On 28, 29 and 30 January 2020, the 12th edition of the FIC (Forum International de la Cybersécurité, International Cybersecurity Forum) was held in Lille. This year, for the first time, a retail company could be counted amongst the exhibitors. Surrounded by the giants of technology and cybersecurity, Carrefour was able to present its innovations and assert its digital identity in cyber. It was an excellent opportunity for our teams to take the floor.

But… What are shelves of apple juice and cookies doing in the middle of hacking challenges?

Welcome to the Carrefour booth at the FIC, the leading cybersecurity exhibition in Europe!

What is the FIC?

The FIC is the leading European event on cybersecurity. A “hybrid format” forum to foster exchanges among the European cybersecurity ecosystem and a trade show for buyers and suppliers of cybersecurity solutions to meet and network.

A few figures on the 2020 edition :
– 12,5K participants
– 110 countries
– 450 speakers

The theme of this edition was  “Putting human beings at the heart of cybersecurity”.

“Human-machine interactions need to be rethought to make security more intuitive, and to integrate the ‘security by default’ requirement into processes and uses. In other words, to give priority to the ‘user experience’.The goal is certainly not to oppose human beings and technology! On the contrary, the aim is to make the most of both.”

–

Our beliefs in cybersecurity

Carrefour: working hard to become a retail tech company

Carrefour had the opportunity to attend the FIC 2020 and give visibility on tech and cybersecurity efforts within the company.

As a reminder, Carrefour is a global enterprise in terms of geographical scope, employees and revenue :

• We serve our customers across multiple touchpoints. This includes physical formats (hypermarket, supermarket, convincience and cash & carry) as well as e-commerce / digital activities.
• We are very proud to work in a collaborative manner with partner producers to ensure the best quality.
• Carrefour has a commitment towards the food transition, pushing themes like organic products or organic farming.
• And, by the way, we are not only retail, we are also a powerhouse of services in multiple disciplines such as banking, travel or ticketing.

Carrefour digital, data and tech teams are working hard to evolve the technological foundations and ways of working of the company, becoming more agile and modern while extensively leveraging technology to better serve our customers. In other words, Carrefour is becoming closer to a “retail tech” company. In fact, our 2022 plan leads us to putting the digital, data and tech transformation at the center of our strategy. Here are a few examples:

• An aggressive commitment towards the public cloud.Global big data capabilities, with standardized local instances for all Carrefour countries (shared data models, reusable AI, etc.).
• Replatforming our digital customer experience using open and modern architectures.
• Pioneering food traceability with blockchain (tracking products from the producer till the store)
• Other initiatives like biometric payment; digital in-store innovation, APIs or digital workplace.

–

More attacks and more sophisticated

Between 2014 and 2019, as many other global companies, Carrefour has seen an increasing number of attacks (+ 500%). But it is not only about the volume of attacks, but also about their sophistication.

Let’s take the case of Carrefour’s customer loyalty wallet. Usually, attacks used to target payment methods (VISA, Mastercard, etc). Now, cybercriminals are  aiming to compromise  our customers’ loyalty wallets.

Let us illustrate with an example: You have been saving Carrefour loyalty points all the year for Christmas, to use them to buy your favorite bottle of Champagne. Then, a set of hackers that gained got access to your online credentials and sent somebody to a store to use your points. This type of threat is happening today.

When this sad situation occurs, we notify the customer, and of course we apply Carrefour’s policy, which is to proactively give back the saved amount, in a totally transparent manner for the customer.

No usable cybersecurity, no business

In line with the 2020 FIC theme, in Carrefour “we believe in putting people at the center of cybersecurity”. In our mind, cybersecurity is an essential prerequisite for digital transformation and to secure our operations. If our employees or our customers do not understand cybersecurity, if they do not embrace cybersecurity, the effort will be pointless.

The trickiest question is how to do it, especially in the context of a huge company with a strong weight of history such as Carrefour. A few clues on a possible answer can be found in the following four major guiding principles.

• User Experience: We need to care of the UX of our cybersecurity solutions as if they were to be used by our customers (vs. internal staff). A good example is Virtru, a super easy to use solution to encrypt emails.
• “By design” : Making cybersecurity default within our technology is a major lever for adoption. In Carrefour we have for instance a standard way to go to the cloud, with standard cybersecurity mechanisms embedded in all the apps that move2cloud.
• Data-enabled: With a very concrete application to move  from a traditional Security Operations Centre – SOC –, based on compliance, to a data-enabled SOC,based on a risk management approach and using data technologies as machine learning to detect issues early on).
• Business accountability: Involve business users early in cyber strategic thinking to offer them the opportunity to shape cybersecurity. In this sense, we consider cybersecurity a C-level topic within the company, that goes well beyond IT, with profound business implications.

–

Sneak peak at Carrefour’s participation at the FIC

Carrefour’s booth

During the trade show, we had the opportunity to showcase our talents in a  beautiful booth with four areas:

• Carrefour’s Bar: Visitors were welcomed in a “bar” area. “Cybersecurity” goodies were distributed as well as Carrefour’s products reflecting our food transition commitment.
• Recruitment spot: Our human resources colleagues had an specific area to recruit new cyber talents. 
• DLemos: As an innovative company, Carrefour demonstrated three key concepts in its booth. First, biometry, giving the guest the opportunity to perform a biometric payment during his / her shopping journey. Second, the “Data Centric” technology, a sophisticated approach regarding data protection, which involves encrypting data “in transit”. And finally, the blockchain so guests could understand the value of the use of this technology for food traceability).
• Networking: The booth was completed by a small, cozy area to meet and chat with cybersecurity companies, partners and experts.

We had the pleasure to welcome two major guests to the booth: Agnès PANNIER-RUNACHER – Minister of State, attached to the Minister of Economy and Finance – and the General Christian RODRIGUEZ – Director General of the French Gendarmerie.

Keynote

Our Global CTO, Miguel Angel Gonzalez Gisbert had the opportunity to go on-stage and share Carrefour’s views on cybersecurity, as part of the FIC opening session.

Miguel presented Carrefour’s digital, data and tech transformation as a key lever at the service our business goals.

“It is at the heart of our strategy. It is essential to achieving the objectives of the Carrefour 2022 plan. Public cloud, big data, One Carrefour, blockchain, the partnership with Google… All these projects are part of a dynamic plan aimed at bringing Carrefour closer to a retail tech company. In this context, cybersecurity is obviously essential”.

“Threats are intensifying and becoming more and more sophisticated”,  continued Miguel Angel Gonzalez Gisbert. “We need to have strong internal capabilities and tools to respond to these new threats in the best possible way. I am thinking of the principle of ‘security by design’. It consists of integrating security by default as part of any project. In fact, cybersecurity should not hinder projects but rather act as a loyal supporter. Our security model must be adaptable, resilient and put customers and employees at its heart. Without effective cyber security, there can be no business”.

Roundtable

Carrefour managers had the opportunity to lead a great roundtable discussion on our digital transformation and the link with cybersecurity.

 “Our presence at the FIC today, as an exhibitor and speaker, is also a symbol of a profound transformation of our company. Our goal is to become closer to a retail tech company“, said Clémence Delestre, Director of Digital Partnerships & Digital Acculturation – Google Alliance.

“The digital factor has a transversal effect on all the pillars of our transformation to accelerate our transformation towards a customer and data-oriented enterprise. Cybersecurity is a fundamental element of this transformation that must be considered at all levels of the company, whatever the business line: We are all active contributors to protecting Carrefour’s assets!”

“We must radically change the way we work. To succeed, we must be bilingual: both tech and business. From our point of view, technical issues are allies for business progress. In fact, the progress we have made in the digital world since the Carrefour-Google partnership was set up is the best symbol of this”.

---

The outcomes of participating at the FIC were extremely positive for Carrefour and our teams were glad to be part of this adventure. It is amazing how much one can learn from other actors, traditional as well as digital-natives, when the conditions are met for open exchanges. We look forward to keeping on progressing in the domain of cybersecurity and “giving back’ by sharing our latest thinking with the community.

Do not hesitate to check our other tech projects on Horizons.