Vincent FROIDEFOND, CFO/CIO of Monaco Asset Management (MAM), recently took part in the FIRST Regional Symposium Europe, in Monaco, a key event bringing together the major players in cybersecurity. In this interview, he discusses the highlights of the conference, the challenges of cybersecurity, and the evolution of cyber threats, particularly with the rise of the cloud and artificial intelligence.
A high-quality event that promotes international collaboration
This was your first time participating in the FIRST Regional Symposium Europe.
What were your impressions of the event?
I was delighted by the quality of the conference and its organization. This symposium is a unique setting for exchanging ideas with cybersecurity experts. It brought together around 250 participants, mostly from national incident response centers (CERTs), but also from private and academic sectors.
Was there a particular conference that made an impression on you?
Yes, one presentation caught my attention: the analysis of a vast money laundering network operated by a Chinese group via online casinos. This network managed to conceal its activities for several years on Microsoft and Amazon servers, thanks to sophisticated computer set-ups. A fine example of the intersection between finance and cybersecurity!
Do you think this type of event improves international cooperation in cybersecurity?
Absolutely. There is a real community within FIRST, where cybersecurity players exchange information in complete confidence. Incident response centers from several countries collaborate closely, including between states that, diplomatically speaking, no longer communicate. This cooperation is a major asset in the fight against cyberthreats.
Cybersecurity and asset management: what are the challenges for MAM?
Why did Monaco Asset Management decide to participate in this event?
Cybersecurity is a strategic issue for our business as well as for the financial sector in general. With the rise of the cloud and new technologies such as AI, attackers' tools are becoming more widespread and increasingly sophisticated, forcing us to continually adapt our protections. Participating in this type of conference allows us to anticipate developments and reinforce our best practices.
What is your cybersecurity strategy?
Our approach is two-pronged: to minimize our attack surface and improve our response capacity in the event of an incident. We are a small organization (35 employees) and we must achieve a level of protection equivalent to that of large banks, but with far fewer resources. This forces us to be extremely efficient and to invest in the right solutions.
What are the main challenges you face?
We have identified one area for improvement: crisis management training. For example, if ransomware were to hit us, how could we react quickly? How could we coordinate communication with our customers and the authorities? We need to structure and test our procedures, which we will be putting in place soon.
AI and the cloud: new threats or opportunities?
Does artificial intelligence represent an increased risk for cybersecurity?
Yes, and it is a key factor in the explosion of cyberattacks. Today, anyone, even without technical expertise, can buy highly sophisticated attack tools on the dark web for a few dollars. AI makes it possible to automate complex attacks, making the threat even more diffuse and difficult to counter.
Is the cloud also a major challenge?
Absolutely. The shift to cloud computing is profoundly changing the approach to cybersecurity. When a company hosts its own servers, it has full control over access. In the cloud, everything relies on access rights, tokens and configurations which, if inadequate, can become gateways for attackers. It is a major transformation that requires increased vigilance.
Monaco and cybersecurity: effective cooperation
How would you assess the cybersecurity ecosystem in Monaco?
It is very well structured. The Monegasque Digital Security Agency (AMSN) plays a key role: it is responsive, accessible and proactive in supporting businesses. However, more work is needed to help smaller organizations protect themselves effectively.
What recommendations would you give to a company that wants to strengthen its cybersecurity?
The key is not to be an easy target. It's not necessarily about investing heavily, but about implementing a few good practices:
- Have a properly configured firewall and up-to-date software.
- Implement strict access management.
- Make employees aware of email attacks and social engineering.
The aim is to deter attackers by making the attack too costly or complex in relation to the expected gains.
Do you plan to participate in other editions of FIRST?
Yes, we want to take part in the European leg of FIRST every year, because this event brings us real added value. Cybersecurity is a constantly evolving field, and it is essential to stay up to date in order to protect our customers and our company.
