In the first half of our interview with Pablo González, Technical Manager and Security Researcher at Telefónica, and former expert at ElevenPaths, Telefónica’s cybersecurity unit, we covered the evolution of attacks in recent times, and the trends that are defining the cybersecurity sector. In this second part, Pablo analyzes the tools and the knowhow that are helping companies to improve their cybersecurity.
Do you think attacks are getting more complex or that the cyberattackers are becoming professionalized?
In some cases the attacks are more complex; they exploit vulnerabilities or take advantage of more complex bugs, although in other cases this isn’t so. At times it’s tempting to think that a security incident is the result of very complex tactics, whereas in actual fact, it turns out the attackers managed to get in using basic phishing tactics on an employee, or because someone within the organization extracted the data, without an appropriate traceability control. On the other hand, attackers are becoming more specialized, and know how to use the latest trends in order to turn a profit. This is quite normal, since there is an increasing amount of research, more and more information that is accessible, and the volume of data in the security sector grows every day.
Do you think advanced cybersecurity solutions are a priority when it comes to protecting endpoints, now that the number of endpoints is always growing? What role do you think predictive intelligence will play in cybersecurity solutions in the coming months or years?
If we understand cybersecurity as a model in which every layer and every area must be protected – similar to an in-depth defense model in a military environment – any correctly configured solution that helps to improve security, and to reduce the threats and their impact, is a priority. Without a shadow of a doubt, predictive intelligence will help improve cybersecurity solutions. It will become one of the cornerstones for tools within the industry. The importance of getting ahead of situations and risks will be fundamental to the continual improvement of cybersecurity.
Your specialty is pen testing: What tools do you use to carry out these analyses?
You need to have a set of environments and tools that you feel comfortable with. The specific names aren’t important. What matters is exploring the needs that must be fulfilled and what a specific tool can bring at each moment. Of course, in many environments you end up using the same tools and your own manual dexterity. You need to keep an eye on the new tools that appear and that can make your job easier.
How important are ethical hackers in the current business world?
Ethical hacking is a fundamental part of the current business world. The fact that companies need to feel safe in a digital environment in order to go about their business means that ethical hacking vital to improving security, both of this digital environment and of the companies’ activities.
You’re also a lecturer in the cybersecurity sector. How important is teaching in this industry?
Awareness, knowledge, training… they’re all the base of security culture for any company – or at least they should be. Security is fundamental for organizations and Internet users to be able to carry out their activities naturally and safely. Teaching has an important role in the industry, and can come in many forms: universities, private companies, books, blogs, articles, magazines. It can even be self-taught. What’s more, a lot of the time you need to be self-taught in order to assimilate different knowledge, to put it into practice in controlled environments and to be able to better understand the possible situations, risks, and threats.
Employee training is also one of the bases for creating a security culture within an organization. It is vital for the organization and, undoubtedly, the most complex thing to achieve. Initiatives such as gamification , innovation, and challenges can help turn employees into driving forces for security in companies.
How can a company increase its cyber-resilience? What security measures are indispensable?
There are different ways, but the most important is to really want to be resilient. In my opinion, there are a few things to bear in mind:
- Having a team that responds effectively and efficiently to any incident. One that is trained and that can analyze possible situations and make decisions.
- The use of prediction and intelligence techniques is vital for companies these days.
- Correlating events and cases will give a global vision of the situation.
- Having recovery measures that allow an organization to return to a previous state in case of a serious incident.
What’s more, we mustn’t forget that having knowledge within the organization is also vital.
Indeed, here at Panda Security we are convinced that the best way to help companies to be cyber-resilient is not just to work every day to offer the best advanced cybersecurity solutions; it’s also necessary to contribute to increasing knowledge of this field. To do this, keep up to date with expert opinion published monthly on our blog.