Technology Cybersecurity experts are committed to co-responsibility: “Outsourcing services does not exempt from...

Cybersecurity experts are committed to co-responsibility: “Outsourcing services does not exempt from obligations”

Third technological forum organized by Europa Press, ‘Cybersecurity and Cyberthreat: Security Standards and Cyberattack Protection’ – Jesus Hellin – Europa Press

Awareness and training in cyber risks is presented as vitally important for both public and private entities and of any size, but beyond being aware that an attack can occur, the creation of a recovery plan and trust in external suppliers makes the difference between companies. In this sense, industry experts are committed to co-responsibility, emphasizing that “outsourcing services does not exempt companies from obligations”.

These are some of the conclusions that have been shared this Wednesday at the Third Technology Forum organized by Europa Press, ‘Cybersecurity and Cyberthreat: Security Standards and Protection from Cyberattacks’, presented by the head of the Cybersecurity Regulations and Services Area of ​​the National Cryptologic Center (CCN), Pablo Lopez, and which was attended by Fujitsu’s Head of Cybersecurity, Javier Perez; the director of Presales and Business Development of Econocom Services, Isaac Rosado; the director in the Risk Advisory area of ​​BDO, Roger Perez; and the Cloud Director Southern Europe at OVHCloud, Adrian Gonzalez.

Pablo Lopez, representing the CCN, stated that in a growing context of cyber threats, “it is time to implement the best practice, which is given to us by security standards”. These standards “provide criteria and order, […] they are a guideline to follow”. But he has clarified that it is necessary to go further, and also have a model.

This model must allow the service needed to be adapted according to the resources and maturity of the entity, and it must be possible to put it into practice so that the cybercriminal understands it as a deterrent.

Lopez also highlighted the importance of keeping the standards up to date with the latest innovations, and of generating, based on good practices, an internalization by all the actors involved in this process, so that they see “cybersecurity as something necessary” .

“In the CCN we have become facilitators. It is not necessary for us to tell this message, because the message is already penetrating. We are creating something called culture. We are what we defend; if in the end you believe this, you are part of this “, concludes the manager.

One of the main threats today is represented by ‘ransomware’, as highlighted by Fujitsu’s Head of Cybersecurity, Javier Perez, who has cited a recent study by the World Economic Forum in which it is stated that attacks of this type they have grown 435 percent in 2021.

Although “the ultimate goal is to make money”, as the Fujitsu manager has pointed out, ‘ransomware’, and other cyber threats, can have a strong impact on the reputation and productivity of the affected entities, as indicated by the director of Presales and Business Development of Econocom Services, Isaac Rosado.

However, even today there are managers who put investment in digital transformation before investment in cybersecurity. “I don’t think they are mutually exclusive,” says Rosado, who explains that “it’s not about choosing between digital transformation and cybersecurity,” but rather that those same services have to be part of the corporate culture.

And precisely to avoid choosing between one and the other, there are the standards, which “are good practice guides, some minimum requirements, but they allow you to know what you have to do and what you cannot do in relation to an information system and the risk management”, stated the director of BDO’s Risk Advisory area, Roger Perez.

Part of the digital transformation involves moving to the cloud, but “the speeds are very different”, since “not everyone has the same capacity, not all technologies, not all clouds are made for all kinds of projects” , as recalled by the Cloud Director Southern Europe at OVHCloud, Adrian Gonzalez.

“Within this transformation and within what has to do with data protection, we cannot forget the legal frameworks and the part related to the infrastructure. […] Thanks to the certifications and the frameworks, there has been an acceleration, an approach to what we have to do as cloud providers to guarantee that this transformation and process is done with total guarantee”, he adds.

The war in Ukraine has made it clear that there are sectors that are more vulnerable to cyber threats. One of them, although more traditional, is the financial “because they handle money, and that money is handled electronically and can be stolen,” says the Fujitsu manager. Along the same lines, the more recent cryptocurrency sector. But also health infrastructures, in which, in addition to data theft, people’s lives can be directly endangered.

“No matter how many doors we put up, it is clear that in the end the problem can end up happening,” says Rosado. For this reason, backup copies (‘backups’) are essential, as well as disaster recovery plans, which allow the recovery of the entire IT service as such.

People remain the weak link in a company’s cybersecurity. For this reason, the director of BDO has underlined the importance of training, and in the case of a supplier, of “having trained, qualified employees, to be able to carry out security audits”, since it is the person who must assess information systems.

This training is also one of the tricks with which companies seek to retain talent, in a context where it is detected that there is a lack of profiles in cybersecurity and data analysis. But as the OVH Cloud manager has pointed out, “the market trend is to go towards specialization”, and he understands that it is “important to surround yourself with companies that take control” when it comes to auditing or implementing security solutions.

But outsourcing experts or services “does not mean externalizing responsibility”, which, as the director of BDO’s Risk Advisory area has assured, “remains with the company”. This idea is shared by the rest of the speakers, who during their various speeches have highlighted the need for companies to prepare for a potential attack and the importance of standards in guaranteeing security.

Source: Europa Press



Please enter your comment!
Please enter your name here