Fabien Huraux, EBRC, Our clients' risks are our risks

Faced with the evolution of the cybercrime threat and taking into account the new requirements, economic actors managing sensitive data have to be able to rely on a trusted technological platform. A discussion on these challenges with Fabien Huraux, Chief Risk, Information Security and Data Protection Officer at EBRC.

How is the view on cybercrime threats evolving?

Recent widely publicised attacks have enabled us to become more aware of a real and permanent threat. Everyone now realises the risks they are exposed to if their data is taken hostage by ransomware or if their transactional systems are rendered unavailable. In response, European regulators are setting new requirements. They do so within the specific scope of the new General Data Protection Regulation (GDPR), which will apply in less than a year to all players using the data of citizens residing in the European Union area, and whose goal is among other things to ensure that European personal data is properly identified and protected.

How is the view on cybercrime threats evolving?

Our intention is to offer a "Trusted Platform" on which organisations can rely. Each client, by choosing to host their data with us, is guaranteed a high level of protection on the lower layers, in compliance with the highest standards of quality and safety. And beyond these lower layers, they can define a personalised security approach, because each player has a different type of risk exposure.

How do you approach risk management and the solutions to be implemented ?

The solutions can vary considerably, from the synchronous replication of data at remote sites to the implementation of a "Disaster Recovery Plan" with backup sites... As a rule, we always design the most appropriate response to ensure the best protection. At EBRC, our strength lies in being able to offer tailor-made solutions on all IT layers, from the infrastructure to the operating system, as well as via the applications under our control. Our teams ensure access to and monitoring of incoming and outgoing data systems and flows, they patch systems in case of a vulnerability, and alert you to suspicious behaviour.

How does EBRC deal with the evolving nature of the threats?

We have our own CERT, an operational command centre that we use to cooperate with other actors. So we adopted a "security by design" approach. Our continuous improvement process allows us to implement preventive security approaches. A thorough risk analysis of our clients is a critical step because their risks are our own.

How do you help players comply with the GDPR?

They are bound by the new obligations of the GDPR. These include documenting the use of data and how it is protected and conducting a "Privacy Impact Assessment". We use our experience and expertise in the management of sensitive data to provide them with better control and protection for their own sensitive data. We ensure that our clients manage their risks more effectively, from the identification of key datasets to their processing and the design of their protection.