Never before has cybersecurity been as important today. Why is it then that the field remains riddled with issues such as increased cyberattacks, hiring talent and resource problems? Silicon Luxembourg caught up with Excellium Services’ CEO Christophe Bianco to give you the answers as well as some important insights on how you can better protect yourself against cyberattacks.
Can you remind our readers of the main activities of your company and the services you offer?
Excellium Services is active in the field of cybersecurity. This means we support the implementation of capabilities that enable the resilience of the organizations we work for. So, how do you deal with cyberattacks or conduct operations with more or less risk? How do you adopt new technologies with adequate control?
Excellium operates mainly in Europe with large operations in Belgium and Luxembourg, and we also operate in Africa through a spinoff. On these subjects, and particularly on an African market, we contribute to financial inclusion.
How has your company Excellium Services been holding up over the past year?
As a business owner, I was concerned with the fallout of the pandemic. Because there clearly is an impact, because we are a company that provides a service. So inevitably, our customers were impacted moving to “a remote working mode”. However, there were also some opportunities because Covid-19 forced or accelerated the digitalization of the economic fabric and as a side effect we saw an increased demand and need for support from our customers.
So, I would say for a pandemic that has impacted many segments of the industry, Excellium is doing quite well. The pandemic has not slowed down our investments, our recruitment or our developments.
However, like all tech companies, we have talent and resource problems and therefore for us, sometimes it’s a bit complicated to address all the segments or all the requests that we have. With regard to our customers, I would say that in a general way, cybersecurity and especially “cyber insecurity” which appeared during this period, made many CEOs aware that in a period of crisis like the one we experienced, many organizations have difficulties responding to cyberattacks which therefore creates a concern for their resilience.
“I think we have a fundamental problem of awareness about the risks related to the technology we use every day.”
Could you elaborate more on your resource problem?
To take the example of hiring new talent. Every year, if we include the Greater Region, so, Nancy (France) but also parts of Belgium and Germany, produces about 100 people with cybersecurity skills.
I think we [Excellium Services] alone ended up recruiting around 20-25 new employees every year. This to me shows that the field of cybersecurity is not producing enough resources for the needs we have or not necessary the right skills. This creates issues with clients because we cannot manage to source the necessary talent.
Right now, for example, it’s the beginning of the school year and I think we have about 12 new employees who have just arrived. One is coming from Singapore, there’s two coming in from Italy and many others [from outside the Greater Region]. This forces us to expand our scope of recruitment which ends up costing us more and more. We’re taking more and more time, so it’s a real issue, that’s why I say talent, but also resources, meaning quantity, quantity and skills.
What other big cyber issues exist today? Which ones do you see on the horizon?
First and foremost, I would say there is the issue of resilience. That is to say, fundamentally, why I think we have a problem in cybersecurity is because we have left the field of cybersecurity to specialists, including myself.
For example, I am a network and telecom engineer. So, when an engineer looks at a cyber problem there, his answer will be the issue is of technological nature. However, we have realized that despite the colossal and massive investments in research and development in technology, the still persists. This implies that the problem is more likely one of organization, of awareness, of having mass, etc. So, from the perspective of a non-specialist, it is primarily a risk management problem rather than a technology problem.
Another issue is that of the widespread critical and distanced discourse surrounding the adoption of new technologies. So, for example, I’m not supportive of the negative discourse around the adoption of cloud solutions. Because I think that the cloud can, for many organizations, significantly increase the level of security compared to what they are today. The problem is more that organisations and companies have to adopt cloud solutions.
Of course, considering the risk, controls, mitigations, and measures needed, people should ask the right questions before adopting new technologies. And I think that we have a share of responsibility. It’s the responsibility of cyber security experts to clear these issues up this could also apply to AI for example.
How can individuals better protect ourselves against cyber-attacks?
I think we have a fundamental problem of awareness about the risks related to the technology we use every day. The level of maturity in the cybersphere creates opportunities for cyberattacks on those who do not know how to protect themselves.
So, going back to your basic question about protecting yourselves and what the regular user can do. The first thing is to try to understand what we’re doing and be fairly critical of what we’re being asked to do when we’re interacting on the Internet. The second is to have a minimum of protection of these environments.
There is no magic pipe, of course. However, I believe it is important to educate people and especially our children about something as simple as the fact that Snapchat does not fully delete your pictures. No, there are no people on the planet who want to give you free money. It has never existed; it will never exist. No, the IRS does not need your credit card to pay back taxes for example. No, the iPhone 12 with an unlimited subscription doesn’t exist or and unfortunately, we still see people who don’t have that critical eye or that critical aspect in education providing sensitive information to get benefits from it.
“For users, it is important to understand how to use technology as well as the associated risks.”
Whose responsibility is it then to raise these levels of awareness?
One could say it’s the State’s or National Education’s. Personally, I start from the principle that one must take responsibility for oneself. And then you can go and ask others to do it too. So, I think if you want to use a smartphone, it’s your responsibility to understand what you’re doing.
If you want to open an account on Instagram or on TikTok, it’s your responsibility to understand what you’re doing. And if we don’t do it ourselves afterwards, we shouldn’t be surprised that there is a form of intrusion in our private life by people who want to do it for us.
So, I say that it is first of all the responsibility of ourselves and especially parents to educate their children. It is the responsibility of adults to make sure that they know what they are doing and how they are doing it and what they are responsible for. And then we can discuss. To what extent? The states, the government, or I don’t know who had a responsibility too?
How optimistic are you about solving these issues?
I am an optimist in human nature by default. That’s why I’m an entrepreneur and I say to myself that certain levels of awareness and education are already there. The people who want it to progress are there. There’s a real business and a real industry to run. The company that we have created in a few years, also forces us to say that I must contribute.
In the sphere of my cybersecurity, I was able to do that. It is normal also that I spend time on these things and contribute to the creation of the women’s association, to go and motivate young people to embrace the cyber career in their studies, etc.
So, there you have it, we won’t solve this problem completely because it will remain inherent to life and the technology we have. But I think there are ways to move forward. And it might not be going fast enough compared to the progression of technology, but I think that there is an interest in developing these things from many actors and I don’t despair that we will manage to do things.
What message would you like to pass on to our readers who are passionate about digital and innovation?
Don’t be afraid of technology and its adoption. What you need is to have a critical eye and an approach to learn. For users, it is important to understand how to use technology as well as the associated risks. In some of my awareness lessons, what I say at the end is that you shouldn’t get paranoid. That’s not the point, the point is to bring an informed message.
Editor’s note: Listen the the XLM&Co podcast series: