“Cyber is intrinsically a matter of governance”

Expert voice: Jonathan Uzan, Cyber Defence Director at Onepoint, answers Verlingue’s questions about the degree of maturity of companies regarding cyber risks.


Verlingue Infos: Like the recent global attacks, should an explosion of cyberattacks be feared?


Jonathan Uzan: “In the last 10 years, what were previously only marginal threats targeting mainly systems with strategic data (political activism campaigns, government destabilisation campaigns, etc.) have shifted with great expediency towards sectors of the conventional economy. It’s no longer so much a question of breaking a system that someone disagrees with, but rather using cruel means to make money. The biggest media coverage of this shift was undoubtedly during the WannaCry attack.


The general public, and admittedly some big business leaders, discovered how whole areas of activity could be paralysed and then held for ransom. Remote, anonymous attacks, with no transporter or receiver, from countries without extradition, and the possibility for the best organised to launder funds directly in cryptocurrencies (Bitcoin). The volume of attacks will necessarily increase. But it’s not something to fear. There’s nothing you can’t overcome if you’re properly prepared.”


Verlingue Infos: How are French companies organised?


Jonathan Uzan: “France has had serious ambitions regarding digital since the 2000s. Significant technical and human resources have been deployed to protect our digital sovereignty. Strategic players, although private, such as certain major financial, energy, and transport operators, have been able to benefit from the operational protection of State agencies. Duly noted.


What about companies that aren’t on this confidential list of just under 250 major operators? It’s a normative corpus that should allow all the European recommendations to be aligned for all companies that must handle electronic data. LPM, GDPR… acronyms but also moments of introspection and opportunities to rethink digital and security infrastructure.


True, but French companies are quickly becoming overwhelmed by these new, sometimes burdensome obligations, often experienced as financial constraints, slowing down business and workflows. There’s nothing here that takes into account the needs and realities of commercial competition.


Plus, each French company has its own digital story. Often constructed in a hurry, on a few general-purpose solutions offered by the major defence players and a requirement for technical and human resources out of all possible proportion. These solutions have long been deployed improperly. Nowadays, at best, they’re completely obsolete or, at worst, a burden that companies simply deal with. But things could be different.”


Verlingue Infos: Isn’t cyber a matter of governance for companies?


Jonathan Uzan: “Cyber is intrinsically a matter of governance. French companies should now be mature enough to demystify words such as hacking and take a new look at their infrastructure from another perspective.


For too long, we’ve approached system security through technical, difficult, obscure, and sometimes even disturbing means, where everything would be only encryption, warning lights, and emergencies. The complete security touted by solution vendors does not exist. It’s now time for the profession, supported by experts, to reclaim its digital destiny, defining how much and what kind of digital risk it incurs and tolerates and what it will never be able to afford. It will then be able to implement the right proportionate countermeasures against them.


The threat feeds on inaction. We see it every day in the companies we audit. We therefore strongly believe that the profession must be the driver of the cyber choice and, freed from the constraint, control it. It’s on this boundary between innovation and cyber-decision that the security of our companies truly lies.”


The integration of cyber issues into the management of business risks is central.


Our experts answer your questions at cybersolution@verlingue.fr