Nous sommes heureux de vous présenter l’interview de Pierre, consultant DevSecOps chez Foyer Global Health. Vous trouverez ci-dessous la transcription écrite de la vidéo (en anglais).
Hello, I am Pierre, and I am an independent DevSecOps consultant at Foyer Global Health.
Can you explain more about your job?
I am a security engineer, so I am working to implement cybersecurity on a daily base.
Is it your dream job?
Cybersecurity is not something that you choose, I would say directly… What I like is being able to always try to implement the Best-of-Breed in the solution and try to avoid any security problems.
Are there more risks in cyberattacks?
I would say, maybe the systems are today in general way more secure, but the factor of the number of system devices is growing exponentially, the attack surface is more important than before.
What are the biggest risks nowadays?
The biggest risk is to have personal information that is breached, personal information of insured members, or medical records that could be extracted from the system.
The biggest threat- is the human factor, because the root of the incident is always coming from either a phishing attack, or a social engineering attack. Like I will send you a message on WhatsApp saying: “Oh, I am your manager”, or a security audit team that says: “Oh please we are in a middle of an audit, can you please give us your password”, and then you will have to approve your multifactor authenticator…
Most of the time, the employee will just say: “Okay, take it, go ahead!”. So, the human factor is really, really important.
How is cybersecurity managed?
So, at Foyer Global Health, we have a security committee which is reviewing access management, the application landscape, the different systems that communicate with each other, the security policies…
We are working on a daily basis to push the shift left principle, which means that we try to implement as early as possible security measures in the development process.
What has been the worst cyberattack?
Okay, that’s a good one! In October 2022, we faced a major DDOS attack on the website. DDOS attack is a denial of services attack. It’s an attacker that will try to bring down the website to make it unresponsive to others. We got more than one hundred and thirteen million requests in a couple of hours, coming from two thousand different IP addresses. And we had to implement custom scripts in order to detect and block the attack.
Fingerprints, Face ID…what’s next?
Face ID and fingerprints are convenient. Another one that is widely known is voice recognition. The problem is that the user experience when using voice recognition is not so great because if there is a lot of noise, it could be difficult to isolate properly the signature of the voice, and it’s also easily replicable.
Another one that is emerging is the iris because it’s unique. But it requires a really, really strong device to properly read the iris.
What’s worse? Servers burning or hacking?
Cyberattacks can be easily countered. Fire in the server could have more damage in terms of availability. But as we are using the cloud, that’s not a problem, and we are working on a multi-tendency over three data centers. So, one can burn, it would not affect our daily operational business.