In a context where cyberattacks are on the rise and AI is disrupting practices, cybersecurity has become a major challenge for all businesses, regardless of their size. Olivier Piedfroid, CTO of Shortways, shares his vision of the main risks and outlines the measures implemented to ensure the security of our clients’ data.
Key topics :
An ever-evolving threat landscape
Businesses are facing a multitude of cyber threats, the most prominent of which remains ransomware. Hackers often aim to block critical systems and demand payment in exchange for unlocking data.
Other types of attacks exploit third-party providers as entry points into large companies’ systems. For instance, credential theft can allow fraudsters to send malicious emails containing malware.
Cyberattacks are no longer solely the work of isolated individuals; they can be the result of coordinated, automated, multi-dimensional actions, potentially affecting any business. “A company will be hacked at least once in its lifetime”**, warns Olivier Piedfroid.
A structured approach to cybersecurity at Shortways
At Shortways, security is based on a strict framework and rigorous organisation:
- A security committee, led by the CTO, ensures the implementation and monitoring of best practices.
- A strategy based on four pillars: threat identification and assessment, system protection, intrusion detection, and rapid response in case of incidents.
- Application of these principles to four risk areas: personal data, business data, third-party management, and business continuity.
Shortways integrates cybersecurity at all stages of its product lifecycle:
- During development: secure development, vulnerability management, and system updates. Shortways also follows the OWASP Top 10 recommendations, including protection against code injection and securing sensitive APIs.
- During deployment: environment isolation, data encryption, secure protocols.
- During operation: monitoring of suspicious activities, intrusion detection (IDS/IPS), and annual penetration tests.
Cybersecurity: a growing client demand
Shortways’ clients, particularly in the banking, insurance, and public sectors, impose strict compliance requirements. “Every project undergoes a cyber assessment”, explains Olivier Piedfroid. Shortways has obtained the CyberVadis certification, achieving an advanced score of 718/1000, highlighting third-party management and business continuity.
AI and data sovereignty: future challenges
Artificial Intelligence is a major topic for cybersecurity. Shortways anticipates future regulations, including the AI Act. Data sovereignty is also an increasing challenge. While the platform is currently hosted in Europe, any move towards more sensitive systems will have to integrate these prerequisites.
Cybersecurity and innovation: finding the right balance
While some security measures may seem restrictive, they are essential and often beneficial in the long term. “Security is never an expense spared”, emphasises Olivier Piedfroid.
Integrating cybersecurity from the product design phase not only anticipates threats but also ensures a more robust and agile development process.
Conclusion: a continuous vigilance
At Shortways, cybersecurity is a daily commitment. Threats evolve, but by anticipating risks and adopting rigorous best practices, it is possible to effectively protect data and maintain client trust.
Sources:
* https://www.ninjaone.com/blog/smb-cybersecurity-statistics/
** (In 2023, 53% of companies experienced an attack, an increase of 5% in one year. The number of companies with fewer than ten employees that have experienced a cyberattack has increased by more than 50% over the past three years). Source : https://www.data.gouv.fr/en/reuses/statistiques-et-impacts-des-cyberattaques-sur-les-entreprises-en-france/
