FIC 2023: Insights and Takeaways from Europe's Premier Cybersecurity Tradeshow

Exploring the growth of cybersecurity, the industry's marketing challenges, and key highlights from FIC 2023

Welcome back for this second edition of Cyber Builders, a publication where I share views on the cybersecurity industry from an entrepreneur's eye.

If you missed it, look at last week's post, “Why Building Cybersecurity Solutions Remains Critical.”

Last week, I attended the FIC 2023 tradeshow, so I’ll cover what exciting topics I’ve seen and some personal thoughts about what a show like this says about cybersecurity in Europe.

FIC 2023, an intense event

The FIC (Forum International de la Cybercriminalité) is a yearly tradeshow that brings together the French cybersecurity community and some European visitors from Germany, the UK, Belgium, and the Netherlands.

By its size, the FIC 2023 was a fantastic event showcasing that the cybersecurity industry is a growing ecosystem with many stakeholders. Its most significant strength is to be a multi-stakeholders event. During the same three days, 20 000 people participated in a vast program, including 16 000 in person.

Startups are given ample space within an Innovation Village. The floor is packed with security vendors from software publishers, SaaS companies, and consulting or service businesses. Vendors have conferences within the expo to pitch their latest initiatives or technology. The European Cyber Cup hosts an event where college students participate in a hacking challenge. Keynotes are organized with public entities, including the Swedish or Belgian Minister of Defense, EU Commissioner Thierry Breton, and the Director of the French cybersecurity agency (ANSSI).

Researchers have a conference track dedicated to them, where they can present a "masterclass" on advanced topics. Each research corner presentation lasted 30 minutes. More information on this can be found below; it was one of my favorite sessions.

One of the things that stood out about the FIC was the diversity of its attendees. Participants from Europe, including big companies and startups, were present, but the French government lacked representation.

The FIC 2023 was a fantastic event. Still, even though I enjoyed connecting with the community, I was skeptical about the business impact on the companies within the expo.

The security ecosystem must evolve.

I spent hours walking through the various alleys and booths and looking at what vendors were saying and what they were highlighting in their messaging. It was tough to understand the company's purpose and where they excel. What makes them unique, and how are they different? In a show with hundreds of booths, which ones should you visit?

This situation is due to

• Very little investment in the marketing budget and event preparation. Some CEOs may think that getting a lot of visitors is enough. However, connecting with the right stakeholders - the one's material for your business - is essential during a trade show. Many companies are missing this.

• No differentiation and unique value proposition. Many vendors must consider their target audience and how to reach new customers before copying and pasting buzzwords like EDR, XDR, threat intelligence, anomaly detection, and vulnerability management. Visitors looking at a booth or a website must be hooked.

• Technology, for technology's sake, is not enough. As an engineer, I love building new cybersecurity technologies, but it's about more than just your perfect technological stack regarding sharing, explaining, and eventually selling what you've made. It's about the use cases your technology can solve. Vendors should pitch more about their technology's value rather than simply promoting it as the ultimate solution for <placeholder> (ex: malware detection).

  As a security leader within a large enterprise, you should carefully evaluate and select technological products based on their ability to solve specific use cases and deliver value to your organization. Don't be swayed by buzzwords or flashy marketing pitches. Instead, focus on the practical benefits of new products and how they can integrate with your existing security infrastructure.

The Cyber Builders Substack is dedicated to these topics, and I am sharing my views not to blame anyone but to offer help. Please feel free to subscribe and comment on this post.

Startup founders and salespersons must prepare and book meetings in advance. With such a large crowd and undifferentiated booths, it's unlikely that many people will discover new vendors just by walking through the alleys. Those who are successful in meeting new people are the ones who prepare ahead of time, sending contact requests over social media and email with meeting requests, announcing new product features, and offering demos to their prospects and contacts. These are the people who stand out from the crowd and generate excitement. Don't wait for people to come to you – be proactive and reach out to them yourself.

The FIC organizers have demonstrated a good grasp of this issue and have taken steps to address them effectively. One such step was the creation of subspaces on the expo floor, like the Cybersecurity for Industry Village and the Identity and KYC Village. These specialized areas allowed for a more focused exploration of specific topics, promoting in-depth discussions and a better understanding of the challenges and opportunities.

Cybersecurity is a global concern, and visiting the Brittany, New Aquitaine, or AURA booth feels odd. By providing these subspaces, the FIC organizers created a more diverse environment. Still, I think it isn't logical to have a large booth per French region. Cybersecurity products are not cheese or wines. There is no regional taste. Startups hosted in these big booths save costs but are missing a chance to stand up.

Still, I enjoyed the funny “Here. We are rather white hats” picture from the Brittany region. 😁

My four takeaways from FIC 2023

Participating in the event was very positive, and I have four takeaways.

1. The Research Corner was a great place. I spent a few hours listening to scientists present their latest research. The most exciting topic was the discussion around functional encryption. It might be a set of algorithms key for establishing trust relationships over the Internet and unlocking some uses of cloud computing where privacy and security are material.

   Functional encryption is a generalization of public-key encryption, where possessing a secret key allows one to learn a function of what the ciphertext is encrypting. The researcher educated the audience with pragmatic use cases and discussed homomorphic encryption and other techniques.

2. An interesting merger and acquisition (M&A) operation has been disclosed. Free Pro, a large telecom service provider, has announced its acquisition of iTrust. Created in 2007, iTrust grew by adding innovative cybersecurity software to a catalog of professional services. It will be interesting to see how the new offering for small and medium-sized businesses (SMBs) will develop. For small companies, monthly rates will start at less than 100 euros. For example, protecting 20 workstations and deploying a Security Operations Center (SOC) for an SME will cost 400 euros monthly. For large companies, the complete solution will be a flat rate "without consumption overrun.” Free Pro Cyber XPR offers a technological solution that uses artificial intelligence to analyze large volumes of data and provides cyber analysts' expertise through two SOCs.

3. The relationship between cloud computing and security is now more mature. The perception that the cloud is a security risk has changed, and it is no longer viewed as the enemy of Chief Information Security Officers (CISOs). Cloud technology has become an indispensable tool for many businesses, allowing them to leverage the power of the cloud to boost productivity, enhance collaboration and streamline operations. It has also provided new opportunities for CISOs and vendors to develop innovative security solutions specifically designed for cloud environments, addressing the unique challenges of cloud-based systems.

4. Important announcements such as the European "cyber solidarity act" and the "cyber dome" have been announced by EU Commissioner Thierry Breton. Cyberspace is increasingly contested, and Europe must protect it for sovereignty reasons. EU nations need to unite their forces to be more effective in detection, defense, and deterrence as the threats increase. We have moved from a world where it was mainly necessary to defend computers and critical infrastructures to a world where all everyday connected objects are potential vulnerabilities. EU Commission has already proposed obligations for IoT devices to integrate protection measures from the design stage and has banned certain risky suppliers. Still, Breton said during his talk that more needs to be done. He aims to create a "European cyber shield" to better detect attacks upstream by investing more than one billion euros in constructing operational security centers (SOC). These centers will ensure the security of networks based on supercomputers and AI, capable of detecting malicious behaviors in a few hours. They could be operational by early 2024.

   Finally, In managing cyber crises, Breton said it is essential to exchange a maximum of information in a minimum of time and pushes stakeholders to adopt a logic of mutual assistance. EU will therefore create a European cyber reserve comprising several thousand volunteers and professionals working in concert with national authorities and forces, which can be mobilized in the event of a cyber attack. EU states must also invest jointly in the indispensable effort of training. Finally, Breton reminded us that the EU had established a cyber diplomatic framework allowing solid sanctions after attribution.

   Hearing such a committed talk by one of the most influential EU Commissioners is nice.

In conclusion, FIC 2023 showcased Europe's vibrant and growing cybersecurity industry, with a diverse range of attendees from startups, large companies, and researchers. Key takeaways from the event include the need for cybersecurity vendors to improve their marketing and messaging, focusing on differentiation and unique value propositions. The event also highlighted the increasing maturity of the relationship between cloud computing and security and significant announcements like the European "cyber solidarity act" and the "cyber dome."

By learning from these insights and addressing the challenges, the cybersecurity industry can continue to evolve, innovate, and protect our digital world. Stay tuned for more updates and perspectives on the cybersecurity landscape in future editions of Cyber Builders.