Recent cyberspace evolutions

Contrary to the stereotype of lone hackers operating from their garages, they now function as structured organizations with global operations.

Additionally, technological advancements have enabled these malicious actors to carry out more sophisticated threats, such as fileless attacks, which leave no trace on storage drives, making detection by standard tools challenging. Cybercriminals also leverage generative AI to develop malwares more easily, create harder-to-detect attacks, and impersonate CEOs or other executives to defraud employees with highly convincing scams.

Supranational organizations like the European Commission and the European Parliament have observed these changes and introduced legal frameworks to bolster cybersecurity among member states. Examples include the NIS2 directive, DORA, and the recent EU AI Act, which aim to address various cybersecurity and data protection challenges.

Finally, humans are often the central focus in cybersecurity as they are frequently targeted through scams such as phishing, vishing, and social engineering. Fraudulent schemes often exploit human trust and mistakes, underscoring the need for increased awareness and education. All these findings reinforce the idea that cyber security is more than ever a major challenge for organizations.

Comprehensive Cybersecurity Approach

Fujitsu helps organizations enhance their cybersecurity maturity and resilience. Acknowledging that the question is no longer “if” but “when” an attack will occur. In 2024, the average cost of a cyberattack is estimated at $4.88 million USD (according to a study conduct by IBM). To address these risks, we offers both project-based services and consultancy in the following areas:

1. Maturity Assessment

An effective risk management approach begins with a thorough evaluation of the current state of an organization’s cybersecurity posture. This evaluation can leverage frameworks such as NIST, CIS, ISO 27001 or ISO22301depending on the needs and problematics to address. The assessment, which can also target compliance to regulations such as NIS2 or DORA, encompasses security policies, procedures, critical components, applications, and their configurations. Additionally, our team of experts supports clients in Governance, Risk, and Compliance (GRC), establishing vulnerability management strategies and improving existing security documentation and procedures.

Fujitsu also addresses the human aspect of security by designing customized phishing campaigns. These campaigns not only test employee awareness but also serve as a basis for targeted training and education, using a pedagogical approach informed by campaign results.

2. Business Continuity and Resilience

We excels in helping organizations manage cyber crisis. By creating attack or disaster scenarios, our experts can test the current cyber resilience level of any organization. This process often leads to the development of Business Continuity Plans and Disaster Recovery Plans. Additional measures, such as air-gapped and smart backup systems, are implemented to facilitate seamless recovery in case of incidents. Backup and restoration strategies are rigorously tested to ensure reliability.

Penetration testing is another key service provided by Fujitsu, performed using methodologies as TIBER and led by certified teams (CISSP, OSWE, NIST, OWASP, etc.) in TLPT mode if required. This activity also includes physical intrusion tests employing social engineering techniques to evaluate not only the systems and procedures but also the human and physical aspects.

3. Managed Detection and Response (MDR)

With 15 Security Operation Centers worldwide, comprehensive solutions are available, ranging from technical tools such as EDR, NDR, NGFW or SIEM that can be managed or not to full SOC services including threat monitoring, incident response (CSIRT), vulnerability management, forensic analysis, and threat intelligence. Additional services include sandbox environments for detonating suspicious elements and attack simulations. All our offerings are customizable to meet client’s needs.

4. Artificial Intelligence in Cybersecurity

Now that AI has become an invaluable tool, a major challenge is to use it securely. In cybersecurity, but its use must be carefully managed to prevent misuse. Risks such as data leaks, disruptions, and model poisoning necessitate a secured approach. Two key AI-driven services help organizations mitigate these risks::

AI Implementation Support: Ensuring that AI solutions are implemented with a “secured by design” philosophy, aligning with security requirements and best practices.

AI-Assisted Security Operations: Fujitsu has a strong team dedicated to research and innovation who has developed a Large Language Model (LLM)-based solution capable of ingesting extensive data, including system architectures, security telemetry, threat intelligence, MITRE ATT&CK frameworks, etc. This tool can then be used to answer various use cases that may occur among cybersecurity team. It can be used to enhances incident response by rapidly analyzing alerts and recommending actions, such as firewall adjustments or machine isolation. Operators can review and modify these recommendations before execution. It can also be used to tackle Cyber Threat Intelligence analysis and ingestion or to deal with cyber crisis management for example. The added value of this solution resides in its ability to tackle time-consuming security tasks while addressing the industry’s resource shortages. Fujitsu’s team explores numerous use cases with customers that have interest in leveraging AI in cybersecurity.

5. Identity and Access Management (IAM)

IAM has become indispensable in today’s decentralized environments where cloud applications and resources pose significant management challenges. Poor access management, such as accounts left active after employee departures, creates vulnerabilities for hackers to exploit.

IAM solutions centralize user and access management, reducing risks associated with “orphaned” accounts and improving regulatory compliance. Features generally include multi-factor authentication, lifecycle management of user accounts, periodic audits to ensure alignment with organizational security policies, etc.

By integrating IAM solutions with existing security frameworks, organizations can enhance their security posture while ensuring seamless user access experiences.

Conclusion

The cybersecurity landscape is increasingly complex, with evolving threats and regulatory pressures. A holistic approach combining technical expertise, human-centric strategies, and cutting-edge tools equips organizations with the resilience needed to thrive in this challenging environment. Whether through risk management, AI-driven solutions, or identity governance, Fujitsu provides tailored services to address the multifaceted challenges of modern cybersecurity