The only sensible approach to cybersecurity
Published on February 5, 2025
Since I started working in that field in 1999, cybersecurity has gone from being very low on the CIO agenda to consistently making it to the top positions on the CEO list of dreaded risks. While this has proven an arduous journey paved with lots of corporate casualties along the way, it is quite a satisfaction, particularly for those who have made it their occupational raison d’être to warn about the dangers of overlooking its necessity. But if it is now clearly out of infancy, I believe cybersecurity is somewhat still in its teens…
On the defender side, just to name a few hiccups, OT is still largely not properly secured, the cybersecurity skill and education gap is far from being bridged, and we are yet to see the power of AI fully unleashed. On the attacker side, phishing schemes that have become increasingly sophisticated, the opportunistic rise of home-working and mobility still not properly kept in check, and the greater and greater specialization of criminal groups who provide attack-as-a-service, all this makes me think that we haven’t yet seen what a massive, full-scale attack can do on a globalized economy.
Investing for cybersecurity is a tough call for decision-makers today as they are torn between the pleas of their own technical specialists, the apathy of businesses who resent controls that they perceive as business hinderance, and the pressing voices of external experts who advocate in their best interest.
Experience has convinced me that it is a mistake to oppose the various pillars of cybersecurity: without sound detection and response capabilities, what good is an operating governance framework?
Without the results of good third-party risk management, what base is there to make a sound investment decision about the deployment of, say, a CIAM solution?
To me, a comprehensive approach to cybersecurity is clearly the only reasonable one.
Matthieu BENNASAR
The capacity to offer such a holistic stance on cybersecurity is becoming the main differentiator for cybersecurity providers.
Thus, be careful who you entrust your cybersecurity with: be sure to select companies with strong track record in 360° expertise, for fear of receiving misguided, partial and biased advice.”