Loïc Guézo, Proofpoint: Communication between the CISOs and the board of directors must be put forward more than ever

Proofoint will present at the Assises its new strategy “defend the person / protect the data” which includes “Proofpoint Intelligent Classification and Protection”, its solution, powered by artificial intelligence which provides visibility on data-related risks. For Loïc Guézo, Director, Cybersecurity Strategy at Proofpoint, communication between the CISOs and the board of directors must be put forward more than ever.

Global Security Mag: What are you going to present at the Assises?

Loïc Guézo: This year, we will notably present our new strategy “defend the person / protect the data”

Our Proofpoint Intelligent Classification and Protection (PICP) solution is our solution, powered by artificial intelligence (AI). It provides visibility into data risks so you can set granular policies, recommend how best to prioritize their protection, and give you the transparency you need to be confident in operational protection outcomes. .

And of course, everything that revolves around the evolutions of the Proofpoint Email Protection solution, market leader which now protects 57% of the CAC40, and all our customers who have migrated to M365 and who are increasingly confronted with threats of significant fraud (BEC/EAC).

Attackers are targeting people more directly than ever, and 95% of all cybersecurity issues can be traced to human error. That’s why Proofpoint’s security awareness training helps ensure users know what to do when faced with a real threat. Proofpoint’s Security Awareness Training empowers people to defend their organization with a comprehensive solution, resulting in fewer clicks on actual malicious links.

GS Mag: What will be the theme of your conference this year?

Loïc Guézo: For this edition of the Cybersecurity Conference, we invited Alain Rogulski, VP IT and Cybersecurity of Sodexo, to discuss the issue of including messaging protection in the Cybersecurity roadmap of a group such as Sodexo. This is not an anecdotal post but on the contrary a strategic point on which to invest today will avoid “paying dearly” tomorrow (in the event of the passage of ransomware or financial fraud, etc.)

GS Mag: What are the main threats that you were able to identify in 2022?

Loïc Guézo: The main threats we have identified are obviously related to Phishing. Our State of the Threat Report shows that France had the highest rate of ransomware attacks in 2021: 81% of businesses surveyed experienced at least one ransomware infection from a direct payload of an email, second-stage malware delivery or other exploit. Of these:  56% chose to pay at least one ransom;  69% paid a ransom and gained access to their data/systems;  20% paid an initial ransom and one or more additional ransoms and gained access to data/systems;  4% paid an initial ransom, refused to pay more, and were not granted access to data, and  7% never gained access to data after paying a ransom. With the fraudulent emails, cybercriminals have posed as, among other things, the tax service, the CPF training organization or even the Health Insurance, which invites you to update vital cards that never expire. Since the start of 2022, attacks against critical infrastructure have been on the rise. We can mention the ransomware attacks on the hospitals of Dax and Villefranche sur Saône. The trend proved to be true with the recent attack on Corbeille-Essonnes. More recently, we have seen more and more attacks on the enterprise supply chain. In this area, information is vital and every part of the supply chain can be targeted.

GS Mag: What about business needs?

Loïc Guézo: Companies need a suitable solution that allows them to monitor their digital transformation and protect their information capital. They also need an in-house cybersecurity training offer because the human being is the last bastion against the cyber threat, while being the biggest gateway for cybercriminals. These have become masters in the art of manipulation by social engineering and the targeting of victims is increasingly sophisticated. We can cite for example the activities of the group TA453, a threat actor linked to the Iranian state, and also known under the name of “Charming Kitten”, “PHOSPHORUS” or even “APT42”. The group has been observed targeting individuals specializing in the analysis of public and political affairs in the Middle East, nuclear security and genome research. Extremely well-targeted attacks were carried out using malicious emails using multiple fake characters. The authors, posing as foreign policy researchers from real institutes in the West, were able to take advantage of new social engineering tactics to obtain confidential intelligence for the Islamic Revolutionary Guard Corps of Iran.

GDPR regulations are also evolving and becoming increasingly strict, particularly in Europe. As such, Proofpoint recently deployed its Intelligent Compliance Platform, which provides business leaders with collection, classification, detection, prevention, research, eDiscovery, monitoring and analysis functions. next-generation predictive. Powered by Artificial Intelligence (AI), it relies on Proofpoint’s proprietary Machine Learning (ML) engine, designed to meet complex compliance and information governance obligations.

GS Mag: How will your strategy evolve to address these issues?

Loïc Guézo: We are focusing on technologies such as Artificial Intelligence and Machine Learning, in order to combat these threats more effectively. These technologies automate tasks and allow humans to focus on the most important risks. Another priority still remains the training and awareness of humans to threats that are constantly evolving.

GS Mag: With the pandemic, telework and its security have become essential today. How do you integrate these principles into your business and your offer?

Loïc Guézo: Teleworking has allowed a multiplication of contact points in the organization and therefore represents an increased risk for companies. Proofpoint solutions keep this new extended perimeter secure. This continuous monitoring is carried out in particular remotely and makes it possible to protect employees from threats from wherever they work.

GS Mag: What is your advice on the matter, and more generally to limit the risks?

Loïc Guézo: We can’t say it enough: awareness of threats and the impact on the organization is key. Enabling employees to be aware of and armed against cyber threats ensures maximum business defense against cybercriminals.

The techniques used by malicious actors are constantly evolving, using ever more advanced social engineering. Whether by email (phishing), SMS (smishing), telephone (vishing), and other platforms such as Discord for example, the points of contact are also more and more numerous. Training must be regular so that everyone in the company is able to detect and combat these attempted attacks by cybercriminals.

GS Mag: Finally, what message would you like to convey to CISOs?

Loïc Guézo: Communication between the CISOs and the board of directors must be put forward more than ever, and this requires a common vocabulary. The CISOs can use more colorful, more “narrated” language to make it easier for everyone to understand, and the management committee must be able to prioritize the requests of the CISOs, which are too often relegated to the background. The best way to avoid disaster: managers who understand and share a vision of cybersecurity, and who train their employees regularly. Moreover, on the subject, we can release an innovative study “Perspectives 2022 of the Board of Directors” which I recommend that you read, in conjunction with the results of “Voice of the CISO 2022”. Between the lines, it is clear that the Director of Cybersecurity is a position of the future, with great potential.

We would love to say thanks to the writer of this post for this amazing material

Loïc Guézo, Proofpoint: Communication between the CISOs and the board of directors must be put forward more than ever

Our social media profiles here as well as other related pages herehttps://www.ai-magazine.com/related-pages/