Business and IT Security: A Matter of Spending as Protection
To put it simply, companies see IT security as a source of additional expenses.
However, in recent years, we have seen more and more cyber attacks, more or less spectacular with very heavy financial scopes. While businesses and public organizations are aware of the IT threat and all that this can entail, the fact remains that the effort is always minimalist.
This article will also interest you: Securing businesses through the protection of cloud infrastructure
"We see that the capacity of cyber criminals is growing faster than the ability of all organizations to protect themselves," says Henri d'Agrain, the general delegate of Cigref, a French association that represents large companies and administrations that use digital services. "If we continue like this, in ten years it's chaos in the digital space," he laments.
According to Henry d'Agrain, companies, even if they are as secure as possible, generally struggle to keep pace with cyber-malleneence, especially with the constant discoveries of vulnerabilities and efforts to plug them
"An industrialist recognized as a vital operator (subject by law to strict security obligations) recently explained to us that given the current pace of discovery of vulnerabilities and the time required for remediation, there were always three-four loopholes that remain opened" to attackers, the delegate said.
An information system security manager at a large company acknowledged on condition of anonymity the wear and tear they were at. And that in a way this exhaustion was widespread to the professional cybersecurity community.
"It's exhausting, every week we have a big vulnerability that needs to be addressed urgently," he notes. "And there are more and more incidents among partners, IT services companies or software vendors that the company is a client of. I work in a big company, I have teams, but I can't even imagine how small companies do it," he says.
When you look objectively, the digital sector has been very much on the rise. More organizations have begun to migrate to a much more efficient digitization of services. This has opened up many possibilities and facilitated many service delivery offers. At the same time the security flaw remained. The increased it is a number of computer risks.
"In digital, we tolerate a level of vulnerability that we would not tolerate in transport or agri-food," notes a senior official and former digital professional. "Digital people know this, but there is a kind of fatalism in the face of the impossibility of being heard by branches and decision-makers who persist in seeing security as a source of cost when it is on the contrary to be put to the company's assets," explains the latter.
"We're putting our society on a set of digital technologies that we're going to have to learn to secure. Maybe it's just the beginning, as we were at the beginning of aeronautics, when we had to learn how to make planes more reliable" explores Bernard Barbier, a former technical director of the DGSE. It adds based on the internet protocol that was originally not designed to have secure communication.
Cigref, for its part, promotes the adoption of new standards or even a label that allows to provide much more secure IT solutions to companies.
"Development methods need to be re-engineered so that at least new products can get back on a sound footing," says Henri d'Agrain, who puts forward the principle of "security by design".
"There are benchmarks that need to evolve and develop, and make mandatory, at a minimum in Europe, when you bring digital applications to market," he notes.
In such contexts, a much more robust state intervention to combat cybercrime is called for. History for the government to put in place systems adapted to the evolution of computer threats.
Now access an unlimited number of passwords: