Exclusive – OpinionWay survey for Systancia: The CIOs rate the IT security of their companies As the 18th edition of the “Assises de la sécurité” (European Security and Information Systems Congress) will take place from 10 to 13 October 2018 in Monaco, an exclusive study conducted by OpinionWay for Systancia, shows that 72% of French companies do not have a dedicated environment for administrative tasks, which makes them more vulnerable to cyber attacks risks. This is surprising given that in the last years, intrusions into companies’ IT systems have dramatically increased, particularly in France. Focus on this paradox with some key figures from the study. IT security: French companies vulnerable to cyber attacks The OpinionWay survey for Systancia shows that more than a third of CIOs report that, in their companies, they do not have administrators in charge of IT security and sensitive data management (36%). Even more worrying, the study reveals that 29% of CIOs from companies with more than 1,000 employees declare that they do not have a CISO or a person in charge of IT security. “Given the size of the companies mentioned, this figure is surprising and raises questions about the issues involved in terms of business sustainability and the impression of a generalized awareness of cybersecurity issues,” commented Frédéric Micheau, research director at OpinionWay. 96% of the IT Departments with an administrator, unanimously believe that their workstations are protected. However, the trust declared regarding their administrators’ workstations must be balanced with the company’s actual practices. The study highlights that 72% of companies do not have a dedicated environment for the administrative tasks on their Information System. “Nowadays, a major key of the Information System security is the sealed separation between strategic tasks on the information system and everything else, both professional and personal actions. This requires a real transformation of habits and tools that were not adapted to this requirement, which is becoming critical considering the volume and technical complexity of the attacks. Like in the medical field, we must manage our information systems from sterilized environments, renewed for each use and separated from everything that does not concern the information system.” pointed out Christophe Corne, Founder and Chairman of Systancia’s Executive Board. Thus, of the 64% of CIOs who declared having an administrator in charge of security, only 43% indicate that their administrators have two separate workstations: one dedicated to the operations on the IT infrastructure and the second dedicated to other daily tasks or personal activities. IT security: employees trained in best practices and the use of AI, two solutions mentioned by the CIOs to increase the security level of companies’ IT systems Although the majority of CIOs (87%) say that a large number of employees in their company are aware of IT security risks, they also admit a lack of training of their teams. Indeed, 57% of CIOs say that their employees are not sufficiently trained in the best practices and methods to be taken into account in order to contribute to IT security. This lack of training of the employees has a more significant impact on smaller companies: Thus, 58% of CIOs of companies with 100 to 249 employees share this conclusion of insufficient training compared to 46% of CIOs of companies with 1000 employees or more. The CIOs in the retail sector are also more concerned (61% compared to 54% for the CIOs in industry). Therefore, the tools made available to employees became an issue because “IT security is everyone’s concern within the company”, added Christophe Corne, Founder and Chairman of Systancia’s Executive Board. The study identified the use of artificial intelligence (AI) as a possible way to prevent cyber attacks, since two-thirds of the CIOs surveyed see AI as an effective technology to combat cyber threats (67%). However, the persons surveyed are measured: only 6% of CIOs consider this solution very effective while 10% say they are unable to comment on this point. The CIOs of companies located in the Paris area have more confidence in artificial intelligence to counter cyber attacks (71% consider it effective compared to 65% for the CIOs from other areas). This view is also more widely shared by the CIOs of companies from the service sector (71% compared to 62% of CIOs of companies from the retail sector). To remember 72% of companies do not have a dedicated environment for administrative tasks on their Information System. 57% of CIOs say that their employees are not sufficiently trained in the best practices and methods to be taken into account to contribute to the IT security. Two-thirds of the CIOs surveyed see AI as an effective technology to combat cyber threats (67%). Methodology Survey of 305 representative CIOs (Chief Information Officers/IT Managers) from companies with at least 100 employees. The sample was selected using the quota method, based on the following criteria: sector, number of employees and the region where the company is based. For the survey, people were interviewed by telephone using the CATI system (Computer Assisted Telephone Interview). Interviews were conducted from 20 to 31 August, 2018. OpinionWay conducted this survey following the ISO 20252 procedures and rules. The results of this survey should be read taking into account the uncertainties: 2.5 to 5.8 points at most for a sample of 305 respondents. About Systancia Founded in 1998, Systancia is a recognized French software vendor in virtualization and cybersecurity, offering the next generation of application delivery infrastructure, focused on users and security: application virtualization and VDI solutions, external access security, privileged access management (PAMPrivileged Access Management. PAM is a technology for managing access and authentication of authorized users, usually information system administrators, to administrative resources or applications. The main objective is to secure the information system by removing unauthorized access to sensitive resources. This protection is based on two main axes: management of the injection and life cycle of passwords used in administered resources and administration applications, the traceability of all the actions carried out when connecting users with a power of nuisance on the information system, in the form of audit or video traces. The users with malicious power concerned by the PAM may be internal users of the information system, such as system administrators or users handling sensitive data, as well as external users such as infomanagers or remote maintenance personnel....), single sign-on (SSO)Single Sign-On authentication Single sign-on allows the user to be automatically authenticated by multiple applications, resources or websites with a single authentication. When the user connects to one of these resources, the authentication step having already been validated, the system gives the user direct access. The interest is in particular to free the user from the management of his multiple passwords, and to apply much more robust security policies (increased password complexity level, regular password rotation). Within a corporate network or for mobile employees, single and universal authentication solutions exist that allow access to web applications but also to business applications. These solutions do not require applications to be compatible with specific protocols and adapt to the different cases that organizations may encounter. There are also identity federation mechanisms that enable single sign-on beyond the organizations themselves. These mechanisms require making different applications compatible with different protocols (SAML) or different federation systems (Shibboleth)...., and identity management (IAM). Building on R&D as a growth engine, the Alsatian publisher relies on the technological value of its products and the proximity between its teams and its customers to meet the needs of users. Agile and in constant search of innovations, Systancia often outstrips the market leaders, breaking down the last barriers standing in front of it. In 2017, Systancia achieved a turnover of 6.4 million euros and has 82 employees in three locations: Sausheim, Paris and Rennes.