Cybersecurity in SMEs in 2023: a business asset to differentiate themselves?

With Timothée Jaumel, Head of IT, Rzilient

A look back at the webinar we recently organized, on the topic of cybersecurity in SMEs! I was pleased to welcome our partner, Qontrol, represented by its CEO, Michael Monerau. 👍

In this article, I offer you a summary of our exchange. It is certainly useful and interesting. But it will never be worth listening to the webinar replay! So, don't hesitate:

Cybersecurity: a support function like any other

Michael first shared the objective of the Saas platform published by Qontrol: to enable its customers to manage their cybersecurity like any other business support function.

The goal is for its customers to be serene in managing this subject and for it to become banal... As trivial as managing payroll, accounting or even premises!

This is vital in a context where the fact ofhaving solid cybersecurity has become a major element in discussions between economic partners. ☑️

A good cybersecurity policy, on the Qontrol platform, consists in organizing:

• The technical aspects and infrastructure;
• The tools ;
• and also the organizational aspects (employee training).

The aim is to avoid known cybersecurity issues:

• loss of sensitive data;
• breaches of confidentiality;
• maintaining a good reputation;
• computer system paralysis;
• compliance with legal obligations.

‍

Cybersecurity: from risk management to competitive advantage management!

Michael believes that the market is ripe for move from everyday cybersecurity, mainly defensive, to a business opportunity. 📈

It is about moving from “simple” avoidance of incidents and attacks to valorization of the trust that companies can create with their partners thanks to effective cybersecurity.

This is a major change taking place on the market right now. Cyber' is becoming a real economic imperative.

This observation is particularly strong in the case of regulated markets, such as:

• The financial services ;
• The health ;
• and more generally all activities dealing with personal data and/or to high added value. In other words, a lot of sectors of activity!

Cybersecurity: operational aspects

The webinar was also an opportunity to discuss the strategic and operational vision of cybersecurity in more detail.

For Michael, the first step is to draw up an action plan to reach the level required by customers, which may take a few months.

We had the opportunity to detail the operational aspects of cybersecurity, and to share a series of concrete anecdotes of cybersecurity situations experienced by its customers.

Michael also highlights The importance of evidence. 🔎

Knowing where a security breach comes from is increasingly important for legal aspects and for the protection of a company's reputation.

‍

So how do you implement a good cybersecurity policy?

With 3 main axes: anticipate, simplify and automate.

It is also necessary to ensure that the processes concerning access to software and computer systems are in place.

We also talk to Michael about:

• the business recovery plan in the event of an incident;
• incident management;
• as well as the communication plan.

We also discuss the central question of information system security policy, which details all the tools, processes, and cultural and training aspects around cyber'.

Michael also tells us that Qontrol also raised 1.5 million euros recently, to accelerate its development. The objective is to support start-ups and SMEs in the construction of their cybersecurity policy. Congratulations to the team!! 🎉

‍

Raising funds: cybersecurity is part of the negotiations!

This exciting news about Qontrol was an opportunity to discuss the fact that Today, investment funds almost systematically take cybersecurity into account in their due diligence before investing in a start-up !

Indeed, in addition to social aspects, and obviously financial aspects, the subject of cybersecurity is therefore becoming important. It's about power Prove your resilience on the subject. 🦾

We can in fact accumulate a security debt, in the same way that we accumulate technical debt!

So, to reassure investors, we can think of certifications and compliance with standards, such as ISO 27001.

Michael reminds me of the particularity of the Qontrol platform, which is that it provides an idea of the cybersecurity debt of its customers very quickly. Thanks to this, in 2 to 3 weeks (depending on the mobilization of the client's team), Qontrol is in a position to stabilize a debt.

Proof of the importance of the subject at the highest levels, Qontrol is also in discussion with the State and theANSSI to establish a new cybersecurity “grammar”. This work will allow actors to exchange with each other and to provide useful references for the market.

I hope I made you want to watch our webinar. And I would like to take this opportunity to thank Michael, CEO of Qontrol, for his kind participation. ❤️

‍