From Cybersecurity Consulting to Continuity
At the International Forum of Cybersecurity (FIC), EBRC will present all of its skills in responding to issues related to sensitive information and infrastructure management. The company offers a full range of end-to-end Cybersecurity solutions from Consulting to Continuity. Interview by Global Security Mag (France)

GS Mag: What is the purpose of your participation in the International Forum of CyberSecurity 2017 (FIC)?

EBRC intends to present its skills in addressing issues related to Information Management and Critical Infrastructure. In particular, we present our Consulting Services that cover everything from the Digital Transformation to the Management of Operational Risks, Security and Continuity for our Clients.

GS Mag: Which Cybersecurity solutions do public or private organisations need?

Philip Dann: Hyper-resilient infrastructure, protected information systems, fully secured sensitive information and a focus on business needs and the issues faced by the Clients: these are the cornerstones of the Security offering put together by POST Luxembourg and EBRC to guard against the pervasive threats that affect our digital world. (Note: EBRC is a subsidiary of POST Luxembourg.)

POST Luxembourg and EBRC each have specific skills to support their Clients in terms of Cybersecurity. But we cannot master every field there is. That is why we have set up an ecosystem of strategic partners. Together, we are able to help our Clients get the best upfront protection and to support them when an incident does occur. In the past two years, we have selected the best experts on the market to setup this environment of Trusted partners and offer such a holistic approach, which is represented by a pyramid of needs:

  • The infrastructure is a “discrete” issue, but nevertheless essential. It is imperative to look at it in terms of resilience.
  • Visibility, monitoring information systems. Businesses (too) often do not know they are the target of attacks. You need to get a bird's eye view of their information systems.
  • The data itself. In the digitised world in which we live, a company - even with adequate protection - is never immune to a leak. We therefore offer solutions for surveillance and detection, including scanning the Dark Web to learn whether data has leaked, is being traded or used for blackmail and ransom demands. In addition, and given that perfect security does not exist no matter how many protective barriers are in place, we underline the need for our Clients to consider Cyber-Insurance services.
  • With "POST & EBRC Advisory & Professional Services", we increase the added value, we are as close as possible to the Client, to his constraints and his business. The peak of the pyramid is the strategy and the management of daily operations in line with the Client’s needs. We play the role of a Trusted team-mate to enable him to focus entirely on developing his business. He entrusts us with the management of his information systems, and we respond to all the challenges that crop up. We offer this innovative Cybersecurity approach to our Clients now that it is tested and implemented on our own systems. We do not just advocate solutions but implement them ourselves to be able to offer our services in the most pragmatic and efficient way possible. Experiencing these solutions on our own infrastructure is an additional guarantee for our Clients and proof that we do our utmost for them.
Together, we are able to help our Clients get the best upfront protection

GS Mag: What are the main concerns of your Clients?

Philip Dann: Ransomware is on everybody's minds. Activity in this area has exploded in 2016. Statistics from June indicate that every second company has already been a victim of ransomware. 6 months later, things have not at all improved on that front. And all companies are affected because they no longer just target monetary flows but the business activity itself. Technological layers of protection are ineffective against employee mistakes. A single click, and the whole company is held for ransom. Training is one option but it does not guard against sudden, spontaneous single acts that take place because of external events, a fact that is exploited by the Cybermarket whose turnover is continuously increasing. There are solutions, but how many companies will be able to contain such attacks and recover from them?

The deployment of the Internet of Things without any precautions makes it evident that we are not all learning from our mistakes. If security is not part of the foundations of a project or a product, we are playing with fire. These connected objects have become an integral part of our private and professional lives, without any restrictions... a trend that is certainly welcomed by the Cybermarket.

GS Mag: How will this threat evolve in 2017?

Philip Dann: In 2017, ransomware, DDoS attacks and IoT issues will continue to swell in importance. The question is, again, not "how do we protect ourselves?" but rather “how can we detect and respond?”. Training users is crucial for both private and professional activities.

The problem will be to clearly identify teams that will be able to make the most of the technological tools that are available. These tools are only solutions to help administrators and the CERT / SOC teams. It will therefore be even more important for the security teams to share information and their reputation / intrusion indicators to react as quickly as possible. In a competitive market, this is a real challenge but also a necessity.

The threats will evolve towards ever more massive attacks. The tests performed with ENISA, an exercise that EBRC's teams brilliantly participated in at Cyber Europe 2016, were designed to test and improve the communication channels between all stakeholders when massive attacks occur.

GS Mag: What is your message to our readers?

Philip Dann: EBRC is a European player that has datacenters that rank among the most secure in the world (Tier IV certified). We can support them in protecting their data against the risks of disclosure, leakage or theft of confidential information but also against risks related to impaired availability of their information.