Picardie La Gazette: What are the challenges of this edition of the FIC?
Guillaume Tissier, co-organizer of FIC and co-organizer Avisa Partners: We will have a very European course, both in the subject and in the participants. Several texts are harmonized, notably the Cyber Flexibility Law, which the European Commission must adopt within 3e Quarterly 2022. This text should create new cybersecurity rules for digital products and additional services, a follow-up to the EU’s Cybersecurity Strategy for the Digital Decade in December 2020.
Is this an opportunity to enhance international cooperation to deal with digital security issues?
With our European neighbors, we all share a number of issues, interests and concerns. Whether it’s the Covid crisis or the Ukraine crisis, these events reinforce every nation’s awareness of the need to reach digital sovereignty. We will also be having a conference on Wednesday 8th June at 5pm with rugby player Serge Bitsen on the topic “Cybersecurity is a Sport: Is Your Team Ready?”.
Specifically, we saw a rise in cyberattacks during Covid…
In fact, the threats are growing exponentially: +128% compared to 2021. There is a ransomware attack every 11 seconds and the National Commission on Information Technologies and Liberties (Cnil) receives 20 notifications per day, 58% of which are of malicious origin. Collaboration is essential to combating increasingly complex threats. Above all, cyber attacks affect all types of organizations: businesses of all sizes, communities, but also individuals.
How do we explain this rise in cyberattacks?
We are relying more and more on digital. Take the example of remote work: it had to be deployed in record time, sometimes with inappropriate solutions. The more we make the processes immaterial, the more vulnerable we are, but there is real awareness, both at the French and European levels. However, it would be absurd to refuse progress.
You’re talking about communities. Are they more vulnerable because they are less protected?
Thirty percent of communities have already been attacked by ransomware. The National Information Systems Security Agency (ANSSI) does work to advise and support local authorities by establishing regional centers to help them respond to incidents.
What about VSE and SMEs? How do you approach a topic that often seems too complicated to them?
Today, there are an average of 45 cybersecurity solutions spread out in large groups! It’s massive! This obviously generates complexity for solutions that ultimately satisfy a unique need.
This complexity is not at all affordable for small businesses for which shared and packaged solutions, via a cloud service provider or a host, remain popular. You can’t ask VSE or an SME to buy dozens of solutions or build a Security Operations Center in-house. We need managed and organized security, and in France there is a wealth of actors.
When we ask business leaders, their topic is rather the management of technological obsolescence: there is such a cadence of innovations that it is difficult to follow. The idea is not to slow down but to reinforce publishers’ commitments to keep their software beyond the commercialization period and thus maintain security.
It is clear that the beginning of 2022 was marked by the crisis in Ukraine. Should we fear potential cyber attacks?
It is clear that there have been attacks in Ukraine in terms of transport and energy … But at the moment, the impact on military operations has been minimal. However, we must remain careful. These events also raise the issue of heavy dependence on certain countries, far from theory.
Many French start-ups are appearing in the economic landscape, but how do they find a place internationally?
Each year, during the Start-up Award – which encourages innovation and entrepreneurship in the cybersecurity sector – we publish a barometer of innovation with Tikehau Ace Capital: dynamism and expansion are nothing new and we can see a rise in the maturity of French and European companies that are rapidly attacking the European or American market.
What we need now is for investment to follow. Today, the funds are organized for the first fundraising, but once the sums of 20-30 million euros are reached, France is far behind compared to the United States or Israel.
There will be a shortage of 15,000 jobs in cybersecurity. Is it a lack of training?
It is clear that the needs are growing and the arrival of new graduates and experts is not progressing fast enough to cover all the needs. The President of the Republic announced his desire to double the number of jobs in digital professions [ndlr, pour atteindre les 70 000 emplois d’ici 2025]. In the cybersecurity sector alone, France has sales of about 8 billion euros (+11.5% in 2020) and there is talk of trebling it by 2025.
I would say that the topic is rather that of the promotion of professions and the training of technicians, which is still very far behind. The masked hacker who works in the dark is a cartoon. It must be emphasized that there are also ethical hackers, positions on technical and non-technical profiles, in legal, marketing, business and governance issues…