Cybersecurity let's secure our businesses

Cybersecurity

Origin:

Cybernetics is a science of controlling systems, living or non-living. This new field of science was introduced in 1948 by Norbert Wiener, American mathematician, in his book titled 'Cybernetics, Control and Communication in the Animal and the Machine'. He therefore studied the mastery of machines. Note that the prefix 'cyber' comes from the Greek 'kubernao' which means to pilot, to govern. And of this - good - governance we will fully need to face the 'cyber ... x' challenges that await us.

Definition:

We now talk about cyberspace, cybercafé, but cybersecurity, supposed to fight cybercrime or cyberattacks, occupies an increasingly important place today, both at the level of companies and at the level of States. Cybersecurity therefore now brings together the laws, policies, tools, devices, concepts and security mechanisms applied to this cyberspace that is the digital world and used for the protection of people and computer equipment of States and organizations. .

Today the exact definition of cybersecurity is given to us by the National Agency for the Security of Information Systems (ANSSI):

Cybersecurity: State sought for an information system allowing it to resist events from cyberspace likely to compromise the availability, integrity or confidentiality of data stored, processed or transmitted and the related services that these systems offer or that they make it accessible. Cybersecurity uses information system security techniques and is based on the fight against cybercrime and the establishment of cyber defense.

Situation:

We are projected into this cyberspace through all the personal data that we provide, for example when opening a mailbox, for registration on a forum, at a commercial sign on the internet, at our bank. , to all administrative services ... This information is also present in many smart cards, bank cards, Vitale or others. They represent a set of data likely to identify us directly or indirectly. All these data exchanges are done through computer tools. The number of entry points for a malicious actor is considerable. Much of this data may certainly be necessary for the operation of the service offered, but above all it has become a real business strategy for many of them. Protecting this digital information is a real economic issue for them. Under these conditions, the need for data security is essential, as is the need for confidentiality, integrity and availability of information. Imagine an interception of sensitive data between two economic partners by a third party: this is the door open to industrial hacking. If the integrity of the data is not respected, that is to say if a third party can come and modify or falsify information, a whole manufacturing process can be destroyed. The availability of information is vital for most businesses; let us think of the banking, insurance and information providers systems via the private Internet access: it is the whole organization that stops.

The solutions :

This information security must be organized around three main axes: suitable technology, reliable processes and user awareness with regard to the use of this data.

Cybersecurity must therefore ensure both the security of computer hardware and software, the storage of data and the processing of information by users.

It turns out that creating fully secure computer systems remains a wishful thinking, almost unachievable. Proof of this is the number of computer security patches continually put in place on systems.

The weakest link :

But imagine that such an ultra secure system could exist; there will always remain the weakest element in the chain, namely the user himself of this information. It is a significant element to take into account in this whole system. It is through very strong user awareness of the risks, through training, that the security of IT systems will also be ensured. Companies must set up a whole system of procedures to deal with potential abuses, a system of authorizations for access to the computer system, to applications, rules for archiving, creations or modifications of data.

We are at the start of the path

We come to the paradox that companies must keep control of information while at the same time there is a need to share it. What would happen to data that is hyper-protected to the point of no longer being able to be used?

The balance between this data protection and the freedom of creation must be sought in any cybersecurity policy, both effective but not detrimental to innovative ideas.

This is what will be implemented by secure systems shared between third parties, for example by setting up virtual private networks, which are more difficult to force.