Press release, 23 October 2018
As we are all well aware, new technologies are being developed at an unprecedented pace. Their evolution is such that humans can quickly become overwhelmed by so much sophistication. However, when we talk about cybersecurity it is humans that are targeted by cyberattacks and it is humans that are behind them. It was this very human element that was at the heart of the third edition of the Cybersecurity Day organised by PwC Luxembourg on October 18, held within the framework of the Cybersecurity Week Luxembourg. Here we highlight this unmissable event that encourages the exchange and sharing of best practices in cybersecurity.
"We trust faster than we can protect." It was with these words that Maxim Clementz and Vladimir Kolimaga, both members of the PwC Luxembourg Cybersecurity Team, began the first presentation of the day. The Blockchain process, the Internet of Things (IoT) and the new technologies revolutionised our society. These technologies infiltrate everywhere, without even being aware of it. While Blockchain has often been seen as the key to all problems, it is still nebulous for ordinary people. It's the same for biometrics, an area that is certainly very promising and useful – think for example of Touch ID when you want to unlock your phone, or speedier identity checks at airports – but which raises questions regarding reversibility. (difficult to change one's fingerprint the day it was compromised, or copied) The blazing speed with which these technologies are developing encourages individuals to trust them blindly, to the point of forgetting the fundamentals of security. In cybersecurity, are new technologies the problem or the solution?
Guy-Philippe Goldstein, a researcher and consultant on cybersecurity issues and a lecturer at the Ecole de Guerre Economique, believes that our expectations of these technologies are far too high. According to him, “There is nothing that is not piratable", and these technologies have their limits. Artificial intelligence (A.I.) technologies, including machine learning, can help detect and mitigate cyber attacks as well as make them more powerful and hackers can use these technologies to imitate a voice or a way of writing, and therefore can be rendered undetectable. Rather than protecting itself, Guy-Philippe Goldstein advocates for organisations to adopt a resilient approach that allows them to absorb the shock of an attack, to react and to prevent. According to Guy-Philippe, it is essential to raise the awareness of all strata of companies (including the management committee) to these issues, through safety drills and recurring tests.
These observations, also shared by Richard Oehme, Cybersecurity Director and Critical Infrastructure Protection, PwC Sweden, who highlighted the vulnerability of public infrastructures to cyber threats. According to him, in recent years, digitalisation has increased the dependence of states on technology, which has made infrastructures increasingly vulnerable to cyber attacks
Cybersecurity has often been perceived as a very technical domain, to the point where the human factor, which is at the center of cyberattacks, has been neglected. Today, it is becoming crucial to develop a more people-centered safety culture. The challenge is to raise awareness of cyber risks, but in a more engaging and impactful way. This is the view of Jessica Barker, global expert on the human factors of cybersecurity. In an environment where individuals receive emails constantly, their vigilance tends to drop and it becomes easier for hackers to deflect security rules ... and therefore manipulate them. Most of the time, hackers use emotion-based techniques to drop their target into their trap (stir their curiosity, flatter their ego or even tempt them).
Within this context, in order to make people more aware of cyber risks, Jessica Barker supports a more positive approach to cybersecurity. She recommends focusing on everyone's best practices instead of pointing out their weaknesses. Cultivating this optimism will engender more vigilant behavior and more risk-conscious individuals, both within organisations and in society at large.
“Cybersecurity can no longer be considered solely from a technical point of view. Today, the human is more than ever at the centre of the process,” says Vincent Villers, Partner and Cybersecurity Leader, PwC Luxembourg. The lessons learned from this Cybersecurity Day show us that sharing and positivity will facilitate the awareness of all stakeholders in society around cybersecurity issues. “
At the end of this event, two of the eight companies that presented their cybersecurity solutions on stage were rewarded. The jury prize was awarded to Swedish company, Detectify, and the public prize to Swiss company, Hacknowledge.
This event was also the opportunity to present the trends of the latest CISO survey of PwC Luxembourg, carried out in collaboration with the CPSI (College of Information Security Professionals), which will be available soon. The results made it possible to analyse the evolution of the CISO’s role over the past two years in Luxembourg. And the record is quite positive: despite the fact that the CISO is still not very integrated in the management committees (only 13% occupy a seat there), the role is considered today not only as a technical expert but also as a real risk manager. The study also shows that 76% now hold this position full time, compared to 53% two years ago.
Six months after the entry into force of the GDPR, PwC Luxembourg wanted to know more about the implementation of this regulation within the organisations of the country. During its Cybersecurity Day, the firm launched the investigation “6 Months into the application of GDPR, Luxembourg market status: Smooth Sailing or Hot Water?”.
PwC Luxembourg will publish the results of this study on December 12th - send an email to firstname.lastname@example.org if you wish to register.
Notes to editors
PwC Luxembourg (www.pwc.lu) is the largest professional services firm in Luxembourg with 2,870 people employed from 76 different countries. PwC Luxembourg provides audit, tax and advisory services including management consulting, transaction, financing and regulatory advice. The firm provides advice to a wide variety of clients from local and middle market entrepreneurs to large multinational companies operating from Luxembourg and the Greater Region. The firm helps its clients create the value they are looking for by contributing to the smooth operation of the capital markets and providing advice through an industry-focused approach.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 158 countries with over 250,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com and www.pwc.lu.
Head of Marketing and Communications, PwC Luxembourg
Tel: +352 49 48 48 5821