Bruno Halopeau is head of cyber resilience at the World Economic Forum’s Centre for Cybersecurity. He has twenty years of experience in secure architecture solution projects in various industries as a managing consultant. He has also worked as a team lead expert in the fight against cybercrime and terrorism in a law enforcement agency, focusing on topics such as critical infrastructure protection, exploitation of emerging technologies for criminal gain, forensics and investigative techniques in cyberspace as well as leading the development of an innovation strategy program for law enforcement. Halopeau has honed expertise in crypto-currencies and blockchain, encryption, digital identities and access management, incident response, building Computer Emergency Response Teams (CERTS) and intellectual property protection. Halopeau, who holds an MBA from Warwick Business School; an MBA in strategic management and competitive intelligence from the Ecole de Guerre Economique and an MSc from the École Supérieure d’Informatique, Electronique, Automatique, recently spoke to The Innovator about how corporate leaders can best protect their companies.
Q: What are some of the concrete things the Centre for Cybersecurity is doing to prepare companies to cope with cyberattacks?
BH: Obviously nowadays any organization can be hit by a cyberattack and preparedness and crisis management are not at the level we would like to see. Surveys show that only about 38% of businesses are ready. The Centre for Cybersecurity was created in January 2018 to help meet three challenges: strengthening global cooperation on cybersecurity; helping corporate and public leaders grasp all the changes in terms of opportunities and threats; and building skills and capabilities for the future. We have launched a variety of projects, including what cybercrime is likely to look like in 2025 in order to prepare leaders to be ready and act. We also organized cyber exercises in June with different scenarios to help with preparedness. Leaders need to create a culture of cybersecurity from the entry level to the top leadership of an organization — creating awareness alone won’t suffice, but regular training and practical exercises can make a real difference.
Q: There was general agreement at the Centre’s Annual Meeting on Cybersecurity in November that large established companies could help lift all boats by imposing strict cybersecurity compliance standards on all of their supply chain partners and startups they do business with. Key to making such a system work would be the establishment of a globally accepted cyber-hygiene rating system though it is still unclear how — and how quickly –such a system could be established. What role might the Forum play?
BH: Trusted and verified cybersecurity ratings will contribute to the assessment and improved understanding of any organization’s cybersecurity posture and how it ranks with peers. To establish best practice, we are running projects in selected industries including electricity, aviation and healthcare. We have started with these sectors because electricity and aviation represent critical infrastructure and these sectors are quite often targeted. The health sector is really late when it comes to thinking about cybersecurity. The idea is to bring the industry communities together, including competitors. We also want companies to make sure that the partners they do business with practice good cybersecurity hygiene. We know around 80% of attacks are on small and medium-sized businesses that most of the time don’t have the cyber capabilities to protect themselves. Our idea is to help organizations of all sizes by developing guidelines on how to prepare for incidents, measure their preparedness and hopefully help things move in the right direction.
Q: What messages on cybersecurity will be delivered to global leaders at Davos this year?
BH: It is the responsibility of public and corporate leaders to take ownership of the challenge to ensure global cybersecurity and digital trust. This means that board and C-Suite members need to gain a better understanding of the cyber risks to which their organization is exposed and of the degree of the organization’s cyber readiness. Leaders may need to rethink organizational structures and governance to enable a better cybersecurity posture. Both public and private organizations need to improve their cyber crisis management, develop holistic response and recovery plans, including a crisis communication strategy, to limit economic, reputational and legal consequences. Global cooperation across the public and the private sectors is vital. Among the dimensions to be prioritized are information-sharing, business cooperation with law enforcement agencies, and skills and capacity development, particularly in emerging economies. And finally, innovation in cybersecurity and rapidly evolving technologies, such as AI, identity management and quantum computing, call for greater investment to stay ahead of cybercriminals who are adopting those technologies even faster and to their advantage.
Q: What advice would you give to corporate leaders?
BH: Make sure that investment in cybersecurity is at the right level. It is really difficult to understand how much money and how many resources to devote to cybersecurity but there are some benchmarks. Leaders need to know whether they are under-investing compared to competitors, not just on the day-to-day concerns to bolster prevention but also on compliance. There will be more and more pressure around compliance. Some companies are being fined hefty fees for not protecting customers. At the end of the day, responsibility needs to be taken for cybersecurity whenever a product is released– whether it be software or a digital service. It is like the oceans with plastic. The more plastic in the oceans, the less fish and more harm. In cyberspace too, the more pollution there, the more difficult it will be to keep the trust of users and customers. Ownership of the problem together with introduction of appropriate norms are the ideal we are working towards.
To access more of The Innovator’s Interview Of The Week articles click here.