Cybersecurity and threats to organisations

Find the full interview on the Global Security Mag (GS Mag) website.

Perceptions of cybersecurity and threats to organisations

‘The question is not so much IF or WHEN, but HOW your organisation will respond’ – Stéphanie Ledoux

This exchange highlights the perception of cybersecurity and threats to organisations, particularly since the Covid-19 health crisis, by Stéphanie Ledoux, CEO of Alcyconie.

GS Mag: What are the main threats you have identified in 2021?

Stéphanie Ledoux: More than the growing threats and sophistication of cyber attacks, it is the creativity of the attackers that interests us most. They have adopted best practices in marketing, communication and customer relations, and have understood that the reputation and compliance of organisations are at the heart of the issues. The emergence of double or even triple extortion, the purchase of space on social networks, and the mass printing of ransom demands are all levers used by attackers to put pressure on their victims.

Beyond the cyber threat itself, we recognise the vulnerability of organisations in the face of this new form of crime and respond pragmatically by instilling a culture of cyber crisis management among our clients. This involves, for example, developing an effective and operational incident response organisation, training lawyers, financiers and communicators on the practices and reflexes to adopt in the event of a cyber crisis or digital attack. The aim is to build the resilience of organisations and leave attackers with no foothold.

GS Mag: What about the needs of companies?

Stéphanie Ledoux: We have identified two priority needs among our customers:

The first concerns preparation and training. They are becoming aware that responding to a cyber crisis from a purely technical perspective is no longer possible. Therefore, in addition to optimising the role of a SOC, using a SIEM, triggering a BCP and mobilising a crisis unit, it is necessary to carry out missions in realistic and concrete situations in order to develop relevant reflexes and make procedures more effective on the day.

The second concerns crisis communication. While the traditional approach was to remain silent, organisations now feel the need, or even the obligation, to communicate. The question that now preoccupies them concerns the messages to be communicated, how to make them intelligible, and the obligations incumbent on certain organisations. For more than three years, we have been developing real expertise in the sensitive area of cyber crisis communication and have set up on-call teams so that we can address this issue at any time.

GS Mag: How will your strategy evolve to address these challenges?

Stéphanie Ledoux: This situation was identified when Alcyconie was first established. Our strategy therefore remains highly relevant. However, we have decided to accelerate the company’s development in two areas:

-Recruitment, by expanding the team and seeking out specific skills and leading experts,

– By designing a unique simulation platform, PIA®. Developed with the support of French Tech and the Brittany Region, this SaaS (software as a service) platform offers a secure and ultra-realistic playground to immerse decision-making and technical teams in the heart of a crisis or cyber crisis. It allows us to activate all the dimensions that need to be managed in a crisis situation (legal, communication, technical, etc.) and to place teams in the intensity of a crisis, reproducing in real time the pressure from social networks, the media and stakeholders. PIA® also meets the training requirements and needs of our most sensitive clients. Operational for several months now, PIA® has already enabled around twenty organisations to train for cyber attacks.

GS Mag: With the pandemic, remote working and its security have become essential today. How do you integrate these principles into your company and your offering?

Stéphanie Ledoux: Before the pandemic, we were already frequently working remotely, particularly during acute crises. The rapid pace of cyber crises requires even greater responsiveness, which is made possible by remote support from our on-call consultants from the very first minutes of the crisis.

We have also redesigned our training courses, particularly our exercises, to be conducted remotely, reflecting the reality of crisis units today. While it is still desirable to train regularly by physically bringing together those involved in crisis management, it is also important to vary the exercises and simulations by putting participants in remote management situations. This allows them to experience cyber crisis management with channels that are sometimes degraded or even compromised. it is also advisable to mix exercises and simulations by putting participants in remote management situations. This allows them to experience managing a cyber crisis, with channels that are sometimes degraded or even compromised, ignoring non-verbal communication and adding to the stress with a choppy connection. In short, the reality of 2021!

GS Mag: What advice would you give on this subject, and more generally on limiting risks?

Stéphanie Ledoux: Limiting the risk of a cyberattack is obviously a necessity. Protecting your organisation by drafting an ISSP, implementing detection and analysis tools, and using a SOC is essential.

But this is still not enough. The response must not only be technical, but also ORGANISATIONAL. Once an incident has been detected, it must be possible to deal with and classify it as quickly as possible, and to trigger the appropriate crisis response level if the problem is confirmed. Many organisations equip themselves with extremely powerful tools but do not have the appropriate organisational response: what secure fallback environment? What communication channels? What are my priority activities? There is no such thing as zero risk, and it is precisely this residual risk that organisational measures, crisis management and business continuity plans neutralise.

Find the full interview on the Global Security Mag (GS Mag) website.