“Moving from a Cybersecurity mindset to Cyber Resilience” was the title of the event organised by Fujitsu. Marc Payal, CEO FUJITSU LUXEMBOURG opened the session by highlighting the importance of Cybersecurity in this particular period.
Pascal Steichen, CEO SECURITYMADEIN.LU, followed him with a look in the rearview mirror: 20 years ago, when Cybersecurity made its first steps in Luxembourg. The foundations of a new ecosystem were settled. The objective was to make cybersecurity more accessible for all by empowering all stakeholders with a collaborative approach of sharing knowledge and fostering open source communities.
“Among the lessons learned, we have seen that an early government involvement was important to ignite the different initiatives. Now that we have all these projects, the market needs to find the right balance between competition and collaboration”, he said.
Embracing resilience in Cybersecurity is more than important for Moussa OUEDRAOGO – Head of Cybersecurity FUJITSU. He explained to us that each company should have to guarantee the resilience of their activities. Two important things about such insurance:
- correctness which includes an audit and gives a cybersecurity maturity level depending on the best practices. It gives us a good measure, a kind of benchmark;
- effectiveness which can only been tested by offensive security test. When it comes to cyber insurance, correctness can be assured, but effectiveness depends on the tester. Cyber resilience is created via predefined chain of values.
The round table allowed the experts to go deeper in the notion and the meaning of resilience:
- Sheila BECKER
Service Officer – INSTITUT LUXEMBOURGEOIS DE REGULATION
- Gregory NOU
Chief Information Security Officer – EUROFIN
- Pascal STEICHEN
CEO – SECURITYMADEIN.LU
They discussed about the advantages of the new regulations. Before the NIS regulation, mainly the financial sector was highly regulated. The obligation was a major boost for these companies. Is the NIS the mode to open the way for other companies to improve their level of security and motivation to create other regulations? The question will be answered by the facts.
Another dimension was also highlighted: the interdependence. We are living in a ecosystem where not only our organisation has to be secured but also the suppliers and providers. The other organisations have to be transparent with their business partners in order to create a common resilience.
Pascal Steichen gave an “augmented” definition of resilience: the aim is not only to get back to the previous “normal” situation, but also to something new, better, that makes us stronger.