Although these days companies bend over backwards to protect their systems and critical data, shortcomings of cybersecurity risk management combined with the increased sophistication of malicious attacks don't make it an easy task. Confidential business information, customer sensitive data or trade secrets can be compromised within split seconds and cause a lot of harm from tarnishing the company's reputation to fraud activity, lawsuits and millions of dollars lost in the process. In the past two years, over half of organizations in the U.S. have experienced at least one data breach caused by a hacker or tricky malware, which on average costs $7.5 million to repair. The stakes are high and innovation in the field is very much needed.
Why do companies still fail at cybersecurity?
Despite the high demand for cybersecurity, companies still fail at providing a coherent and reliable plan for withstanding cyber attacks. Gaspard de Lacroix-Vaubois, a French entrepreneur, business developer and cybersecurity expert talks about the faults of current cybersecurity management and gives his tips on how to patch up the holes and improve effectiveness in the field.
Branch reports reveal that over 50% of companies are failing when it comes to evaluating cybersecurity investments and performance metrics against well-known standards and best practices. Being on a desperate mission of replacing well-known standard solutions with new ones that are scalable, cost-effective and successful, company directors often blindly invest in cybersecurity technologies having no actual clue if they will work. What adds to the problem even more is the fact that most companies lack a clear understanding of how to measure the level of cybersecurity protection in their companies. Shortage of strategic plans and transparent cybersecurity metrics doesn't help either.
Gaspard de Lacroix-Vaubois believes that the main problem is that sometimes cybersecurity is too complex and meant to fix all problems at once. The larger than life security system is not available for those who ought to use it in the first place. The installation and integration of such systems takes forever, not to mention they are difficult to be embraced by the regular staff, mid-level managers or basically anyone outside of IT.
The story of Gaspard de Lacroix-Vaubois
Gaspard de Lacroix-Vaubois graduated from one of the leading French universities, HEC Paris - the number one business school in Europe. From his early years, he was driven to the world of technology and finance, believing that these sectors influence the majority of the change in the world. After starting his career in mergers and acquisition and private equity where he encountered a lot of fintech and insurtech entrepreneurs, Gaspard set a course towards cybersecurity. His decision was influenced by keen observations of the market and participation in the Y Combinator program, one of the top entrepreneurial incubators in the world. Together with his co-founder Louis Mutricy, he appreciated the opportunity of showcasing his start-up Skypher, a golden child that quickly managed to impress prestigious investors such as BPI France and Kima Ventures.
Cybersecurity compliance matters
Compliance is nothing more than ensuring that a given organization meets data privacy and security standards that may vary depending on the industry. According to Gaspard de Lacroix-Vaubois companies experience poor cybersecurity risk management due to multiple factors. One of them is messy reporting caused by the low visibility of the cybersecurity function in the organization. Teams responsible for cybersecurity systems are often abandoned in the decision-making process and have no direct advisory board, which generates confusion and overcomplicates things. Another problem Gaspard mentions is the fact that risk evaluation happens only periodically or in uneven time intervals. That in consequence creates dangerous security gaps easy to overlook. Furthermore, companies tend to miscalculate the budget for automated tools, technical expertise and professional cybersecurity staff. At the top of the list are poor communication and a lack of transparent policies. These are either confusing or so tedious and time-consuming that employees prefer to move on with their daily tasks without being bothered by cybersecurity compliance. All these shortcomings lead to sudden chaos which in the end must be squashed with hectic, misguided actions, usually adverse to the company's cybersecurity quality.
Cybersecurity compliance gets easier with Skypher
While still in finance, Gaspard had his own irritating experiences with cybersecurity compliance and was shocked that filling out a simple security questionnaire took him on average 10 hours. Having to dwell on security matters came with a high price for Gaspard and his former company: they were missing deadlines and losing deals due to being too engaged in time-consuming compliance issues. Gaspard used his business development skills and joined forces with security engineers with strong machine learning background to create an answer to the issue. Skypher was launched in 2020 with a mission to help tech companies become more secure organizations while removing the huge amount of unnecessary turmoil and administrative work involved in cybersecurity compliance. Skypher utilizes the latest NLP and AI technologies to automate this tedious process of cybersecurity compliance. With the help of cloud-based software and the latest breakthroughs in machine learning, Skypher automates responses to security questionnaires, which brings companies of all sizes to an entirely new level as they can complete the security requirements 10 times faster than before.
Automation saves time and money
As an experienced entrepreneur with a strong financial background, Gaspard de Lacroix-Vaubois believes in the power of time and money-efficient solutions.
"Every company sends cybersecurity questionnaires to its subcontractors and suppliers to make sure they are safe. On average, between 300 and 1,100 questions need to be answered. This is very time-consuming for the technical teams" - insists Gaspard de Lacroix-Vaubois.
He has no doubt that automation of cybersecurity compliance is the right direction to follow. Machine-based execution of security functions already exists and helps enterprises and governmental entities detect, investigate and act against cyberthreats. It has been proven as efficient, reliable and free of human errors. So can be cybersecurity compliance. One thing is certain: Gaspard de Lacroix-Vaubois will not stop until he entirely revolutionizes the field of cybersecurity compliance and provides every company, big or small, tools and ability to automate and improve their data security standards.
