The digital revolution implies permanent challenges for public and private companies.
Evolving to meet new customer usages is “business as usual” for IT departments. This revolution can take many forms: dematerialisation, e-government, e-commerce, Internet of Things, big data, blockchains, mobile payments, online banking, social networks, cloud computing, smart grids, autonomous cars, chatbots, etc
Diverse cyber threats must be taken into account (intrusions, distributed denial of service, ransomware, defacement, fraud, spoofing, compromise, social engineering, accidents, disasters, etc.).
These threats exploit organisational, technical or human vulnerabilities (weak detective and reactive processes, poorly configured devices, insecure developments, patches not installed, lack of awareness, lack of skilled resources).
Impacts can be financial (loss of revenue, financial markets, etc.), legal (General Data Protection Regulation, Network and Information Security Directive in Europe), reputational (deterioration of the brand image) and operational (malfunction of IT tools, loss of data). For industrial systems, it can ultimately jeopardise the safety of people (SCADA, ICS, etc.)
The protection of information systems is a major priority for both companies and nations. In France, the National Information Security Agency (ANSSI) increases its staff regularly.
Many frameworks and standards are available (ISO 27001, NIST, CIS, PCI DSS, etc.) to anticipate new situations, detect suspicious events, prevent and respond to security incidents. Nevertheless, the implementation of these best practices remains a real challenge.
Information Security professionals have to lead and coordinate diverse activities:
PROSICA consultants have strong expertise and recognized experience in information security and business continuity plans. We advise our customers with pragmatic and applicable recommendations to help them to protect their sensitive information and keep their business secure.