A cyberattack occurs every 39 seconds, according to the UN during the pandemic. Cybercrime has continued to increase since then. In the last year, in Spain, 49% of companies suffered at least one crime of this type with the intention of stealing data, blocking systems or damaging them.
“The attacks are becoming more and more sophisticated,” highlights the Cybersecurity Manager of NTT DATA, Marta Fernández, during her speech at the meeting that Diálogos en La Vanguardia held under the title ‘Protecting the digital future: challenges and solutions in cybersecurity’. Held in the Hedy Lamarr room at the headquarters of this technology company, the director of the Cybersecurity Agency of Catalonia, Tomàs Roy, also participated; the National Technology Officer of Google Cloud Spain, Héctor Sánchez Montenegro, and the cybersecurity managers of Banco Sabadell, Joan Puig; GBfoods, Oscar López; and Allianz, Emiliano Astudillo.
“Cybersecurity must be a priority to protect the data and infrastructures of all organizations,” in Fernández's opinion. To do this, he recommends “working on prevention and not reaction.” The expert considers that “security must be present from the beginning of any technological development.”
NTT DATA offers advanced cloud cybersecurity solutions with Google Cloud to ensure proactive threat detection and response automation with globally updated technology. Among its advantages, Sánchez Montenegro highlighted “hyperscalability”, which allows it to quickly adapt to technological changes; the “shared destiny” that, through the “sharing of responsibility”, means that organizations “are not alone in the face of danger”; the possibility of having specialized “talent”; the development of a “digital immune system” for “immediate learning to protect security”; “simplicity”, “agility”, “speed of deployment” and “digital sovereignty”. Cloud technology is a good ally since it facilitates “capabilities” that organizations “cannot acquire on their own,” he explained.
Technological evolution is experiencing "new advances", among which Puig highlighted "the 'cloud' and artificial intelligence." “Cybersecurity is a challenge that we all have and it is not solved by acting in a single area, but by collaborating” so that it is “an enabler of the entire digital world, understood as a meeting point between the cyber sphere and the physical world,” the person in charge insisted. of cybersecurity of Banco Sabadell. In the case of the financial sector, he recalled that “the first reason for deciding to have money in a bank is security.”
Despite advances in cybersecurity, according to data from Google Cloud, “the time until an intrusion was discovered last year was 16 days, five less than the previous year, although according to experts it was still insufficient to respond to the number of incidents that are recorded. “If there is a gap, they will enter, but what is not acceptable is that if they make noise we will not detect them,” Roy acknowledged.
The director of the Cybersecurity Agency of Catalonia advocates “placing an important focus on detection, response capacity and intelligence.” The main axes to protect and react in the shortest time possible, in his opinion, are “training, collaboration, verticality, visibility and growth through the acquisition of funds and talent, with special emphasis on female talent.” , which in terms of cybersecurity finds a very attractive environment in areas such as law or criminology.”
“In the ‘cloud’ world, talent is even more scarce, because technology advances very quickly,” said the NTT DATA Cybersecurity Manager. His recommendation to companies is to “identify what you are responsible for and take advantage of the capabilities offered by the cloud technology provider.” Seeking “allies that work with powerful partners” is especially necessary in the case of small and medium-sized businesses, Roy added. “SMEs also have to take on this challenge and delegate it in part to the ecosystem so that facing it is more viable,” he highlighted.
Cybercriminal attacks constitute one of the greatest “business risks”, as predicted by the World Economic Forum in its latest report. In an industrial 4.0 environment, “increasingly hyperconnected”, the head of cybersecurity at GBfoods, Oscar López, pointed out that companies face problems such as “the interruption of production, the usurpation of employees' personal data or problems with channels of payments and collections.
“If the adversary has become professional, it must be professionalized, and therefore at GBfoods we opt for collaboration and responsible use, also required of suppliers, and with the help of technological 'partners'. We have a specific challenge in the area of operations, in our factories, because two realities have to coexist: machinery with a long life cycle, 30 years, with software that is no more than 3-4 years old, so it requires of specific protection mechanisms,” López added.
AI represents a “paradigm change in the ways of working” and, therefore, also in cybersecurity, added the Chief Information Security Officer (CISO) of Allianz, Emiliano Astudillo. “The security function must be integrated into business processes,” taking into account that “with generative AI, applications can be built and connected” in an increasingly agile way and without the need to be an expert. However, it must be taken into account that “the result is not always reliable,” he warned. “The great challenge is how the data from this AI is used and that the algorithms make good use of that data,” said the Cybersecurity Manager of NTT DATA.
In the opinion of the National Technology Officer of Google Cloud Spain, Héctor Sánchez Montenegro, the use of applications such as ChatGPT in a professional environment can represent a security and especially privacy problem due to the uncontrolled output of information to systems without the necessary guarantees, but he recalled that there are also “professional generative artificial intelligences” in the business field with adequate protections and that they are very useful to take advantage of the transformative capacity of generative AI and combat digital threats (VertexAI, Duet AI, PALM2, Gemini). In fact, AI is already being used, as explained by the director of the Cybersecurity Agency of Catalonia. “We are on track to manage 8 billion attacks received, of which about 2,200 become incidents to which we must respond in a non-automated way,” he revealed.
Another advantage of professional generative AI is the possibility of “integrating data from your environment”, for example, “how exposed you are to a new vulnerability” or “ask it to generate a cybersecurity report for the company's general management.” , celebrated the National Technology Officer of Google Cloud Spain. Citing the conclusions of the latest McKinsey report on artificial intelligence, Sánchez Montenegro stated that “generative AI could be a reducing factor in the return on investment in the cloud.” Projections predict that its development will facilitate “accelerating application migrations to the cloud, reducing time and cost by 40%.”
To take advantage of the advantages of AI without assuming new risks, the head of cybersecurity at GBfoods believes that “we will hardly replace specialized professionals, but rather we will empower them.” The cybersecurity expert advocated “opening a debate on the use of AI in each organization, to thoroughly study the impact it can have. The Chief Information Security Officer (CISO) of Allianz, Emiliano Astudillo, also recalled that, as far as cyber insurance is concerned, “the criteria for risk acceptance are being tightened” because, no matter how many precautions are established, “ In the end the incident is going to happen no matter what.”
Regarding the development of regulations that take into account different aspects related to cybersecurity, the experts valued the establishment of a clear framework for action. Among them, they cited some general ones such as the Personal Data Protection law and guarantee of digital rights, other specific ones that affect their respective sectors and the recent agreement of the European Union reached to establish the European law on Artificial Intelligence.
“The regulation forces all parties to align on cybersecurity,” said the director of the Cybersecurity Agency of Catalonia. “It establishes the rules of the game,” agreed the director of information security at Banco Sabadell. “The regulator has done its part of the job,” the Allianz CISO also celebrated. The National Technology Officer of Google Cloud Spain also clarified that the dialogue between the regulator and technology providers “flows much more than we think.”
Although the regulation was very well received by the experts in this debate, the head of cybersecurity at GBfoods warned about “how easy it can be to fall into the 'checklist'”, so he recommended going one step further. “You have to have cyber-secure employees and users,” concluded the NTT DATA Cybersecurity Manager.
