Interview with Pascal Steichen, CEO of SECURITYMADEIN.LU
The ATTF (“Agence de Transfer de Technologie Financière”) was established in 1999 with the aim to fight for inclusion and development of selected partners and countries through training and the sharing of Luxembourg’s financial expertise. The agency has recently been integrated into the House of Training, which offers internationally oriented seminars and provides technical assistance in specified technical knowledge in banking, capital markets and other vocational sectors both in Luxembourg and internationally. The technical assistance is provided through government funding to ca. 55 partner institutions in more than 40 countries.
The integration of the ATTF S.A. into the House of Training has not only made the ‘ATTF’ style programmes more available to non-partner countries on a paying basis, but has also increased access to a far wider range of vocational House of Training resources covering subject areas that are not just financial but commercial also.
As part of this scheme and activities, a number of trainings, seminars and workshops are organized on a regular basis. One of them, the “Executive Programme: a Strategic Bank Management review”, took place from May 29 until June 2, 2017, in Luxembourg. It gathered more than 15 top management attendees from various countries: Albania, Bulgaria, Croatia, Georgia, Lebanon, Kosovo, Macedonia, Moldova, Mongolia, Montenegro, Tunisia and Vietnam.
Amongst the experts providing the training, Pascal Steichen, CEO of SECURITYMADEIN.LU gave some insight into the Cybersecurity risks, challenges and opportunities banks can face.
Steichen sat down to give us the story:
It is the first time Cybersecurity is tackled within such a programme, and actually requested by the participants. How can you explain this?
Cybersecurity has truly become a newsworthy but also important topic for all companies and sectors. This trend is linked to two factors: the rapid digitalisation of our society and the dependency that is being created towards IT. Anyone who talks about IT also talks about information security. They go hand in hand. Risk management is no more a technical topic only, even if it seems so, as it is nowadays reaching the board level and the organisational structures.
Another phenomenon is the growing professionalism of the cybercriminals. They are much more organised and structured. They have developed a real business behind their activity and they use different tactics on a daily basis.
What was the reaction and feedback of your trainees?
I was gladly surprised to see how interested and sensitized my attendees were about this topic. They even asked me to explain more about the Darknet and Tor. The reason for that is principally because they have already faced a number of standard phishing attacks and also spear phishing scams targeting corporate executives.
I have also realized that they were not informed enough about the market and the services or even competences they could benefit from. They have only been confronted to threats and vulnerabilities but are not aware of the range of services available in their own country or internationally. There is a strong community of experts (e.g CERT/CSIRT) who can help at any time. I sometimes also had to “dedramatize” what has been said and portrayed in the media.
What are the lessons learned for you?
It was a great experience for both the trainers and the trainees. From the first minutes, the interactions, opinions, best practices and knowledge sharing were already high. I learned a lot myself and got really good feedback.
We sometimes think in Europe and more specifically in Luxembourg, that people from top management, due to their position and responsibilities within their company, are unreachable. But it is not the case. They also have a great thirst for knowledge, discussions and information sharing.
What are the next steps?
It was interesting to see that straight after the training, my attendees had already contacted their security departments to get extra information and confirm what they had just learned. Some were already in touch with experts like CIRCL.
In general, the feedback was really positive and all the attendees requested future trainings, in order to be able to dig further into the digital sector and the Cybersecurity field.
What is the added value for Luxembourg?
The aim of this programme is to show the strong expertise of Luxembourg in different fields, including the Cybersecurity one. This has, I think, been largely validated and confirmed. Luxembourg has shown its sharing capacity and openness, whatever the topic and field.
This exchange is also important with regards to the network we are trying to build in countries where the economy is not as diversified and fast. It is also in these countries where cybercriminality is high and attracts a lot of people, especially young people, because they know they can make money real fast.
Independently form the financial sector, I believe there is a great potential for further exchanges and collaborations in all fields and industries with the countries represented.