Mohammed Sijelmassi is CTO of Sopra Steria.
Cyberattacks cost governments, businesses and individual citizens hundreds of billions of euros each year. This is a serious, serious problem, and it is likely to become more serious as automation increases. As long as cyberattacks generate financial or political gain, they will persist and become harder to defend against as attackers become more sophisticated.
Attacks against computer systems and networks have been a problem since the dawn of the Internet. The Internet is not a single communication network with defined perimeters, controlled access, and proprietary protocols. This is a web of networks, in principle everyone and everything can be connected to the Internet. Security is therefore a widely distributed task and a task for everyone. All these connected networks and devices such as computers, sensors, Wi-Fi routers and smartphones need to be protected. The internet doesn’t do it for us.
Policy makers have long recognized security as a major issue. In the last 20 years, the EU has introduced several regulations (NIS2, Cybersecurity Law, Cyber Resilience Law proposals, etc.) and made significant investments to this effect (Digital Europe, Horizon Europe, etc.), became a major actor. ENISA, the European cybersecurity agency in Greece, helps with analysis, awareness and coordination. The recently established ECCC, Romania’s European Cybersecurity Competence Center, will further strengthen joint actions, especially with cross-border SOCs (Security Operations Centers for Information Sharing between Member States).
Security measures should not be confused with provisions of safety and reliability, which can be guaranteed and tested to some measurable degree. The level of security is much more difficult to define and evaluate as it depends heavily on the sophistication of the attack. This means that policymakers may require manufacturers and users to follow procedures, apply precautions, or deploy defensive tools, but the private sector needs to tackle the problem. It requires ingenuity and preparation.
The IT industry is now better able to protect its products and services with things like source code reviews and regular updates. It also improves its security offerings for users, including antivirus, firewall, and rootkit detection. But building a product with security in mind is just one of many steps. Context is also important.
To protect individual users in homes and small businesses, you need out-of-the-box security and an easy-to-use toolkit. Protecting corporate and government networks is another game. Larger organizations have more IT professionals, but their computer systems are more complex and sensitive. Security is a never-ending process. Attack sophistication, undiscovered vulnerabilities, mobile work, bring your own device (BYOD) policies, and remote network access all require a defense-in-depth approach. This is a well-known concept, but its implementation is difficult and requires investment. Sopra Steria understands this and combines implementation practices with state-of-the-art product integration to deliver world-class cybersecurity services.
Sopra Steria’s software development and system solutions follow a security life cycle based on the principle of “security by design”. It starts with threat analysis and prevention. For example, disallowing unchecked inputs. Sopra Steria implements solutions to protect your digital assets. The task here is to integrate security processes into daily operations in a simple, non-disruptive way, avoiding staff trading convenience for security by looking for shortcuts. A key pillar is the Sopra Steria SOC (Security Operations Center), which detects and responds to security incidents. Sopra Steria is certified by the French “Agence Nationale de la Sécurité des Systèmes d’Information” and our approach is already in line with the provisions of the proposed NIS2 proposal.
Cybersecurity Skills: We Need to Move Forward
Everyone in your organization needs some level of cybersecurity knowledge. This can be achieved through hands-on training and keeping staff vigilant against various modern phishing attacks and more. The shortage of cybersecurity specialists is a major problem for the IT industry. We at Soplasteria are tackling this problem head-on. We discover and nurture the right people for the right jobs.
The recently announced “European Cybersecurity Skills Framework” (ECSF) developed by ENISA is well thought out and of high quality. Profiles of 12 typical professional roles, including threat intelligence specialist, cybersecurity architect, and risk manager. Additionally, the Commission’s intention to establish a Cybersecurity Skills Academy is timely and will have industry support. However, it is important to continuously train more skilled professionals and deepen their knowledge so that Europe can be prepared for the cybersecurity challenges ahead.
European cybersecurity ecosystem
Cybersecurity has always been a matter of national security, but recent geopolitical developments have made it clear that ensuring some degree of independence is essential to being competitive on a global scale. needs a European vendor that is world class and aligns with our values. Programs such as Horizon Europe and Digital Europe are helpful, but insufficient unless member states mobilize on these initiatives.
Together we should work on the availability of cybersecurity professionals and training facilities, a more integrated response system and an ecosystem of European vendors. In this regard, Sopra Steria is encouraged by the European Commission’s commitment to digital skills.
We also need to work together for the future challenges of facing upgraded state-sponsored attacks, post-quantum cryptography, and AI.
This is not easy. But Europe believes it already has what it needs at its disposal. You just need to put your resources together.
sopra steria is a European technology leader, helping clients drive digital transformation and achieve tangible and sustainable benefits through consulting, digital services and software development. At Sopra Steria, we are committed to making the most of digital technology to build a positive future for our clients and society.