Laurent Theringaud, Ercom: “the problem lies in the fact that most companies do not provide cell phones to all employees”
While the threats surrounding mobile phones are not as often acknowledged as those on computers and networks, they’re as important to notice.
Malware, phishing attacks, Man-in-the-Middle attacks – there are many threats that mobile users can face without proper security measures. It can result in financial losses, identity theft, stolen data, and even more.
And now, mobile devices have become much more than a tool to call and send a message. It’s now also used for work, posing a threat not only for personal, but for confidential workplace data as well.
To find out how to act to prevent cyberattacks on our mobile devices, Cybernews had a talk with Laurent Theringaud, the Head of Strategic Alliances, Marketing, & Communication at Ercom – a company that specializes in mobile device security.
Would you like to share a little bit about your story? How did Ercom come about?
Ercom is a small company that started in 1986 with a consulting activity in the field of telecommunications and cryptography.
The first product developed by Ercom was Secphone, allowing end-to-end encrypted communications, it was in 2001. The predecessor of Cryptosmart was born in 2007.
Ercom then focused on product development and gradually moved away from service capabilities. Since that point, Ercom has expanded its portfolio to offer a complete range of solutions enabling communication and collaborative work in the best security conditions, even in mobile situations with a user experience as close as possible to consumer products. In 2019, Ercom became a subsidiary of the Thales Group.
As of today, our portfolio contains four products. Cryptosmart provides full protection for Samsung devices, data, and communications, Cryptobox is a collaborative tool to securely share, exchange, and store data in the cloud, Citadel Team is a SaaS solution to manage meetings (audio or video conferences) and discussions and finally Cybels Hub Restricted propose all-in-one of our tools and services accredited at French restricted level.
Can you introduce us to what you do? What technology do you use to secure communications?
Whether it is for our voice communications or SMS solution, our instant messaging or file transfers application, security is one of our prerequisites. Security by design associated with user experience is the common denominator of all our solutions.
We offer end-to-end encryption based on proven cryptographic techniques and principles combined with a team of designers and customer success managers to ensure product adoption.
What are some of the most concerning threats surrounding mobile devices currently?
We can see that the power of our mobile devices is increasing very fast, more than that of our computers. Also, with 5G, connectivity will soon be much better on mobile. And to date, computers have rather well-established and deployed protection, unlike mobiles. We can easily deduce that the latter will be privileged targets in the months and years to come.
Mobile users are vulnerable to all types of attacks (malicious, phishing, Man-in-the-Middle attacks), and attackers are becoming more and more imaginative.
To illustrate our point, the Cyber Threat Intelligence of Thales estimates that although the attacks by "smishing" (phishing by SMS) show a decrease at the end of 2021, they are back on the rise in early 2022. And even more malware attacks have been recorded, an increase of 500%. As for the most used malware, we find fluBot, teaBot, tangleBot, moqHao, brata, keepSpy that target android systems, and tianySpy that also targets iOS.
While this future presents quite a challenge, we can still find phishing and malware among the most common threats.
Our solutions provide a solid basis for upstream protection against a wide range of attacks.
How did the recent global events affect your field of work? Did you add any new features?
If we talk about the health crisis, it had advantages for us, and we were able to help our customers continue working in good conditions. Our solutions allowing remote working have enabled many private and public entities to continue to work and meet remotely despite the different waves of lockdown.
It was during this first lockdown that we designed Cybels Hub Restricted following the observation that many entities dealing with very sensitive data were obliged to meet physically because they did not have collaborative work tools secure enough to work with several partners simultaneously.
Cybels Hub Restricted is the first accredited cloud-based collaborative work solution to enable the processing of data at the Restricted level in France, Europe.
While many companies rush to secure their computers, mobile device security is often overlooked. Why do you think that is the case?
For a long time, the computer was the only "workstation" for the employee in the company, the telephone being only a means of voice communication. They’ve become smarter. Today, CIOs and CISOs are fully aware of the issues related to mobility and the offer to secure cell phones is starting to be quite extensive. And I think most companies have specific policies to manage and secure smartphones.
The problem lies in the fact that most companies do not provide cell phones to all employees and they have to choose between many options (Bring Your Own Device, Company Owned Personally Enabled, Company Owned Business Only). Many questions arise: what level of protection should be implemented on the company's cell phones, what data should be allowed to transit via employees' phones, and how to allow employees to collaborate efficiently regardless of their hardware configuration.
At Ercom, our specific range of products is designed to help companies to solve that kind of problem and help them to collaborate as easily as possible.
Besides mobile device security, what other security measures do you think can greatly enhance company operations?
Many tools can be used to secure mobile devices, but I think this one is the most important – human. If the user is well informed and trained, he can apply simple rules and specific processes.
That’s why we do not only sell solutions off the shelf. We offer each of our customers training and support from our customer success management team.
As for average Internet users, what safety tools do you think everyone should have on their mobile devices?
First, each user must be informed and aware as we have just seen above.
Secondly, we could advise everything that allows protecting a computer. In this area, we can notice that for the past year or so, security and cybersecurity specialists have been targeting these "average users" with prime-time TV ads. These technologies and actions are becoming increasingly popular.
At Ercom, if personal consumers are not a target, some of our services can be used by any people for free. Citadel Team is freely available for messaging features.
What predictions do you have for the future of communication and collaboration technologies?
I'm not sure we can make predictions. We can see trends and movements in our markets. Until now, many small, medium, and large players provided a myriad of tools, each of which provided its benefits. Each one was still missing a feature. We used to hear a lot about unified communications apps, but today, and this is much more striking since the beginning of the health crisis, all the tools or services are starting to expand their functionalities: messaging tools are adding video and audio conferencing, file sharing tools are adding messaging functionalities, etc. We are now talking about a Unified Communication and Collaboration market. The biggest players were, of course, faster, we can think of Microsoft Teams which is now ahead of everyone else, but Google had also tried the adventure with Wave a little before 2010 but it seems that it was too early.
If the market seems to be moving in this direction, we can imagine that everyone will have to make their tools as simply interoperable as possible.
Now that we have seen the functionalities, although we are still very much in security or cybersecurity evangelism speeches, it seems that people and companies are more and more aware of the need to protect their data. Providing the right level of security for the right use will indubitably be a challenge for everyone.
Share with us, what’s next for Ercom?
Ercom has a strong experience in France and provides the main French players with the most secure and sovereign services to communicate and collaborate securely.
As part of the Thales Group, Ercom aims at helping companies in Europe and worldwide to communicate and collaborate with a high-security level and a great user experience.