-Analysis-
PARIS — Last week, we heard news of something straight out of a spy novel: A leak of more than 22,000 pages of documents detailed the combat capability of Scorpene submarines built by French naval defense contractor DCNS. Readers who devour thrillers would find that the hack lacked the global menace of a James Bond tale or the Machiavellian plot of a John Le Carré novel. Still, the leak that was first reported by The Australian newspaper is both intriguing and instructive.
It revealed “sensitive information but appears neither critical nor confidential,” an unnamed source told Reuters. But the fact of the matter is that this data is now public when it shouldn’t have been. Even if the internal procedures and the information system at DCNS is proven to not have been at fault, other theories explaining how the leak could have happened are a reminder of the many risks a company faces today.
Whether it’s human failure in the supply chain between DCNS and its clients, or an attempt to undermine the deal as the French group finalizes its $38 billion contract with Australia, the lesson that needs to be learned is the same: Even DCNS, which prioritizes security and confidentiality due to its defense activities, can’t entirely protect itself from threats. You can then only imagine what it must be like for other companies that are not at the cutting edge of technology.
[rebelmouse-image 27090412 alt=”” original_size=”1280×450″ expand=1]
Checking for leaks? Photo: Outisnn
Most small companies have no risk management strategy. Many don’t even realize what’s at stake. Accidents, fraud, cyberspace weaknesses, weather hazards, terrorists, geopolitical crises, competition in the digital sphere — companies face many new threats today.
Moreover, we need to make progress on individual behavioral inside companies. Today, we transmit data casually, misplace office tools, and talk openly about projects and contracts on the bus or metro. A company’s subcontractors and clients don’t even know about security risks or how to manage them. Business continuity planning is inadequate, if not absent.
“We’ve entered the era of great systemic risks,” is how Brigitte Bouquot, president of the French association for risk management and corporate insurance, summed up the situation earlier this year. Improving our organization and training to better identify risks, analyzing and anticipating these factors, and learning how to work with maximum vigilance, is not some form of paranoia. It’s a matter of pragmatism and responsibility.
