1. Extra Categories
  2. Editor's Pick
January 31, 2020updated 04 Feb 2020 2:58pm

Carrefour CTO: “No usable cybersecurity, no business”

By Robert Scammell

User-friendly cybersecurity is fundamental for businesses to operate, the chief technology officer of French retail giant Carrefour has said.

Speaking this week at the International Cybersecurity Forum (FIC) in Lille, France, Miguel González, global CTO at Carrefour, said that “no usable cybersecurity [means] no business”.

Carrefour is currently going through a large digital transformation project, said González, with the aim to operate more like a “retail tech company”. This involves moving Carrefour’s applications to the public cloud – more than 100 were migrated in 2019.

With this digital transformation, the attack surface for Carrefour has grown.

In 2014, there were around 20 attempts to carry out critical attacks against the supermarket chain. In 2019 this number grew to 120, said González– an increase of more than 500%.

“But it is not only about the number of attacks, it’s also about their nature,” González said during a keynote talk at FIC 2020.

“Threats are becoming more and more sophisticated. Moving from things like attacking, for example, payment methods that are becoming more and more robust, to different kind of things.”

He gave the example of cybercriminals hacking customer loyalty wallets.

“Imagine you’ve been saving Carrefour loyalty points for Christmas, to buy your favourite bottle of champagne, or delicious saucisson. And then basically, somebody’s got access to your user credentials online. And at the same time, these guys send somebody to one of our stores, to use all your coins.

“This is happening today,” he said, adding that Carrefour’s policy is to reinstate customer points that are stolen in cyberattacks.

“So in this context, cybersecurity is key for Carrefour.”

Usable cybersecurity solutions

As CTO he promotes UX (user experience) by design, data enabling and business accountability to defend Carrefour from cyberattackers.

“At Carrefour, we believe in putting people at the centre of cybersecurity,” he said.

“The point is, we need to make sure that our cybersecurity capabilities and cybersecurity solutions are user-friendly, are simple to use. What we do at Carrefour is to think cybersecurity solutions as if they were solutions that we are going to offer to our end customers.

“It’s all about moving from having users performing complex configuration to simply downloading, applying the process. It is all about being natively integrated with Gmail, which is our cloud email solution. It is all about moving from an exchange of public-private keys, downloading and installing a certificate to simply being authenticated with email.”

Read more: Private sector key to fighting cybercrime, says Europol director