Cybersecurity in 2020: 4 key challenges to regain control of the digital world

20 million for Altran, 62 million for Eurofins, 220 million for Saint Gobain, 2 incidents in 2 days at Airbus in 2019… These are the estimated repercussions of the cyber-attacks that have recently hit French groups. Production stoppage, rebuilding of systems, affected reputation, etc. Protean, the impacts end up being quantified. At Alcimed, we have identified 4 key issues around cybersecurity in order to master the digital world.

#AccruedConnectivity: Increasing connectivity leading to an increase in vulnerability area for cybersecurity

In the coming years, 5G will enable thousands or even millions of IoT devices to be connected (with an absorption capacity of 1 million objects per square kilometer) and will therefore considerably increase the potential attack area.

As with other innovations, these technologies will come under intense attack in 2020 as cybercriminals seek out the valuable data they contain. Due to the rapid adoption of these types of solutions, security has been relegated to the back burner, leaving strategic vulnerabilities behind. Indeed, 98% of all IoT traffic is unencrypted [1], exposing personal and confidential data on the network according to Unit42 of Palo Alto Networks.

#Sovereignty: The development of 5G raises a sovereignty issue

France has responded to concerns related to sovereignty and cybersecurity in the deployment of 5G by a law, commonly known as the Huawei law, which provides that anyone wishing to set up a 5G network will have to obtain certification validated by the ANSSI. However, while this law is protective in terms of cybersecurity of data, it does not prevent a non-European player who fully complies with the specifications in terms of cybersecurity and technology from winning the contract.

Rather than over-dramatizing, it is necessary to work on European solutions that allow the 5G network to be deployed in accordance with maximum security principles in order to avoid potential threats such as suspicions about Huawei and the Chinese government.

#Skills: Sovereignty is also acquired through human skills in cybersecurity

Beyond the technological aspect, it is important to ask about the human base available to ensure sovereignty. Europe and France do not currently have the skills and training to meet the current needs of companies in terms of cybersecurity. It is currently crucial to improve the training and recruitment process in the countries of the European Union, and in France in particular, to attract young people to the cybersecurity professions, which will be increasingly numerous and diversified. Indeed, a third of companies admit that they are not able to recruit the experts they are looking for [2], even though they offer very competitive salaries, higher than in other IT fields, concedes the ISACA president.

This is an issue that must concern the whole field of higher and secondary education. Will we be able to have tomorrow the men and especially the women (still very much in the minority in cybersecurity) we need with the required skills?

#CyberEngineering: In order to compensate for the lack of competence, you have to be strategic and put your efforts in the right place

There is a kind of cyber-attack engineering that is becoming more and more sophisticated and targeted. It is now interesting to see that cyber-attackers consider the entire supply chain and are able to target the ‘subcontractor’s subcontractor’ to ultimately attack a large international company, without anyone noticing. In order to overcome this cyber engineering, it is necessary to put oneself in the attacker’s shoes and to understand his motivations in order to intelligently mobilize his organization in the face of cybercrime. It is therefore crucial to have a global approach to cybersecurity, as what we observe with airlines, such as United Airlines which has implemented a global approach including all actors in the ecosystem of airports with their employees’ data, or with aircraft manufacturers such as Airbus which offers cybersecurity solutions for critical systems. Indeed, cyber-attackers will always find a weak point: there is no point in having an armored door if you sleep with your windows open!

It is well understood that cybersecurity is an important issue for the coming decade. But France and the European Union are not positioned as favorites for the moment in this battle. It will therefore be necessary to take training a step further in order to have armed men and women to support our companies.

About the author

Laurence, Senior Consultant in Alcimed’s Aerospace Defence team in France

[1] https://unit42.paloaltonetworks.com/iot-threat-report-2020/
[2] https://www.isaca.org/