The cybersecurity industry is booming, yet it faces significant human resource challenges and the complex task of securing against technologies that few people truly understand. Christophe Bianco, managing partner and co-founder of Excellium Services, shares his insights on the industry’s trends and the risks associated with adopting such technologies.
How would you describe the general cybersecurity landscape today?
Today, cybersecurity is becoming a new battlefield for everybody, including Luxembourg. The political turmoil we are facing in Russia and Israel is bringing new players into the field so everyone is trying to decide how to position themselves.
The challenge we’re facing is that our critical capability and infrastructure need to be better protected. On the other hand, we are quickly adopting new technologies such as AI which are impacting the sector and pose a new cybersecurity risk.
Unfortunately, we are adopting more and more technologies that are understood by fewer and fewer people. So if the bad guys understand the weaknesses of these technologies they can exploit them.
This is why Excellium, which is part of Thales, is increasingly engaged in protecting the Operators of Vital Importance (OVI) and ensuring that they are reliable and secure.
“It’s important to understand that the more technology we adopt, the more cyber issues we will encounter.”
Christophe Bianco, managing partner and co-founder of Excellium Services
Are there any themes in particular that impact Luxembourg more than other countries?
I think that one of the problems is that 90% of Luxembourg is SMEs and for them, it’s difficult to get access to the knowledge needed to properly secure themselves. That’s why the House of Cybersecurity is working on making the solutions more affordable and easier to use for non-experts.
Ransomware has been affecting more and more industries in the last three to four years with both big and small organisations being affected. And the result is always the same, at least four to five weeks of non-operation.
Excellium Services used to be very focused on the finance industry. Has this changed?
Three years ago we were split: 75% finance and 25% the rest. Now it’s more of an even 50-50. So the financial industry definitely remains a strong sector for us. But as resilience has become a key topic, providing critical infrastructure has become a big part of our business.
A lot of technology that wasn’t designed to be connected to the internet is now connected so this has created a lot of new demand for our products and services.
Sounds like a good time to be working in cybersecurity?
Business is really booming for us. But human resources still remain a massive challenge for us. Finding customers is easy, finding people that can address the customers’ needs is another. It’s not only the people but also the skills they need as you need to find people who understand API development and AI as well as cybersecurity in general. So it’s really a double challenge.
Europe alone is missing around 1 million cybersecurity experts. So, it’s really a structural issue where we expect that technology and automation will help us in the future, but we are not there yet.
Apart from automation, how do you expect AI to impact the industry?
I think that automation will certainly help but there are also limitations. If you try to understand the fundamentals of AI really, it’s learning from past data to predict the future. Unfortunately, in our industry, the malicious guys are adaptive, so AI is not exactly the best tool to predict attacker behaviour because they can change the way they attack.
AI will provide additional capabilities, we do not expect it to displace people as much as supercharge them, give them more capability, learn faster and perform automatic remediation faster.
However, it’s important to understand that the more technology we adopt, the more cyber issues we will encounter. We do not master technology, technology is created and then made user-friendly, which makes people’s lives easier but also allows people to abuse it.
“I think the best improvement we can make to our industry is to be less technological and adopt more of a risk mindset.”
Christophe Bianco, managing partner and co-founder of Excellium Services
How do you suggest adapting to that?
I think the best improvement we can make to our industry is to be less technological and adopt more of a risk mindset. The problem is that risk evaluation is by nature not something that humans are very good at.
When developers build new solutions, they often don’t have security in mind. So, as long as security is not by design, it will be very difficult to secure it. As long as we don’t change that, we’re just in a constant state of patching and correcting mistakes made at the design stage, which is not manageable in a time when technology is moving so fast.
What do you imagine the field of cybersecurity will look like 5-10 years from now?
First, I think I will be retired and living in the Bahamas! But I don’t see a big inflection in the next three to five years, except that we will adopt more technology that we don’t master. As long as we continue using technologies that we don’t understand, we will be unable to secure them effectively. It’s as simple as that.
People are slowly beginning to understand that they will face a cybersecurity attack sooner or later. So as more and more companies and organisations get hit by cyberattacks and suffer the actual costs of them, security by design will become more common.
This article was first published in the Silicon Luxembourg magazine. Read the full digital version of the magazine on our website, here. You can also choose to receive a hard copy at the office or at home. Subscribe now.
