm not doing that much techniques for now that I was doing seven years ago.
28:51Now I'm spending more things, more times to explain that, to be really within the global decision of the bank
28:59and to be involved in some decision as cyber has changed IT, of course, but cyber also have changed some
29:06decision.
29:06Maybe in some part of the world, cyber will cost so much to be there. If you are not big
29:13enough, then sometimes the decision will be to sell or to leave the company.
29:19Because IT and cyber will cost too much. So it's really a game changer. And I really, I've seen really
29:26my, my career changing in the, in the last year.
29:30Thank you.
29:30Yeah, I would say also that the CISO today has, you know, to talk to the board, to talk to
29:37the operational teams, to preach and evangelize everyone on cybersecurity, because again, it's responsible to every single employee in an
29:46organization.
29:46And this is, it's, you know, so it requires someone that has people skill, that has communication skill, and that
29:53is also, you know, a technical person.
29:55So it really requires, you know, a unique, unique type of individuals. But also today, what we see is that
30:02the CISO are not alone in, in, in this, in this job.
30:07So they have the board that is listening. You know, I have been in security for 20 years. You know,
30:11we, we were the, consider the Cassandras in the past, you know, every time we say, okay, you should watch,
30:15watch out incidents.
30:16And, okay, no, no, no, we're good. But you see, we've seen how this has changed. Today, the CISO is,
30:21has the board listening to them. And this is excellent.
30:24But also today, you see, for instance, you know, if I'm talking about an organization that developed product, you have
30:29a chief product security officer.
30:31This is a new role that exists. We were talking about supply chain, you have role about supply chain security
30:36officers.
30:37So you have people that will have this responsibility reporting to the CISO or working with the CISO, but you,
30:43they will have those ambassadors in the organization responsible of those key activities.
30:48And this has changed a lot because in the past, it was me, myself and I for the CISOs.
30:52So you both have brought up some super important points that the role, your role in companies is becoming more
31:04and more important.
31:05It's integral to the business, into the business strategy, that you have the attention of the board, and that a
31:13unique set of skills is needed to do the job.
31:17And we don't have enough people with your kind of skills.
31:22There are literally tens of thousands of job openings in cybersecurity globally that cannot be filled.
31:30We need more people to go into the field, we need good people to go into the field, and we
31:35need more diversity.
31:36And I will mention, I think it's super, Zaina, that you are here, you are, but you are one of
31:43the few women in the field.
31:45We need more of them, and since diversity is a big theme here this year at VivaTac, I did want
31:51to point that out.
31:52We're almost out of time, so just very quickly, I would like each of you to leave the audience with,
31:58if you had one piece of advice to give to companies here about how to protect themselves, what would that
32:06be?
32:08So maybe I would say, don't consider security as a cost, but consider it as something that is creating value
32:15for you.
32:16So when you invest in security, when you create your security teams, when you have a proper security budget so
32:22that you can work and put in place all those security controls, this is creating value.
32:27This is what your consumers, or whether you are in B2B or B2C, this is what your customers expect in
32:33the end.
32:34This will build trust and will help you actually grow your business.
32:37Thank you, Zaina.
32:39Well, on top of that, because I fully agree with that, let's imagine it happens, you have no information systems.
32:47What do you have to do? That's for me the key point. And then you will think, okay, but then
32:54do I have backups?
32:56Then are my backups really outside of my information systems? And then, yes, but what do I have to save?
33:03Do I have to save the whole information system of my company?
33:06And then you will think, oh no, this is really the important things that I really need to recover.
33:12And then the world change, and at the end, you will say, okay, this is exactly my crown jewels I
33:17need to protect.
33:18And then I will invest that much euros on this part of my companies.
33:25So this is for me a good way for a smaller company. This is really definitely the good way of
33:31thinking about ensuring security.
33:33Thank you. So the message is invest where there's value, where it will impact the company and its customers, and
33:39be prepared.
33:41Thank you both very much. Let's have a nice round of applause for our panelists.
33:45Thank you.
33:46Thank you.
33:46So thank you. Please stay where you are.
33:48Thank you, Jennifer, Olivier, and Zaina.
33:50This was a perfect kickoff to our trilogy on cybersecurity.
33:53Very pragmatic for companies in the audience who want to know.
Commentaires