Would you like a commercial appointment? A consultant will call you back.
Business strategies are changing and hybrid working is on the increase. IT infrastructure is becoming more flexible, regulations more complex and cyberattacks more sophisticated. These trends compel businesses to adapt their IT security strategy.
To gain an insight into today's security challenges, we spoke to Thomas Le Clerc, B2B Product Manager Cybersecurity at Orange.
Where do you start with cybersecurity?
"The EU NIS (Network and Information Security) Directive is raising organisations' awareness of the importance of a proper cybersecurity roadmap. Yet many organisations still always start their security strategy on the basis of a budget. A budget is obviously important, but you always need to start with a risk analysis: take a step back and consider what your weaknesses and vulnerabilities are. This will provide a starting point for developing a strategy."
"The content of the NIS Directive also emphasises the fundamental role of audits and assessments. In this complex and ever-changing context, it's essential that you evaluate your IT security regularly. One way of doing this is a penetration test, which involves a security specialist attempting to break into your infrastructure and then providing you with a report on the identified weaknesses. As threats and attack techniques become ever more sophisticated, the ability of your cybersecurity system to adapt is a key factor in its success."
Are lots of changes needed in IT infrastructure, then?
"Yes, the digital transformation is already changing the typology of business networks. Data is stored in various places, often in the cloud. And hybrid working now allows users to work almost anywhere. So both the infrastructure and the way of working have become more flexible, and this calls for corresponding security solutions. After all, these developments increase a company’s vulnerability to attack.
"Businesses therefore need to switch over to security that focuses on identity. That doesn't need to be complex: it's important to divide users into groups, for example, with each group only having access to the data they require for their work. This prevents an attacker from moving horizontally within your infrastructure. It's also important to roll out solutions that control access to data, regardless of where the data is stored and what device the user is using. I’m talking here about the trend for Zero Trust Network Access."
And what is the final component of an effective security strategy?
"Cyberattacks are becoming ever more sophisticated. Protection measures such as a next-generation firewall and endpoint security are still essential for blocking known attacks, but they are inadequate against more complex ones. Successful attacks usually involve advanced techniques that are difficult to identify and that are unfamiliar to Threat Intelligence teams. This is why it's increasingly important to develop capacities to detect threats and respond to them in order to identify potential anomalies in your infrastructure.
"This detection technology also needs to monitor the behaviour of users and infrastructure. Imagine that you always work between 8.30am and 6pm in Belgium. If the system then notices that you’ve suddenly logged on at 3am from the United States, it will quarantine your user account and notify the Security Operations Centre (SOC). The security analysts at the Orange SOC continuously monitor the developments of cyberthreats and analyse security events that occur in our clients' systems. If indicators of compromise are observed, an analyst will assess the event to decide whether or not to classify it as a security incident. If your organisation provides essential services in a critical sector, the NIS Directive encourages you to use these capacities to protect against sophisticated attack techniques and reduce incident response times."
Would you like to know more about security? Find out how you can ensure the continuity of your activities.
On Wednesday 27 October, the first edition of the Digital Construction Day, an event specifically aimed at digital front-runners in the construction industry, will take place in Brussels. Orange’s cyber security expert Thomas Le Clerc will be there too. He will put cyber security in the spotlight and address the importance of data protection on construction sites.
Register for the Digital Construction Day 2021. And reserve your seat for the lecture by our cyber security expert at the same time.