Ángel Barbero took part in an online session of the Focused Program of EAE Alumni entitled "Cybersecurity: keeping your company’s information safe". The webinar analysed aspects related to digital security, the importance of people with respect to data vulnerability, types of malwares and the protection mechanisms by companies.
The Telecommunication Engineer and internet security expert started the session by explaining that nobody is fully safe from a hacker attack, from large companies to small firms, because cybersecurity is strongly associated to the information people share with companies. In addition, he emphasized the importance of understanding security beyond simply the economic risks, linking it to the reputational risks faced by organizations.
As users, we are using more and more electronic devices and companies are also digitizing their processes, which all results in information exposure. Therefore, many of the attacks are related to the impact of digitization on our lives. The same thing happens on social media, which is also vulnerable. In fact, social networks are one of the most fragile environments. “Society itself is insecure as an organization because it is manipulated by the use of technologies that form part of our everyday lives”, added Ángel.
The cybersecurity expert illustrated the webinar with examples of attacks on companies, such as information hijacking with Ransomware, Scareware, cases like the USA’s veto of Huawei, data leaks and cybercrime as a terrorist weapon against countries and governments. This all means that cybersecurity is an increasingly important item on people and companies’ agendas. “Responsibility for security comes down to ourselves and making sure we understand our responsibility for information, both our own and other people’s”, explained the engineer.
One of the factors that influences our perception that the environment is not safe is the growth in devices connected to the internet (IoT), which is increasing exponentially: telephones, driverless cars, security systems, cameras, smart homes and other devices we wear, such as watches, or which connect by Bluetooth, etc. “They are all weak points in an environment’s security”. Within this unsafe context, even a USB that you connect to a computer can contain malware.
The telecommunication engineer explained that users need to be informed and aware. “Training and tools are critical to prevent us from being victims of a threat to which we are all exposed”. Looking for vulnerable points is often a benefit for companies that are exposed, because it is something positive. With this in mind, he went on to explain to the Alumni Community what form a cybersecurity plan should take.
He then introduced concepts such as social engineering, the practice of obtaining confidential information by manipulating legitimate users, and phishing for identity fraud. He also examined attacks such as malware, malicious software that filters into a system to damage it (virus, worms, Trojans, spyware, adware and ransomware).
Ángel Barbero then explained the threats involved in transferring data, including legal problems, software issues and physical security. “Companies are weak it is really important to realise that everything related to reputational cost is essential”. One clear example is ING, when its server went down for three days. In addition, he told the Alumni Community that, if they work on a project with data to take great care of it and to consult a lawyer about legal matters.
Other more basic security problems are ethical and legal in nature. One such case is when apps and assistants record conversations or share the coordinates of a location. “We have to be very aware of the things that we are sharing and we don’t realise”, he emphasized.
To finish off, Ángel Barbero listed the challenges that have come from the evolution of technology, both for society in general and for companies. Organizations and users are increasingly digitized, and privacy is a fundamental asset. Artificial intelligence is growing at an exponential rate and data is also a source of insecurity. As such, “people are the weakest part of the whole process, to increase awareness, you have to train and get to know the problem”.