If engaging in a process of digital transformation has become a necessity for companies worldwide, the security aspect of their environment, data, infrastructure, and so on, must not be neglected. Hundreds of global attacks have been perpetrated over the last 18 months, whether they targeted banks, critical industries, public institutions or even governments. "Those are only the tip of the iceberg. Our world has changed as we were switching from a physical world to a digital one. Moreover, one must remember that the digital transformation has only begun, explains Yves Reding. Through the years, we have all worked on developing the concept of cyber-security. Yet, cyber-attacks are still being perpetrated every single day and those are not the work of isolated hackers anymore, as powerful organisations are clearly behind them." New challenges have arisen.
In an era of increased economic competition, industrial espionage, fake news and cyber-criminality, the static and binary approach of security has had its day. "The cyber-space is far from being risk-free, threats are everywhere. And with the advent of the Internet of Things (IoT) and the estimated 50 billion connected objects that will gravitate all around us in the years to come, threats are only going to increase, as most IoT actors are not cyber risk-minded", highlights Yves Reding. According to the CEO of EBRC, a new approach is therefore needed for companies in order to survive and prosper: Cyber-Resilience.
The art of Resilience
As advocated by EBRC and Yves Reding in the White Paper published at the end of 2017, entitled "Digital Needs Trust", digital transformation allows for more agility yet it brings along multiple cyber-threats, which necessarily need to be addressed. "A more holistic approach, based on the fact that ALL companies are going to be attacked, is the key to answer such a change of paradigm", adds the CEO. This wider approach is called "cyber-resilience" and aims at helping professionals navigate through a torrent of cyber-threats, attacks and crimes, without being affected. The word "resilience" has been carefully chosen to translate the vision of EBRC, as explained by Mr. Reding: "being resilient actually means recovering quickly from a rough patch, being aware of the environment you are operating in and eventually strengthening your positions and expertise in order to ensure business continuity."
Obviously, security remains a key factor of this cyber-resilience concept promoted by EBRC, but is now part of a wider approach notably involving strategy, crisis management and business continuity. It consists in preparing, identifying, protecting, bouncing back and can even contain self-defense knowledge and techniques. Adopting such a continuous and ever-growing approach to risk also means that companies are aware of what is currently going on in IT and more generally in the wider cyber-space. It involves analyzing flows – entering and leaving the company –, promoting the concept within the company but also partnering with experts. But first and foremost, it needs to be integrated from the start: "Cyber-resilience and its multiple dimensions, from initial protection to recovery management, have to merge with the DNA of the company and be accepted – and understood – by all the collaborators. It's all about breaking down silos and sharing a common mindset. As a matter of fact, it has to become part of the company culture", underlines Yves Reding.
Building an entire Cyber-Resilient ecosystem
Through its several ISO certifications and with the mission of serving its clients from end-to-end – from Data Centres, Resilience, Security, Cloud & Managed Services to Consulting – EBRC is clearly in line with the upcoming NIS – Security of Network and Information Systems – Directive to be implemented all over Europe in early May. As the first piece of EU-wide legislation on cyber-security, it will provide legal measures to boost the overall level of cyber-security in the European Union. Its mission is to make sure that operators of essential services, and therefore digital services providers such as EBRC, keep running no matter what.
In this respect, the CERT – Computer Emergency Response Team – and the SOC – Security Operations Center – combined with the Cyber-Resilience Advisory team are to play even bigger proactive roles, by constantly screening the markets and providing clients with immediate advices, detection, protection, remediation and recovery solutions against cyber-threats. "In the cyber-space, delays are extremely short", adds Yves Reding. Over the years, the sensitive data specialist integrated chunks of security, business continuity, and strategy consulting, and is now able to offer an integrated and full solution on how to approach and manage risk in the cyber-space. Moreover, EBRC is collaborating with international actors and CERTs, testing its cyber-resilience capabilities with ENISA at a European level, while also benefiting from synergies and alliances with its French subsidiary Digora and Guidance Software, the latter being the world leader in cyber-security forensics. "Thanks to our integrated and certified chain of service, from advising, building to testing, from securing the cloud, the infrastructures, IT operations and data, to providing proof and immediate patches and remediation in case of an incident, business will be able to run as usual", concludes Yves Reding.