Dec. 14, 2022Awareness
The widest mobilization is the only viable and sustainable lever to counter cyberattacks
Sylvan Ravinet
Our collective vision of cyber, as much among non-specialists as among experts and leaders, needs to be re-examined in depth. To maximize the effectiveness of our individual interventions and our collective protection. Because the attackers' ecosystem is evolving much faster than the defenders'.
The collective efficiency of attackers is formidable. The ecosystem is industrializing. Cybercriminals think "customer" much more effectively than defenders when it comes to cyber issues. And they are hijacking the usual marketing tools (online advertising, e-mailing platforms, landing pages, file sharing, cloud services...). Cybercriminals and cyber spies collaborate, exchange tools, share their R&D. They cooperate with mafias and other organizations. They cooperate with classic criminal mafias. As do some states. When we, defenders, are in our infancy. And we remain dispersed, despite large-scale initiatives such as the Cyber Campus, which is a step in the right direction in terms of building this cyber "French team", with a view to structuring the market. Or, in the European Union, the NIS2 directive, the Cybersecurity Act and the arrival of the cyber label.
Let's not try to raise awareness anymore: it doesn't work. In our study conducted with Harris Interactive, published in 2020, 80% of employees of French companies with more than 50 employees (representative sample of 648 employees) say they apply good cyber security practices. At the same time, just as many of them report inadequate use. To take just one example, 78% of them use identical passwords for several platforms. What's the point of adding a layer of awareness? Should it be added with a hammer? Or with phishing tests?
From now on, we need to mobilize as widely as possible. Mobilization calls for volunteers. Let's bet on our collective intelligence, by feeding it with quality cyber information. And engaging experiences. On a daily basis, let's measure the effectiveness of this mobilization. This mobilization is demonstrated by an approach supported by science.
On LinkedIn, Guillaume Poupard, the DG of ANSSI, clearly links the effectiveness of cybersecurity to the human aspects: "Cybersecurity : Despite all our efforts in anticipation, awareness, prevention, detection, incident response, defense. ... it remains essential that everyone protects himself at his own level against digital threats by applying the digital barrier gestures".
This idea of digital barrier gestures, if their application is key, reminds many of the analogy of the "human firewall". However, this analogy hardly corresponds to the sociological reality, which is not binary, and to the fundamental needs of each person. Fortunately, these needs are not limited to the work of Maslow (1943).
It is already late to do the right thing. In many ways, too late. Because we are accumulating a collective backlog. Even today, products, sometimes even medical devices, are put on the market that contain families of flaws that have been known for more than 20 years. This is a collective failure.
But without a real revolution in this field, it will be worse tomorrow: smart cities with facial recognition and management of local public services, exoskeletons, cobots in factories, even "dog" or humanoid robots from Boston Dynamics as police auxiliaries, in the office or in catering, etc. In several sectors, this very physical digital technology is already a daily reality, notably through surveillance drones.
Together, with all those who feel concerned by this major challenge of our world, we must not undergo such a digital transformation. Let's lead this collective revolution, that of a digital security that is both more efficient and more ethical, at the service of people.