Interview With Stéphane Nappo

Interview With Stéphane Nappo

Cybersecurity has been a massive issue for businesses worldwide. Although with time and technology developments, we are now seeing high potentials of the AI technology for malware, intrusion, and fraud detection, and data protection. But the real question is whether or not AI will offer promising protection against security threats in 2020?

Reviewsed spoke with Stéphane Nappo – The Chief Information Security Officer at OVHcloud, for his insights about the ever-evolving telecom security industry. He also shared his expert opinions about how AI has revolutionized business operations, the common misconceptions about AI, and, most importantly, the potential future of AI & Cybersecurity.

Zubair: Stéphane, please enlighten us about what you do?

Stéphane: I am the Chief Information Security Officer at OVHcloud, a global hyper-scale cloud provider and leading European cloud alternative. OVHcloud’s motto is “Innovation for Freedom.” The individual’s right to privacy and equity to access new technologies are central to our values. Cloud technologies must be safe and easy to use. That is why cybersecurity plays a central role. The main mission of the OVHCloud security team is to ensure data privacy and services availability for our customers. Additionally, I am responsible for overseeing the company’s cyber, information protection, risk, cyber-incident response, and investigative security operations, for mentioning a few. Fighting the industrialization of cybercrime is my lifelong objective and my professional pledge.

Zubair: In your opinion, how Artificial Intelligence impacts business & cybersecurity?

Stéphane: In the digital, intelligence augmentation era, Business operational, administrative, and tactical tasks are being performed by effective use of information technology and smart infrastructure. Strategically, to assure the system’s reliability & knowledge engineering, it is essential to ensure data integrity, availability, traceability, and privacy. Often, integration projects stall simply because partners fail to agree on data standards or semantics.

Transforming Business, a digital strategy, must go hand in hand with a cybersecurity strategy, where the cyber defense approach must keep pace with the cyber offense advancement. Many companies are ill-equipped to deal with the threats posed by profit-oriented and highly organized cyber criminal enterprises.

Advances in technology are reshaping global cyber threats, forming currents of cyber-attacks industrialization. Crime as a service is a reality. Cyberattackers are early adopters of emerging technologies, employing for their dark purposes the Robotic Process Automation (RPA), Machine Learning (ML), and Artificial Intelligence.

For instance, targeting fraud, hackers use Cryptocurrency. They apply the most advanced social engineering and technological innovations. Cryptojacking – malicious cryptomining, an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” cryptocurrencies. The victims of crypto-jacking might never notice.

This weaponization trend must be taken into account by all actors of the digital economy: businesses, governments, educational and non-governmental institutions. Cybersecurity ecosystems must respond with new tools, that are steps ahead, including Artificial Intelligence.

Therefore, on the defence side, “human beings with a mouse cannot answer hundreds of events per second.” Security Operations Centers (SOCs) must implement Machine Learning algorithms and Artificial Intelligence Tools & Frameworks to analyze substantial cyber-noise and let the human experts treat real offenses.

In the new economy, the industry winners will be public/private entities that, along with breaking the rules, challenging the status quo, will be able to assemble trust of every element of the multi-tier supply chains; embrace and enable creativity and diversity of a new tech-savvy generation; retain engineering capability and productivity; sustain and continuously optimize the logistics and supply chains segments; design complex multi-faceted high-value-added systems; boost the use of existing and invented computer simulations technologies (such as Artificial Intelligence and Machine Learning algorithms; Virtual & Augmented Reality; Digital Twin, etc.); assure information security & cybersecurity, better encryption, biometrics, smarter analytics and automated network security in all categories and elements of the multi-tier supply chains.

Zubair: Please share some examples of how AI has revolutionized business operations?

Stéphane: Artificial Intelligence (AI) is not a new concept. The term artificial intelligence was first coined by John McCarthy in 1956. Even though the journey to understand if machines can truly think they began much before that.

AI has been studied for decades and is still one of the most elusive subjects in computer science. It took decades of work to make significant progress toward developing an artificial intelligence system and making it a technological reality of modern times.

Artificial intelligence is affecting the world’s economy and society. AI has entered the business world, emerging in key processes and technologies applied in many sensitive fields: healthcare, stock exchange, banking, army, nuclear plant, aviation…

In the cyber world, AI could be both a new weapon in cyber threats and a new tool for cybersecurity response. We need to pay attention to the AI implementation itself and keep in mind that a threat is mainly the reflection of weaknesses and residual risks not treated in projects, systems, and partnerships. The AI uprising is not a dilemma for cybersecurity. The main concern is the gap between this innovation and the legacy systems or outdated processes. As an example, RPA and High-Frequency Transaction is a profit enabler in finance, but the control of Automatized High-Frequency operations is a challenge for control and audit execution.

Zubair: In what other fields will AI have a significant impact in the future?

Stéphane: I believe that AI, with the appropriate security, will deliver more advantages than concerns to humanity. The significant impact we might see in the future should be the evolution of Artificial Intelligence, into the Augmented Human Intelligence. This evolution will hyperconverge the AI, IoT, and humans in symbiosis. Beyond the technological, biological, and cybersecurity challenges, ethics, and societal impact of Artificial Intelligence will be the next stakes. If we are going to augment humanity with the machine, we need to do it in a way that doesn’t bring along our mistakes. In summary, if the emerging technologies are going to merge humanity with the machines, augmenting our human intelligence with artificial intelligence, we need to prevent and manage the risks!

Zubair: According to you, what are the common misconceptions about AI?

Stéphane: Beyond the necessary discussions about the difference between ML and AI, I would tend to say that anthropomorphism is the main misconception about AI. Artificial Intelligence does not really work like a human brain. Another misconception is related to job destruction with the famous “AI will take your job…”. According to forecasts from the World Economic Forum and many other analysts, the new technologies are expected to create more jobs than they will destroy over the next 4 years. It has been proved in the past with steam machine automation, new transportation, telecommunications, ready-made clothes industry, etc… Refusing technology changes is often worse than to accept and manage them.

Zubair: Stéphane, please share your opinion about the need for cybersecurity? What is the future of cybersecurity?

Stéphane: An Enterprise of the Future is a “Cognitive Enterprise”: constellations of Strategic Alliances, relying heavily on AI (here – Artificial as well as Augmented Intelligence; Machine Intelligence), where the cybersecurity management is much more than an IT topic.

To facilitate and maintain the confidentiality, integrity, and availability of data and business operations, consider creating roadmaps to digital transformation, designing a reliable system, where your security strategy is a part of your digital transformation strategy. People are an imperative part of the system.

In information and cybersecurity, to identify adversaries, to find unknown security vulnerabilities, to reduce cyber risks and envision potential future threat landscape is crucial. To understand, develop, and cultivate remarkable resilience is vital. Have in place an ever-evolving cyber resilience blueprint. Arm your business in the face of future cyber threats. Mind the systemic nature of a cyber threat landscape.

‘Know thyself’ to increase your cyber-resilience. Find the right balance between risk consciousness, holistic approach, and workforce recruitment / reskilling.

Risk awareness eliminates fear and becomes the result of a clear risk assessment and risk appetite framework, where the risk appetite is defined as the amount of risk (volatility of expected results) an organization is willing to accept in pursuit of a desired financial performance.

A holistic approach is crucial in cybersecurity. Many cyber issues are caused by misuse or unwise users. The holistic approach to cybersecurity strategy can be achieved by merging effective policies, integrated security methods, best risk-analysis programs, robust infrastructure, building a culture of cybersecurity as a shared responsibility, and an impactful employee upskilling/reskilling.

The need for decision under uncertainty has never been stronger. Facing the skill shortage, strive to inform and educate. The role of partnerships between educational institutions and businesses must be reconsidered. Although the digital realm is evolving fast, the partnership strategical choice remains a human prerogative and a key driver of the digital ecosystem evolution. This paradigm raises the need to rethink the decision theory to keep pace with the rising uncertainty and the increasing complexity of the digital evolution for enterprises.

Education has always been a profit-enabler for individuals and the corporation. Education, both conception and delivery, must evolve quickly and radically to keep pace with digital transition. Education is a part of the digital equation.

Zubair: Share some cybersecurity tips for our visitors.

Stéphane: Much can be said. Beyond AI, ensuring security and sustainability in a disruptive context is a real challenge. I would tend to say: “Know thyself” to prepare for “unknown unknowns” and think resilience:

Ten tips for Cyber Resilience Strategy:

  • Align information and cybersecurity strategy with a business digital transformation strategy.
  • Adopt a comprehensive cyber risk management attitude.
  • Identify the most critical information and assets.
  • Find and manage vulnerabilities.
  • Reduce cyber risks in projects and production.
  • Optimize strategically chosen systems reliability.
  • Evolve your security to a prevention-based strategic architecture.
  • Pledge to employ the state of the art digital and defense solutions.
  • Instruct your teams regularly to empower and strengthen their resilience.
  • Scale your success by sharing knowledge and intelligence. 

Team Reviewsed is very thankful to Stéphane Nappo for his precious time.

Guys, if you have any question related to cybersecurity and AI you can ask in the comment section below, we will forward your questions to Sir Stéphane.

Keep supporting

Zubair is a tech geek who loves technology and writing about it. He also loves to travel and spread knowledge about online security.