In the first part of our interview with Juan Antonio Calles, CEO of Zerolynx and CSO of Osane, we saw how to guarantee the security of cloud platforms, and discussed the threats that are currently most relevant to corporate cybersecurity, as well as how to mitigate them. In this second half, Juan Antonio gives us the most important points about concepts such as digital forensic analysis, biohacking, SIRPs and cyber-resilience.
What is the importance of digital forensics in the business world?
Before carrying out any kind of digital forensic analysis, the first thing will be to find out what has happened, what the aim of the analysis is, and what assets have been affected. We won’t act in the same way to analyze a Windows network affected by a piece of ransomware as we will to investigate how an invoice has been intercepted in a CEO scam. We need to adapt our methodology on case by case basis. Digital forensic analysis is a basic function in companies in order to answer such questions as: what happened? And, how or why was it possible? And this analysis serves not only to investigate an incident, but also to shed some light in case of disputes, employees that steal information, threats carried out via corporate email, among others.
What is biohacking, and what application could it have for companies?
The term biohacking has a very broad definition, and can refer to several disciplines and movements, from DIY biology, grinders, who alter their bodies to add technology, to nutrigenomics. At Zerolynx, in collaboration with Patricia Rada, doctor of biochemistry at Ciberdem (Center for Network Biomedical Research), we’re carrying out research on storing and concealing encrypted information in DNA. It’s a complex study in which we’re finding barriers that are hard to overcome with the technology that we have available to us nowadays. We’ve done tests on simulators, and we’re now performing real tests on bacterial strains. With appropriate resources, and seeing how interested some organizations are in making sure this moves forwards, we believe that we could see some kind of prototype in a couple of decades. The possibilities are almost limitless, but it is certainly not something we’ll see in companies in the short term.
What are the 5 most important steps in an effective incident response plan?
Before an incident occurs, we need to be sure to have a business continuity plan and a corresponding contingency plan; we need to have trained our employees beforehand, so that they are able to detect the incident and know how to react properly, according to what has been established at a corporate level.
The first step in a SIRP [Security Incident Response Plan] needs to be detection, and alerting the incident response team. Since the necessary steps for ransomware, a CEO scam, or a fire in the data center aren’t the same, the employees who have detected the incident need to facilitate as much information as possible for the response team, so that they can figure out how to react to a specific threat with a quick analysis. The next step, in order to ensure business continuity, will be to isolate the affected environments, and to collect the corresponding evidence in order to research the origin of the problem and, if necessary, carry out a complete forensic analysis at a later date. This could lead to legal action if malicious actions are detected. In that case, before any action is taken on the affected assets, the company needs to guarantee the corresponding chain of custody, and the cloning and digital signature of the affected assets to ensure the integrity of the information that they contain. The incident will then be scaled, and, if necessary, the corresponding authorities will be notified. Finally, all actions carried out and lessons learned must be cataloged in the interest of improving reactions to subsequent incidents.
- How can a company become cyber-resilient?
Companies need to designate a head of IT security (CISO) with the proper training, and provide them with the necessary resources to carry out this job. This person needs a strong team to back them up, which can work on both the regulatory and compliance aspects of cybersecurity, as well as on the more technical and operative aspects. There are many technologies that can be used to protect corporate assets: systems of backups, firewalls, intrusion detection systems , SIEMs, and so on. Nevertheless, without suitable professionals, all of these measures usually become obsolete and poorly parameterized quite rapidly, and stop working as a real barrier to stop the criminals that threaten companies every day. Any business that doesn’t have the capacity to have its own high-quality cyber-team needs to contract professional services from specialist companies in the sector. A trusted vendor, with protection that adapts to what the company needs, is an important option for companies that do not have their own security measures.