While the French are increasingly concerned about cyber risks, here are some ways to increase their confidence.
A new poll published on Wednesday, March 30, 2022 shows that the fear of cyberattacks and data piracy is a concern for all French people. In fact, according to this study by the Ifop voting institute, 89% of respondents believe that the risks of cyberattacks and misappropriation of personal data are “high” today. This figure has increased by 9 points compared to December 2019.
Seconds the KPMG CEO Outlook 2021 studycybersecurity has become a priority concern for business leaders and French people are increasingly concerned about cyber risks, especially in the current context of war in Ukraine. How to build your trust?
Valuation of trust
In a hyper-connected world, it is crucial to ensure that the solutions used are truly secure and reliable. In fact, there are many criteria to consider in order to know what level of trust to give them. Today in France, key organizations such as the National Agency for Information Systems Security (ANSSI) are involved in promoting a culture of cyber security to individuals and companies of all sizes. ANSSI assists organizations, especially those with sensitive activities (aerial signaling, hospitals, nuclear actors, etc.), in the security of their information systems. Provides certifications and ratings to software publishers based on the security level of the solutions. When choosing a certified product, the user is assured that its features offer a proven level of security and withstand attacks of a certain level. Qualifying is a second step. It confirms the French state’s recommendation of cybersecurity products or services tested and approved by the ANSSI.
In addition to certifications and qualifications, the labels also attest to the security of solutions such as “France Cybersecurity” or “Cybersecurity Made in Europe”. In addition, groups of cybersecurity agents provide visibility and authority to their members, such as the Alliance for Digital Trust (ACN) or Hexatrust. Unlike ANSSI certifications, these labels and groups have no technical value, but they do create an identified ecosystem around cybersecurity and raise awareness among public opinion, policymakers, and businesses.
At the same time, it is important to popularize the technical terms related to cybersecurity in order to make people as aware as possible and to avoid any confusion, as may be the case with cybersecurity. encryption from end to end. This security technology, also known as end-to-end encryption or E2EE, ensures that only senders and recipients can access the exchanged data. It’s different from “encryption,” which means no one knows how to decode data to understand it. Thanks to the popularization of these notions, the general public will have all the keys in hand to make informed decisions. In addition, it is crucial that the state continues to promote and advocate for security technologies such as end-to-end encryption. It must continue to implement regulations to protect users and their data, such as the Digital Services Act (DSA).
Recourse to safe, state-recommended solutions is a first step, but it is also important to analyze the security level of a solution in detail. Therefore, it should be checked whether a small part or all of the solution has been evaluated. The user will only be able to judge the reliability of the evaluation if there is a real overall consistency in the control. Today, some publishers are asking European, impartial, independent certification bodies to evaluate a negligible part of their certification solution, or to display a cybersecurity tag on their website. However, this does not in any way guarantee the full evaluation of your solution. It is up to the user to ask the right questions and check which certifications, qualifications or labels have been obtained.
In addition, certifications and degrees are dated. They must be renewed periodically for the publisher to improve its security level as technology evolves. Therefore, it is essential that the user checks the date of the last evaluations performed. Finally, to be valid, they must be made by an entity or person outside the company. So, many publishers make bug bounty, which is to pay companies that specialize in hacking or hacking piracy so that professionals can test the security level of their solution.
Towards a generalization of the cybersecurity criterion
On March 3, 2022, the state announced the vote on a certification accrediting the level of security of digital platforms for the general public: CyberScore, which will take effect on October 1, 2023. new regulations underscore growing French concern about cybersecurity. This policy will no longer be reserved for publishers of cybersecurity solutions but for all digital solutions. An important step that will also strengthen the confidence of the French in digital technology.
A publisher will no longer be able to ignore the cybersecurity of its solutions, like an automaker that can no longer ignore the installation of airbags, even if they are not mandatory. Democratizing the issue of cybersecurity and user requirements will only benefit the entire digital ecosystem, which will be forced to revise upwards the security levels of all its solutions.