Many companies are still assuming that cybercriminals only target large-scale organizations. Today, threat actors don’t differentiate and anyone can fall victim. So, it’s essential to start building a cybersecurity culture that would help to prevent the attacks from happening in the first place.
While guarding your network and devices with professional security tools is a good starting point, teaching about good cybersecurity hygiene is vital. This way, everyone can become a part of and build a strong company’s security posture.
For this reason, we talked with the Head of Cybersecurity Audit at Squad – an IT consulting company. Yoann Moreau explains the importance of introducing cybersecurity across all parts of the business and lists the industries that are most targeted by the attackers.
How did the idea of Squad originate? What has your journey been like so far?
Squad was founded in 2011 by Eric Guillerm and Marc Brua with the ambition to build a leader in cybersecurity. This company is a great French entrepreneurial success achieving almost 64 million euros in turnover in 2021, with 660 consultants, and joining the top 10 specialist cybersecurity businesses.
A pioneer in its field, Squad had anticipated the arrival of cloud security issues, DevOps and DevSecOps movements, and is now looking ahead to subjects of the future: artificial intelligence, Big Data, Blockchain, etc.
Thanks to a very strong specialization, the solidity of our expertise, and the unfailing investment of everyone within the company, we’ve managed, in barely 10 years, to go from being a provincial start-up to a key player in France in any cybersecurity discussion.
In October 2020, Squad was asked to join the Cyber Campus project, an initiative of French President Emmanuel Macron that aims to bring together the entire cyber ecosystem in France, while joining forces with the main cybersecurity players in Europe.
Our comprehensive understanding of cyber issues gives us a significant advantage in the market. This explains why French groups choose us as their trusted partner for the security of their cyberspace.
Also, our expertise has been recognized by our numerous certifications: ISO27001 certification, PASSI qualification, DISP (Australian Government Qualification).
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
Our experts are involved from one end of the cyber cycle to the other, including the following:
- Threat identification. Our GRC experts implement and monitor security governance through risk management for systems, assets, data, etc.
- IT system protection. Ensuring the protection of information, infrastructures, and data. That is the role of our teams of security architects and engineers.
- Detection of cyber alerts. Many organizations fail to realize that they're under attack. To stop them quickly and limit their impact, cybersecurity alerts must be detected as early as possible. This is the task of our teams specializing in the design and operation of SOCs (Security Operation Centers).
- Responding to attacks and incidents. The question is not if, but rather when a security incident will occur, and how to respond to an attack. The Squad consultants are on standby to respond to any alerts to ensure the quick and efficient handling of incidents. We provide our clients with support in both technical and legal matters.
- Recovering from an incident. At Squad, we work with our partners as part of the design and maintenance of business continuity and recovery plans that guarantee resilience.
Faced with the proliferation and diversification of threats, the issue of competence is more central than ever! Our success lies in the strength of our teams and the wealth of their skills. Currently, we are recruiting 400 new talents in cybersecurity and DevSecOps.
In recent years, DevSecOps practices started to gain traction. Can you briefly describe this approach?
DevSecOps is about introducing security earlier in the software development lifecycle by expanding the close collaboration between development and operations teams in the DevOps movement to include security teams as well.
The DevSecOps model is used to automate the integration of security into the development and deployment cycles. It becomes possible to use it at every development step and assets’ security could be improved during the whole product lifecycle. This guarantees that most security vulnerabilities are detected regularly before hackers can exploit them.
This allows a better synergy between the IT ecosystems and therefore better consideration of cybersecurity in general.
Do you think the recent global events altered the ways in which threat actors operate?
Two global events are altering the ways cybercriminals operate. One is the pandemic, and another is the war.
Key takeaways from the Covid-19 crisis:
- The evolution of practices (more teleworking and therefore increased connectivity needs, the acceleration of the transformation of IT tools to cloud environment)
- The hyperconnectivity of the entire French ecosystem has increased during this Covid-19 crisis
- Everyone had to adapt but the hackers did too!
- The need for Cyber & DevSecOps expertise has never been greater
Key takeaways from the cyberwar in Ukraine:
- This has amplified the phenomenon brought by Covid-19 and highlighted weaknesses that already existed
- All companies that belong to one country or another are more and more concerned by cyberattacks due to the geopolitics
- This further justifies the need for every company to have a set of end-to-end security services
Why do you think sometimes organizations are unaware of the security risks they are exposed to?
First, each company needs to build a cybersecurity culture.
Not being aware of the risks that need to be faced, makes companies even more targeted by malicious people. Negative impacts of cyberattacks increase when organizations are unprepared. Reducing the scope for possible attacks and mitigating their impacts have become the most important issues in the cybersecurity field! Thus, organizations must define the risks, identify vulnerabilities, and have a complete mapping.
In your opinion, which industries are attractive targets for threat actors and should update their cybersecurity posture as soon as possible?
Every company could be an attractive target for cybercriminals. But if we need to choose, it is important to have in mind that the most sensitive targets are the ones qualified by the French Government as essential operators (Opérateurs d’Importance Vitale in French), such as:
- Defense companies
- Finance companies
- Transports companies
- Energy companies
What threats affecting businesses nowadays do you find the most concerning?
In my personal opinion, these are the most concerning threats:
- Breach of confidentiality. Stealing of banking details, intellectual property, and other confidential data
- Data integrity attacks. Modifying data, rewriting source codes, or otherwise compromising other parameters
- Availability-based attacks. Using malicious programs to limit/block access to information, medical equipment, and other crucial assets
- Reputational risk. Exploiting brand names for malicious purposes that damage the image and reputation of the attacked company
What security measures should be implemented to combat these threats?
I would suggest implementing the following techniques:
- Know your enemy. Companies should continuously analyze potential risks and create roadmaps to make informed decisions
- Acquire a skilled workforce. Whether the cybersecurity workforce is internal or external, it should have the necessary skills
What does the future hold for Squad?
We want to strengthen our position while reinforcing our offers of strategic consulting and cybersecurity auditing.
We wish to continue the development of our agencies in France to accelerate our growth in Europe but also carry out external growth operations. After Australia and Canada in 2021, our development in Europe will also be accelerating in 2022 with the opening of our subsidiary in Switzerland.