A 360-degree approach to corporate security?

At an event held in Lyon on January 16, specialists in business intelligence and cybersecurity reminded us that companies need to diversify their portfolio of security solutions. 

Lock the door and switch on the camera. Is that enough to protect a business? Anyone who thinks so is naive. Threats are diversifying, and the responses to them must be just as varied. Here's what you need to remember from the conference "From profiling to dark web surveillance: how to secure your organization"which we organized in Lyon on January 16. Some forty hand-picked decision-makers were able to benefit from the expertise of several high-profile speakers. 

Semiologist Élodie Laye Mielczareck revealed some of the secrets of her science, which consists in analyzing language - verbal and non-verbal - and, more generally, modes of communication to understand the intentions of interlocutors. This "language detective" has worked in particular on executive fraud, in which fraudsters impersonate a decision-maker to encourage one of his or her colleagues to make one or more transfers into his or her account. Knowing how to detect emotions, how to "read" micro-expressions, how to understand the underlying meaning of a speech: these are just some of the tools that managers can use to strengthen their recruitment. And limit the risk of industrial espionage, for example. 

Technology everywhere, safety too 

The event continued with a round-table discussion to reassure companies that, while the threats are numerous, the solutions to protect themselves do exist. Technological, first of all, with the Security Operations Center (SOC). Grégory Demule, partner at cybersecurity and risk management consultancy Formind, explained that this tool is "the heart of cybersecurity monitoring and incident response". This solution is also accessible to small businesses, thanks to the possibility of outsourcing. 

The dark web can also be a resource for companies, to detect potential data leaks. "Too many companies think that there can't be anything about them on the dark web because they're not there," laments Felipe Portero, Public Sector Business Development Manager for Europe and Asia at cybersecurity firm Searchlight. "The weak signals found on the dark web enable companies to better anticipate threats", agreed Laurent Sarralangue, Operations Director at Semkel, at a workshop specifically devoted to this unindexed part of the Internet. 

Get informed to anticipate 

Solutions also remain human. Despite the rise of artificial intelligence, which is an invaluable aid in cybersecurity in particular, human intelligence must be an integral part of a company's security strategy. As Julien Lopizzo, CEO and founder of Semkel, points out, the first step is to "acculturate all employees to handle information or data with discernment and accuracy". This intelligence culture helps to "create a collective intelligence" that optimizes corporate security by making every link in the chain accountable. 

Combining human and technological intelligence is therefore crucial when it comes to "knowing who you're dealing with", noted Julien Lopizzo. "In sports, we analyze previous matches and the form of the opposing team. A company needs to do the same with its competitors or those who represent a threat to it, whether economic or digital." 

The luxury of a rapid response to an incident 

And there's no question of adding grief to pain: intelligence, whether human or digital, must be beyond reproach. And it must be done "in compliance with the law and ethical standards", insists Julien Lopizzo. RGPD and other regulations are responsible for sorting out the serious players from the cowboys.  

This comprehensive - not to say total - security of the enterprise - because zero risk does not exist - boosts its resilience. In a workshop presenting several concrete cases he has worked on, Maxime Lambert, cyber analyst at Formind, highlighted the rapid response of well-prepared companies to cyber attacks. On the one hand, technology can limit the damage, by isolating infected machines and restoring regular, functional backups. On the other, human coordination, with a clear chain of responsibility, enables companies to get back up and running as quickly as possible.