Cybersecurity: human intervention is our best protection

Xerfi Canal TV, the French web media group, has conducted an interview which Michel Mondet, CEO of Akeance Consulting about cybersecurity.

Michel Mondet, you are CEO of Akeance Consulting and you are here today to discuss about fraud and cybersecurity. These topics have become essential. Some figures: since 2010, the number of attacks has increased by 176% worldwide. Another figure: “Fake President” fraud costed € 400 million in France last year.

How do you analyse these figures?

Growth also applies to fraud, it is certain. This is the case for cybersecurity; it gets a little less so for the credit card. Credit card fraud tends to decrease and costs around one billion euros in France.

It remains significant.

It remains substantial and moreover, there are other types of frauds that are more difficult to value, as they are based on collusion, on the basis of “little arrangements between friends”. So the topics are, of course, to ask ourselves how we will protect and minimize over all these frauds, whether they are more or less reprehensible.

To minimize those, public actions are carried out, I am thinking of the military planning law in 2014, which requires companies to report incidents if they have the slightest suspicion. Do you think this is an appropriate response?

Yes, yes, that’s a good answer. This is a good response but the public authorities are only doing their job. They help organizations protect themselves from external threats and in return businesses participate in a very collaborative way within this protection against hackers on cyber security, etc. There’s another topic: what should be done within the company, by us, by management and by shareholders, to effectively protect the company from these fraud.

What is this internal safeguard?

You know, the protection is to avoid that we have “arrangements between friends”, that is to say embezzlement based on collusion, first-topic. There, I think we quickly need to focus on treasury subject matters. Those are never accurate enough, refined enough, not regularly submitted to a critical observation, if you will. There are processes, those exist. There are obviously reports. There are cash pools, anything you want, but there is not necessarily a continuing monitoring that keeps a critical eye on cash. It’s the same with budgets. Whether you are in a business unit or an international subsidiary, if actuals meet budget targets, we then view figures far less critically. We won’t be as motivated to check for asset misappropriation such as stocks, raw materials, waste or scrap, if you will. And thirdly, you have an internal control that works but I think we must seriously strengthen the operational part of that control for it to be more controlling and punitive. And then, remains the main topic of corruption, which is an international fraud. There are very few countries where corruption is not automatic and systematic. These subjects are complicated, it is equally important to detect them. It’s as much a part of the fraud as cybersecurity issues.

So it’s up to the manager to ensure increased controls within the company, to avoid such problems.

Yes, absolutely. It’s up to the manager to set up control teams capable of intervening rapidly and effectively. On the other hand, we also have to think about the individuals. We must also try to rotate individuals within the company. It is well known that fraud is related to personnel who have been around in the same function for a long time. It’s hard to accomplish, but these are the kinds of things to do. And you still have to be interested in individuals, as in any other business, to ensure that «we are confident» in them or “we are not confident” with a general thought of we are not confident.

Well, thank you Michel Mondet for your insight on this topic. As a reminder, you are president of Akeance Consulting, thank you .