Cybersecurity Leader of the Week, Luc d’Urso, CEO Atempo – Wooxo
A graduate from the ESCAE (Business School), Luc d’Urso started his career in Geneva, Switzerland, at the European headquarters of Alcoa (Aluminum Company of America). Within the Marketing Department, he works in the Aerospace and Armament markets.
After this first experience in a multinational, the creation and development of SMEs will be his main occupation.
After ten years of developing companies specialized in the international manufacture and distribution of sports goods, he co-founded Futur Telecom in 1997, a few months before the opening of the French telecom market to competition.
Futur Telecom, which became the first French FVNO (Full Virtual Network Operator) to receive multiple awards (Fast 50 Deloitte Regional, Fast 50 National, Golden Helmets of the Customer Relationship, Winner of the Job Awards …) was sold in 2005 at SFR.
Luc d’URSO has retained the chairmanship of the subsidiary within the SFR Group for two years.
In January 2010 he founded Wooxo, a data protection publisher for small and medium-sized businesses that rapidly emerged as the French leader in backup appliances in this market segment.
In August 2017, in partnership with Cyprien ROY, he bought ATEMPO, the leading European data protection company specializing in the corporate market, from ASG.
A fervent defender of European sovereignty, convinced of the importance of a strong European Cybersecurity industry, the Wooxo-Atempo Group is a committed player with the various industry groups including among others Hexatrust, where Luc d’URSO serves as Vice-President, Cybermalveillance.gouv.fr and the SCS Cluster.
Recognized as a player, the Atempo Group is identified in the Wavestone Cybersecurity Radar and the Global Cyber Security Observatory.
Involved in the fight against cybercrime in the workplace, the group runs a field lecture program called “YOOnited Againt Cybercrime”, for business leaders alongside the MEDEF and the Chamber of Commerce and Industry. It also offers free cyber check-ups to promote good practices and computer hygiene in the workplace.
Luc d’Urso is a regular speaker at specialized conferences and regularly publishes articles and columns on Cybersecurity.
If I gave you an extra dollar to spend on cybersecurity how would you do it?
I would invest it without doubt in more information and more training for my teams. We spend a lot of money on cyber protection tools and rightly so. But sometimes the cyber attacker gets into a company system through an uninformed employee clicking on a suspect email link.
Ignoring the threats and related risks constitutes a real company weak point so investing that extra dollar would secure my business and ensure a return on investment.
How should the CEO and CISO go about educating the workforce?
They should proceed in stages:
- Increase awareness (statistics, examples of attacks)
- Train each employee to have impeccable standards of IT hygiene, whether they are in company premises, on the road or working from home with a VPN
- Ensure regular testing and evaluation are scheduled throughout the year
- Consider a bonus or malus scheme whereby employees can be rewarded or penalized for their IT security behavior.
How can a CISO get the buy-in required from senior management and the Board?
I suggest showing concrete examples of attacks: phishing, ransomware which actually happened within the company. Detail the costs involved of these attacks and how more investment and better processes could help reduce their impact in our company.
Costing together the operational losses and incident management time after each incident would in my view be the best way to sway any doubters.
From time to time, I will send examples of “pseudo-malwares” to management mailboxes -after decontaminating them of course- to show the sophistication of these attacks and encourage each and every one to adopt the reflex of checking for risk before it’s too late.
How can we address the idea that cybersecurity issues are holding back business development – in other words do we spend too much time and money on these issues?
The rate of increase in the number of organizations under attack is rising strongly and strongly supports the argument for action against cybercrime. Many companies invest more in coffee machines than they do in protection against cybersecurity!
Consider how much your company spends on its daily coffee consumption and also how much time we spend in front of the coffee machine. For similar amounts of money, many ransomware attacks could be avoided with reasonable priced tools and adapted training courses.
How is the situation evolving in 2018 compared to one or two years ago?
In France, the growing media coverage of cybersecurity news, the pivotal role played by public bodies such as Cybermalveillance.gouv.fr, programs such as Yoonited Against Cybercrime driven by Wooxo, and the members of the ACYMA or HEXATRUST groups have all strengthened public awareness. But still too often, intentions are not followed by acts. Because tight budgetary controls remain the norm, the investment in tools and methods to fight cybercriminality remains inadequate despite the record number of attacks.
Today, if a company invests in a cybersecurity taskforce, it is often because they have been a victim of an attack and have counted the costs. Some investments are too critical to delay and, for me, cybersecurity sits in this category.
The European Union has the GDPR (General Data Protection Regulation) which is the reference text for the protection of personal data. It strengthens and unifies data protection for individuals in the European Union.
The Cloud Act promulgated by the US administration last March directly threatens the confidentiality of data of European citizens owned or manipulated by US cloud computing actors (publishers, hosts, intermediation platforms …).
European citizens, like public and private professional organizations, cannot, on the one hand, have an European Community legal arsenal to protect themselves from any interference by political or economic actors in their private affairs while at the same time encouraging those not respecting data privacy by supporting and relying on their businesses.
It is time to align our political vision and our choices of civilization with our daily actions. Encourage trusted players in the European digital industry.