Interview with Zeina Zakhour, Chief Technology Officer for Atos’ Digital Security activities

Published on modified

( — Has the war in Ukraine already had an impact on your activity at Atos?

Zeina Zakhour: All companies are already at attention… We have to be prepared, since groups of cybercriminals have already taken positions in this conflict, attacking Ukraine in particular. Government institutions can be targeted, but also companies, in the context of collateral damage. These organizations must take their precautions and implement the right security solutions, using “cyber threat intelligence” to have information upstream on the activities of cybercriminals, whether they are sponsored by the States or not. This is called “threat anticipation”. If there are nevertheless attacks, which cannot be anticipated, for example “zero day attacks”, the organizations must develop a rapid reaction capacity, because everything is a question of time. We must ensure that an intrusion does not become a real incident, with data leaks, or does not lead to an interruption of the activity. Are companies sufficiently prepared?

Zeina Zakhour: There are those who are not ready for cyberattacks in general, regardless of the conflict in Ukraine – mainly small and medium enterprises… They generally do not have the means, nor the expertise. But things are changing: five years ago, there were no CISOs (Information Systems Security Managers) in medium-sized companies, whereas this is common today. When you look at large companies or state and government organizations, it depends: some have a very good maturity in terms of IT security, and others less. You can’t be ready for everything, the main thing being to manage an incident well to limit the damage as much as possible. Zero risk does not exist, but you have to be prepared in advance and react quickly. Has the health crisis increased the risk of targeted attacks?

Zeina Zakhour: Cybersecurity has become essential: companies can no longer ignore it and must invest in this area… I have been working in this sector for 20 years, and when I started the threat was very different: there were a few types malware, or viruses, and that was it… All the data was in the “fortress”, which was the “data center”. Today, the business environment has completely changed, with an extended attack surface, which is now in the cloud, in edge computing… We have mobile phones, tablets, and we put our data in these sensitive environments. Data is everywhere: there are many more doors or windows through which cybercriminals could enter. The likelihood of attacks working has also increased. With the health crisis, for example, many companies have been forced to adopt teleworking and collaborative tools. Some had to do it on the spot, without having the time to put in place the associated cybersecurity controls, which brought further fragility. Do you think that cybersecurity and the means of protection must now be considered by default?

Zeina Zakhour: Security must be included in the design of systems and solutions. In the space industry or in the autonomous car industry, companies are increasingly adopting this approach. And for good reason: we realized that we could take control of the brakes of an autonomous car. Imagine the impact this can have: lives could be lost with a remote control takeover! Fiat Chrysler, for example, had to recall more than a million vehicles in 2015 after observing a vulnerability, which caused cascading problems. Solutions exist well upstream, but sometimes manufacturers do not think about them, because they focus on the purpose of the digital product, or are not ready to put in place the necessary investments to integrate security by default. Hospitals have been a prime target in recent months, including in France. Why ?

Zeina Zakhour: On the one hand, medical data is very expensive and on the other hand, there is an urgent need for a hospital to continue to operate… Some hospitals targeted by ransomware have had to choose to pay a ransom because lives are at stake and they were not prepared to deal with this type of cyber attacks. A study carried out in 2020 showed that 93% of the global hospital sector had faced attacks that resulted in a data leak: that’s huge. The hospital environment was not very mature in terms of cybersecurity, but we have nevertheless seen a real change in recent years… Who are these cybercriminals?

Zeina Zakhour: 20 years ago, there was no organized crime, but rather ‘geeks’ trying to bring down a network, or activists. Today, cybercrime brings in a lot of money and there are state-sponsored actors. Cybercriminals are very motivated, they innovate a lot, change their tools regularly, use advanced tools with artificial intelligence, automation, ‘chatbots’. Moreover, today, almost anyone can launch a cyber attack: on the dark web, there are kits to launch ransomware or denial of service (DDOS) attacks and bring down a company’s network. Just pay. Launching a ransomware attack can cost as little as $60 or $70. Are some companies forced to sell?

Zeina Zakhour: In the context of ransomware, many companies found themselves in situations where they could do nothing but pay, because they no longer had access to their systems or data, including backup data, and were completely blocked. Some pay the ransom and that’s usually the start of a vicious circle, which leads to even more attacks. In addition, there are stealth attacks that we do not see, which are the most worrying. Cybercriminals steal data to sell on the dark web but make it invisible that they entered the company’s system. We have cases where some have remained for years in a company’s IT environment without being detected. They can steal R&D data, intellectual property data, financial data… This is something very common. What types of attacks are most popular with cybercriminals?

Zeina Zakhour: Ransomware is very popular: it’s been around for years and will continue to do so because it’s very lucrative. Why change a method that works? We also observe “supply chain” attacks: an organization is attacked by targeting less secure elements of the supply chain, as in the case of the Solarwinds affair, which did a lot of damage at the end of 2020. The hackers found an application vulnerability in this product, developed a virus and then sent it to all the companies that used it.
The cloud is also a threat because it is too often misconfigured. As a result, in 2020, 98% of companies had already encountered a data leak problem on their cloud. Often, this was simply due to a bad configuration. It’s new technology and many organizations don’t yet know how to use it, don’t have the right approaches, and haven’t updated their security techniques. How does Atos work to protect its clients?

Zeina Zakhour: We mainly work with large companies and government institutions in the industrial, hospital, financial, public, telecommunications, defense and energy sectors. We advise our customers to carry out a cyber risk analysis, to better understand their environment: are connected objects used, what services are provided, the applications installed, the different suppliers, etc. Knowing well allows you to protect well. Once you understand what the risks are, you know which cybersecurity solutions to invest in. You have to work upstream, put in place good means of protection, a good foundation: this makes it possible to stop 80% of attacks. In addition, the approach to detecting flaws and attacks is particularly important. In this context, all technologies must work well together, to avoid black holes (areas not covered by cyber solutions) through which cybercriminals will enter. What if cybercriminals still slip through the cracks?

Zeina Zakhour: It’s a race against time, you have to be ready, detect the intrusion quickly, see in real time and react quickly. Today we talk a lot about MDR (“Managed detection and response”): this advanced technology uses artificial intelligence to analyze a huge volume of data and detect the needle in the haystack. After an incident, you have to organize feedback and understand what happened (a breach in the cyber strategy, a forgotten risk?) so as not to repeat the same mistake. These improvements will come in very handy. The other very important point is to have good teams, good experts. Every six months, new types of attacks appear and this evolution must be monitored. At Atos, we have an in-house “cyber academy”, with curricula and training to keep our experts up to date. Our presence all over the world (6,000 cybersecurity experts and 15 security centers, editor’s note) also allows us to share information, and to be up to date in cyber risk management and threat anticipation…

Learn more with eToro…

Leave a Comment