Cyberthreats are not a figment of the imagination and are no longer discussed as an hypothesis but as a certainty. The catastrophe is imposed every day, with a lot of shattering publications: « data breach », « spear phishing », « ransomware » and calming crisis declarations: « we have the situation under control and we are investigating », « we called on the best experts ”, “ the measurement of the impact shows that the company is not affected in its lively works ”, “ no data has been impacted ”.
The CISO is, within his company and his private or public organization, the only point of reference in terms of cybersecurity. He is responsible for defining the right strategies, implementing the right tactics and leading operations to protect his business or entity from cyberthreats.
Companies have of course, finally for the most mature, added the risk of cybersecurity in the panel of their governance. They have initiated organizational reform and recruited suitable profiles by adding officials responsible for defending, most often associated with teams of experts, information and assets against these cyberthreats.
The solution editors, suppliers and experts in the field have developed technical tools to meet the challenges, a certification and labeling process even allowing to qualify the most reliable solutions for military and governmental use or fitting to the categories of business likely to participate in the resilience of the nation.
Finally, and for some in a collective approach, norms, good practices, methods and standards have become essentials that everyone must apply in the most rigorous way possible.
Everyone being aware of the risk, having taken the measure of the threat, so everything is perfect?
Everything should be and tends to perfection like the gesture of a craftsman who over time refines and achieves excellence. Unfortunately, this is not the case at all. In a competitive environment that is becoming global and hardening, the situation is changing and among other points of weakness giving rise to cyberthreats, companies can become more complex, expand or merge, their vigilance can decrease, their risk appetite may be too high, the computer tools become obsolete (or not always be completely reliable and have vulnerabilities). We have to stop there the list because these points increasing the risks are numerous.
Like the Maginot line, which did not have the decisive effect expected and in this evolving environment, the most refined security policy, the best practices, the most innovative tools and the most innovative and expert teams are no longer enough. You only have to read the news to understand that if it is absolutely necessary, it is not enough.
If the traditional means, tools and methods are no longer sufficient then it is necessary to change posture and paradigm to adopt new methods, particularly collaborative ones.
Collaboration in cybersecurity is not a new idea. Guillaume Poupard, the director general of ANSSI (French National Agency for the Information System Security) has repeatedly called for collaboration in cybersecurity. This was the case in Monaco during the Assises de la Sécurité 2017 with its speech « Agir ensemble », a call reiterated during this same event in 2018 « Anticipate to stop suffering ».
More recently, the President of the French Republic, Emmanuel Macron, launched the Paris Appeal for Confidence and Security in Cyberspace in November 2018 on the occasion of the meeting at UNESCO of the Internet Governance Forum. (FGI).
This notion also appears in the report « Cyber threats: storm warning » published in November 2018 by the Montaigne Institute which underlines « a vital need for cooperation and solidarity between private actors on the one hand, and between private and public actors on the one hand. somewhere else »
Finally, Guillaume Poupard formally renewed and extended his remarks to a collective commitment to the FIC (International Cybersecurity Forum) in January 2019 and September 2021: « Cooperation and solidarity: cybersecurity is being built at the level of the European Union »
An African proverb says: “It takes a whole village to raise a child”. The idea is launched and the principle is there. Collaboration on cybersecurity makes sense in the context of the isolation of each organization from a diffuse and omnipresent threat.
This is already a principle used by attackers, who share malicious code, sell attack services to each other and collaborate to be more effective.
It is also a principle used in whistleblower or bug bounty programmes. Whoever knows about a vulnerability informs the potential victim or a trusted third party organisation.
This is what we also aim to do with CIX-A, to offer a complementary way of approaching cyber security.
The aim of collaboration is obviously not to replace all the traditional methods which, let us remember, are absolutely essential, nor to make one company contribute directly to the protection of another which is weaker.
Its objective, in a circle of trust, is to share essential operational or tactical information or analyses, which are not usually shared and which consequently only benefit those who they belong, in order to prevent, detect, remedy and improve the resilience of a group of companies and their extended perimeter (the famous supply chain) against cyber attacks.
In its main principles, choosing to join CIX-A means choosing :
- To be an actor and to change the paradigm in order to commit and respond to today’s challenges in terms of cooperation and collaboration in cybersecurity
- To act together and chart new paths to help improve the situation in cyberspace and the capabilities of each member
- To build a circle of trust and to build collaborative tools to meet the challenge of sharing critical information to defend against cyber attacks
This is a project that is already 3 years old and has enabled collaboration to share useful information and build analysis on recent cyber attacks.
Since its launch, we have stabilized the model, honed our tools and are now ready to expand and welcome new members.
Feel free to contact us and we’ll explain you how it works and demonstrate our capabilities: whether it’s with a view to membership, out of curiosity or for proposals for support, sharing and partnerships. You never know, you might be seduced, join us to further increase our strengths.