LETTER_TO_SHAREHOLDERS_106

INNOVATION SPIRIT Cybersecurity: innovation at its purest Given the sophistication of digital attacks, Societe Generale has made cybersecurity a central focus in order to protect its customers, their data, and its Information Systems. Questions for Thierry Olivier, Head of Information Systems Security for Societe Generale Group, on cybersecurity issues in an age when banks are undergoing a digital transformation. LETTER TO SHAREHOLDERS_JUNE 2017 | 9 What are the main cybersecurity issues for banks? Cybercrime has brought with it four major risks. The oldest risk relates to the availability of our information systems. However, it is essential that our customers can access their online banking services anytime, anywhere, on any device (ATAWAD). Next came external fraud, which targets customer-facing infrastructure (online banking sites, apps, etc.), and internal fraud, which targets the bank’s internal systems. Finally, information leaks: theft of data, even limited in scope, may lead to us losing the trust of our customers, both individuals and businesses. In light of these threats, what actions have been taken by Societe Generale? Societe Generale is constantly investing in order to better protect its customers’ assets and transactions. We ensure data security and adherence to bank secrecy. We take action in five areas: The security of applications and the security of all customer data, whether personal or banking related; strengthening the security we offer to our customers (with tools that are both reliable and easy-to-use), and building awareness and providing guidance to our customers as well as our employees, because nearly 90% of attacks worldwide take place through the company’s own staff. For example, as soon as there is a non-compliant transaction – a user who normally logs in during the daytime is seen doing so in the middle of the night – an alert is reported to our SOC (Security Operating Center) which monitors how all computing infrastructure and applications are being used, 24/7. How do customers experience this? Could you give us examples of solutions offered by Societe Generale? One of our leading solutions is the dynamic security code, on the back of the bank card. This is a built-in digital screen that displays a new code every hour, making it impossible to reuse the data. In six months, nearly 100,000 of our customers have already adopted this solution. We also offer software to make the customer’s own area on our website more secure: Trusteer, which helps the user ensure that the site he or she is viewing is not a fake site that has stolen Societe Generale’s identity. Another example is Secure Access, a solution dedicated to businesses that secures the authentication and validation of orders (payments or deposits).