Cybersecurity has become one of the main concerns of IT departments of both companies and public bodies. To discuss the challenges they face, Byte TI organized a meeting, sponsored by Ivanti, with the participation of Jesus Cano CarrilloHead of the Executive Office of the Civil Guard; Damian Ruiz Soriano, CISO of SingularBank; Maica Aguilar, Ferrovial security manager; Javier Torres AlonsoCISO of AllFunds Bank; Carlos Castells, Serban CIO; David Hernan Gallardo, Head of Risk and Security Intelligence at Mapfre; Daniel Gonzalez, Ivanti cybersecurity specialist; Alejandro Las Heras, CTO and CISO of Grupo Eulen and Enrique Aristi Rodriguez, ICU CISO
What have they done in the apartment?
David Hernán Gallardo, Head of Risk and Security Intelligence at MapfreThe meeting began by analyzing what projects had been carried out in the field of cybersecurity. In this sense, David Hernán Gallardo, Head of Risk and Security Intelligence at Mapfre, stated that “at Mapfre we have been following a path that was accelerated in 2020 with the cyberattack we suffered and that allowed us to carry out a series of projects that we had in mind. We were one of the first companies to have a CERT (Computer Emergency Response Team) and in 2011, when we were quite mature, we joined the First Forum, which is the main global organization that promotes a coordinated and collaborative response to security incidents and promotes prevention actions. From that moment we began to develop numerous projects to increase our cyber-resilience. One of them is that the CERT went from being somewhat reactive to proactive and with this, we began to transform the platform by moving to the cloud, which allows us to attack the next project, which is to establish a global cybersecurity model in such a way that a single team manages the entire cybersecurity platform. Within a year we will be 90%-95% in the cloud”.Daniel González, cybersecurity specialist at IvantiY is that, the risks that any organization currently faces are increasingly numerous and sophisticated. In this sense, Daniel González, a cybersecurity specialist at Ivanti, believes that “one of the biggest challenges that organizations face is the complexity of keeping up to date given the speed at which vulnerabilities evolve and the difficulty of managing all of them.” solutions and platforms. Companies need hyperautomation platforms to be able to manage that complexity regardless of the platform on which they work. Ivanti has been growing and has been buying companies to adopt this strategy that is summarized in our Ivanti Neurons platform. Our goal is to be the Microsoft or IBM of cybersecurity. Our DNA is to integrate with absolutely everything.”Alejandro Las Heras, CTO and CISO of Grupo EulenAlejandro Las Heras, CTO and CISO of Grupo Eulen, affirmed that in his company, “we continue with the roadmap that we had planned. Above all, we focus on moving faster, so we have to introduce new technologies, change the work model and hire more staff. Our main decision is to improve what we already had and for this reason we continue to focus on ransomware to block it and prevent it from entering. Additionally, we work with all encryption issues so that the SOC is much faster because the speed to detect and correct is the most important thing. Likewise, we are working so that the cybersecurity part of the culture is not lost and we are also focusing on adapting to the new compliance legislation that may come”.Enrique Aristi Rodríguez, CISO of UCIPara Enrique Aristi Rodríguez, CISO of UCI, “the increase in cyberattacks and their sophistication has caused us to rethink our cybersecurity strategy. We have made a strategic readjustment: we have an environment in which it was difficult to manage vulnerabilities and we have managed to do it efficiently, reaching a vulnerability profile within acceptable levels. We have a good level of internal security, based on asset management, and we can effectively strengthen the lines of defense. So we needed to know what the threat profile was and we began to incorporate capabilities in Cyber Intelligence, to take a more proactive approach around the CYBER KILL CHAIN and MITRE. One of our great milestones is that we have been able to extend internal cybersecurity to customers, which means that we are able to meet the expectations of our stakeholders in a more holistic and efficient way.”
Jesús Cano Carrillo, Head of the Executive Office of the Civil GuardJesús Cano Carrillo, made his debut at the meeting as Head of the Executive Office of the Civil Guard, for which he commented on what had been done under his previous responsibility as IT Director of the Constitutional Court: “The general idea has been to improve the existing strategic context to guarantee security in the transition towards a Digital Constitutional Justice. An audit has been carried out to adjust to the new reality imposed on us by the GDPR and the LOPD, from there we have reviewed our RAT (Registry of Treatment Activities) and the President approved an Information Security Policy (PSI), the first commitment at the highest level with cybersecurity management. In addition, we have designed a plan to comply with the new ENS (National Security Scheme) and we collaborate with the cybersecurity subcommittee of the CTEAJE (State Technical Committee for the Administration of Justice) together with the National Cryptological Center, which seeks to harmonize security measures of the electronic justice system among all the actors involved in this matter. In another order of things, we have also expanded the physical measures, with a new access control system to restricted areas, including the Data Processing Center, the Communications Room, the Backup Center and the Backup Contingency Center . And with regard to technical levels, the response and detection to sophisticated attacks has been expanded, with market solutions based on AI, which analyze behavior. We have extended it to all remote and teleworking teams.”Damián Ruiz Soriano, CISO of SingularBankDamián Ruiz Soriano, CISO of SingularBank explained that “for three years the SingularBank Cybersecurity Master Plan has been annual because the threat scenario changes in its tactical and technical forms and this pushes us to review and improve of our Constant Protection, Detection and Response schemes with projects and budgets that must be in an annual framework. The great advantage is that these are highly simplified, dynamic, fine-tuned, and tactical plans that are highly targeted at the Management Committee. Our two current concerns (and occupations) are directed threats (APT, Advanced Persistent Threat) and Cybersecurity in Digital Fraud, which has a “different” ecosystem from the traditional Digital Defense that is commonly known. One of our objectives is what we call KYC2 (Know Your Customer Cybersecurity), trying to understand customer security to proactively improve fraud detection through zero-intrusive techniques, in accordance with regulations and based on AI. Because one concern is going to be the waves of banking Trojans that are already successful in Latin America and that it is foreseeable that they will also reach Spain”.Maica Aguilar, Ferrovial’s security managerIn the case of Ferrovial, the plans are for three years, although as Maica Aguilar, the company’s security manager, assures, “we carry out periodic reviews to take into account new threats. We are based on a zero-trust model, mainly in the cloud and also in data protection. Our reality has changed a lot as well as the threats. A very important aspect in which we also work on the awareness part because the user is one of the easiest points to attack and technology does not arrive here”.Javier Torres Alonso, CISO of AllFunds Bank affirmed that “we have three-year plans. The last one we did was to gain a very high level of maturity: we implemented different strategies: identification, detection, asset management and we implemented a very powerful SOC. Regarding the protection part, we placed a lot of emphasis on endpoint protection and identity management. I think that now something new and very powerful is coming, which is going to be mixing AI with quantum computing. Two years from now, we believe that quantum computing will change all security strategies and we must be prepared to protect ourselves from a quantum computing attack.”Carlos Castells, CIO of SerbanFinally, Carlos Castells, CIO of Serban, assured that “we started the new cybersecurity strategy three years ago but we have acquired companies in Latin America and a challenge has been to protect these new acquisitions. Therefore, we have established a new security model. We are at a point where the zero-trust strategy “harms” the infrastructure part but it is essential to predict cyber attacks and advance in the detection of new risks, especially in targeted cyber attacks”.
Business and cybersecurity
One of the challenges that cybersecurity departments have is to make management see the importance of having a well-defined strategy and having the appropriate protection tools. The reality is that now, the steering committee is much more receptive. For David Hernán Gallardo, “everything has changed since wannacry broke out. It was an accelerator for the business to realize the importance of cybersecurity. Since then, senior management has taken the issue of cybersecurity as something very important that can affect the business”. Finally, the section on access management was discussed, since access is usually one of the main entry routes for cybercriminals. Biometrics seems to be one of the main trends, not only because of the security it offers, but also because of the comfort it provides for the user. In this sense, the AllFunds Bank CISO stated that “we have biometric access measures in many of our devices. I think that it makes it easier for the employee to authenticate himself and it gives us the security that the person accessing is who he claims to be. Biometrics is very good because it involves a triple authentication factor.” Maica Aguilar, Ferrovial’s security manager, believes that it is true that biometrics provide advantages that other access technologies lack. In her opinion, “if biometrics is no longer implemented, it is because the control authorities are hindering it. The reality is that some members of the companies are opposed to implementing biometric systems”. If in private companies, it is already difficult to convince some managers of the importance of implementing biometric technologies, in the Public Administration it is even more complex, because As Jesús Cano stated, “it is a more intrusive method, but to convince it is necessary to convey the advantages of this method and see which is the best option. For example, in the case of the TC, people were reluctant to put their fingerprints, and yet facial recognition worked very well.”