At a time when cyberthreats are multiplying and targeting large institutions as much as SMEs, integrating cybersecurity at the heart of corporate strategies has become a priority. TransNumerik, a one-stop shop based in 6 countries, supports African organizations in their transformations, in terms of cybersecurity, digital transformation and artificial intelligence. Its deputy director, Souleyman Sidibe, shares best practices for building resilient, inclusive cybersecurity adapted to new digital challenges
Today, cybersecurity is becoming a real issue at all levels. Everyone is concerned. What we see most often from our customers is the problem of phishing, or e-mail. This is the most frequent threat, and it's all the more so in the face of attackers who are using increasingly sophisticated methods, including artificial intelligence. In this way, they are able to tempt company employees and gain access to confidential and sensitive data. Secondly, ransomware, in which attackers encrypt a company's data and demand a ransom. As an example, a customer came to us after receiving a message stating that his data had been encrypted and that he had to pay a ransom to have it returned. There is no guarantee that this will happen. The third factor is human error. It can even happen that employees send confidential data outside the company. This may be simply accidental, or it may be done in bad faith, essentially through data manipulation and configuration. The human factor is therefore a very weak link in this chain.
Levers are generally defined according to each company's priorities. But most often, the one we act on first is the human factor. First and foremost, this involves raising employee awareness of the importance of safety. We provide support through ongoing team training. The second lever is a diagnosis of the company's environment and defense infrastructure. In fact, it's the same principle as when you're at home and there's an open door through which a thief can sneak in. In this way, we detect any weaknesses in the infrastructure or defense system. As for the third lever, it relates to the surveillance training we
to our customers. We're opting for proactive monitoring, made possible by AI, because reactive monitoring is out of date and doesn't reflect real efficiency. What's important to us is not just the technical aspect of the solution we offer, because while it's possible to have the best surveillance system in the world, it's not enough to protect against cyber-attacks if there are flaws that haven't been rectified. We attach more importance to governance, resilience and training than simply to the technical part of the solution.
It's ransomware that's the most dangerous, because there's money at stake. Imagine you've got a big company whose data has been encrypted for 10 or 15 years, without any back-up. The hacker demands a ransom of two million dollars, which you don't have, and even the bank won't be able to lend it to you. So you're left with no solution. That's really what's at stake here.
Yes, absolutely! For example, some e-mails are sent from unreliable and unverified sources. What we do is raise employee awareness so that they can recognize these sources and avoid falling into the phishing trap. If an e-mail looks suspicious, with a link to click on that leads to a compromised source, employees need to know how to recognize it. We raise awareness not only of this, but also of the fact that if such an incident has occurred, it must be reported immediately to prevent the problem from worsening.
Indeed, there are tools available that enable companies to proactively examine all cybersecurity-related elements. In the same way that a hacker would use AI to attack companies, companies will use it to protect themselves and strengthen their security. For example, machine e-learning and AI tools work at any time to block a cyber-attack without the need for human intervention. Today, it's a machine-versus-machine war.
Yes, absolutely. If we take ransomware as an example, we'll find that banks, governments and large organizations are more likely to fall victim to these attacks, as they have large amounts of funds at their disposal. When it comes to phishing, it's generally all companies that are targeted, but hackers are much more likely to attack small and medium-sized businesses, because they know that large companies are more aware and mature when it comes to cybersecurity.
Yes, absolutely! What we offer our customers is a light or scalable cybersecurity solution, depending on the company's maturity. It also depends on the company's budget. For this, there are simple tools such as those offered by Microsoft, which are not expensive, but which at least make it possible to secure the company. Our solution is based on a different approach, namely phased cybersecurity. We draw up a roadmap over a period of two to three years, and secure every time there's a breach. In addition, for growing SMEs or existing companies, we can carry out a cybersecurity maturity assessment. We carry out a penetration test, simulating entry into the system to detect vulnerabilities; following this, we give our recommendations in terms of governance and tools to protect against the vulnerabilities in question.
What I can tell them is to integrate cybersecurity into their strategy. It's not just a technical term, it has to be at the heart of the overall strategy. You have to keep in mind that there may be a vulnerability in the system that you need to protect against. We need to provide strategic support for cyber-resilience, by raising employee awareness and providing them with tools adapted to the structure. The cost of this operation should be seen as an investment in strengthening strategic intelligence and putting AI at the heart of it all, in order to accelerate growth.