Pascal Steichen explains the mission of the C3 at Cybersecurity Week 2017:
"Our dependence on digital systems is so deep now, we cannot go back anymore."
Photo: LaLa La Photo
A part of our cybersecurity feature this week, Delano talked to Pascal Steichen, CEO of Securitymadein.lu, the economic interest group that has joined with the Luxembourg government to create the Cybersecurity Competence Centre (C3). We asked him, if the future is digital, how important is cybersecurity?
C3 is a public-private partnership between the Luxembourg government and the economic interest group Securitymadein.lu. Established as part of the government’s cybersecurity strategy is has three key functions: to act as a threats and vulnerability observatory; a testing facility and a training and simulation platform.
In a recent interview with Delano, Pascal Steichen discussed the organisation’s role and stressed the importance of cybersecurity.
Margaret Ferns: Given the level of digitalisation taking place everywhere, how important is cybersecurity to companies and individuals?
Pascal Steichen: Cybersecurity is key. IT/digital without cybersecurity is no use at all. The headlines speak for themselves: Mirai, ransomware and other “hacks” or “leaks” are in the news daily.
Society is in a “black hole”. Our dependence on digital systems is so deep now, we cannot go back anymore. We have to cope with the challenges and doing it securely requires doing it right.
MF: In your experience, are companies in Luxembourg fully aware of how essential it is?
PS: We have seen a decline in incidents reported to us, which indicates a growing understanding of the issues within companies. In addition, requests for preventative measures are on the increase, which, in turn, indicates a growing awareness of the dangers on the market.
That said, awareness-raising remains one of our key efforts as creating the “culture of security” that the OECD recommends takes many years.
MF: Do companies need to do more?
PC: They need to continue the process. Security is a journey, not a destination.
It is very important to consider the entire spectrum: from awareness and training (the human aspect) to technological solutions (antivirus, etc.), to the capacity to react (detect, mitigate…) in the case of an incident.
Last but not least, they should take out cyber insurance to be on the safe side.
MF: What are the key issues impacting cybersecurity at this time?
PS: Technology is everywhere and there are as many security solutions as there are apps in the AppStore. It is important to choose the right solution.
Technology aside, the human factor is also important. Ensuring that people have the correct competences is essential and one of the reasons we set up C3.
Then of course there is the “social engineering” phenomenon. This is where an individual becomes a target and is being abused in order to get access to data and systems. Awareness and training for “non-techie” users is becoming more important and more urgent in this respect to ensure that everyone has the basic knowledge and reflexes.
We have also observed that technical expertise is being in-sourced more again and, therefore, the need for internal competence building is high. The appropriate skills can prevent, detect and manage risks. Employees must be able to understand and use technological systems and solutions correctly.