Democratising security for VSEs and SMEs means protecting the entire economic fabric

In an increasingly tense geopolitical context and with the approach of the 2024 Olympic Games, cybercrime is not taking a break, confirms the ANSSI in the 2023 Panorama of the Cyber Threat. “The constant development of the threat and the attackers demonstrates the need for the ANSSI to evolve its way of working, by collaborating in particular with new actors, in order to better organize and strengthen French cybersecurity,” writes Vincent Strubel, Director General of the ANSSI in the report. A main weapon for disinformation, espionage, and destabilization, it also aims to economically weaken a country by targeting large, medium, and small businesses.

In 2024, cybercrime will cost the French economy $129 billion

According to a Statista study, the cost of cybercrime in France was $93.5 billion in 2023 and will approach $130 billion in 2024. In 2016, this figure was estimated at $5.1 billion and has since experienced an average increase of 30% each year. According to the 2024 edition of the CESIN barometer carried out by OpinionWay, nearly one in two French companies has been the victim of a cyber attack with a significant impact. While the security of very large organizations (banks, insurance companies, etc.) is historically well established with dedicated teams and automated detection systems, this is not the case for small and medium-sized structures. Over time, little significant change has been observed in security strategies, which are mainly focused on protecting workstations and messaging.

The growing adoption of the cloud has forced companies to rethink their security strategy in a hybrid environment, mixing old systems and SaaS solutions. For small and medium-sized businesses and mid-sized companies that often do not have dedicated cybersecurity resources, the transition to the cloud has been easier, but at the same time, they have become prime targets for cyber attackers. Although some investments have been made in protection, the sudden arrival of remote work in these organizations has accentuated the need to rethink security.

Identity and access management, the foundation of cybersecurity in a hybrid world

With the cloud, we have moved from perimeter-based protection to a perimeter-less, hybrid, and multi-site (office, home, travel, public places, etc.) strategy. In this context, it becomes imperative to move away from the traditional “castle” model and change the company’s culture on security issues. This new culture is based in particular on the “Zero Trust” principle, which consists of not trusting anyone by default. In this model, access to applications is conditioned not only by the user’s identity but also by their location.
This approach reflects the paradigm shift we are witnessing in cybersecurity. Identity management and proactive detection of abnormal behavior are the foundations of this new security management in an increasingly decentralized environment. To this must also be added the need to regularly train employees in good security practices. In summary, any company that wants to ensure its security and maintain the trust of its partners must implement these four basic rules: strong authentication, proactive detection and response to abnormal behavior, permanent updating of systems, and data protection. These measures would protect against 99% of attacks.

Security, a criterion of trust and competitive advantage

In recent years, the increased visibility of cyber attacks in the press and national awareness campaigns have drawn the attention of leaders to the need to invest in security to enhance their company. Like good governance in ESG matters, justifying good security practices is a competitive advantage. It allows you to establish trust, preserve your reputation, obtain new markets, and therefore remain competitive. In this regard, the NIS2 (Network and Information Security) directive, which will be implemented by the end of 2024, will encourage millions of European companies to raise the level of corporate security.

Protecting the ecosystem and the French economic fabric is one of Microsoft’s priorities. In addition to our proven technologies, we want to go further by meeting the specific needs of small and medium-sized businesses and mid-sized companies. Democratizing security is possible if we build strong partnerships, such as the one we have developed with TD SYNNEX France distributor and the Advens Cybersecurity SOC (Security Operations Center).
Together we have designed Citadel by TD SYNNEX, a clear and accessible offer that offers Microsoft Business Premium security solutions, combined with a monitoring service operated by a French SOC 24/7. The strength of this partnership also lies in the local anchoring of TD SYNNEX’s reseller partners, who are the true orchestrators of this offer. This tripartite association aims to put the best of each at the service of companies in order to bring them up to the level of the NIS2 directive. In France, it is estimated that 6 million workstations of small structures do not have or have little protection system. Securing them is a real emergency if we want to protect the very heart of our economy and promote innovation and long-term growth.