Phishing, data leak, laptop or smartphone thefts, fake President… end-users are key actors in securing information systems. However, it is a difficult exercise to raise their awareness to security risk and to teach them good practices. Headache for CISOs, lack…
Security managers often bring us in to evaluate their cybersecurity maturity level. We help firms analyze the return on investment for cybersecurity, properly allocating the budget, comparing level of security to that of others in similar sectors or common standards,…
Find the entire story about the creation of TRUST in my first article. A campaign launch is all well, but how do you keep it going over time? The creation of TRUST was not an end in itself, but…
Retrouver toute l'histoire de la création de TRUST dans mon premier article. Un lancement de campagne c’est bien, mais comment tenir dans la durée ? La création de TRUST n’a pas été une finalité, mais un tremplin pour la…
A year ago, the idea of TRUST was born, the name of the new awareness program at Wavestone. My team and I spent a year thinking about and developing a whole new strategy to raise awareness among Wavestone employees.…
Let's not lie to ourselves: it sometimes feels like cybersecurity lives in a bubble. CISOs are fed up with benchmarks (10% of the IT budget, 1 FTE for 400 employees, etc.), leading them to multiply major investment programs, sometimes costing…
Le sujet de la cybersécurité requiert une implication à tous les niveaux de l’entreprise, mais aussi et surtout avec le comité exécutif ! Evidemment le management doit montrer l’exemple mais c’est aussi ce comité qui va décider des investissements majeurs…
A date, il est intéressant de noter que ce sont les attaques réelles elles-mêmes qui nous permettent le plus aisément de quantifier les risques cyber, et ce par l’estimation des coûts engendrés. On estime ainsi que NotPetya, le fameux malware…
The name might have changed but the goal remains the same: designing a cyber master plan has evolved considerably in the last 15 years. Large companies no longer have questions about the Framework and NIST has established itself as the…
We have seen in the first part of the article the risks that represent the deepfakes for the businesses. In this part, we are going to focus on the strategies available to pre-empt deepfakes and the concrete actions to implement…
