The Panda Security Summit (#PASS2018), our advanced cybersecurity summit, is now less than two weeks away. This event will bring together CISOs and CIOs from all over Europe to discuss the latest trends in protection and threats, as well as the global cybersecurity panorama. So as the day draws closer, we bring you the second part of our interview with Silvia Barrera, writer, expert in cybersecurity, and master of ceremonies at the PASS.
In this second part of the interview, Silvia describes what security challenges she expects institutions and companies will face over the next few years, as well as what can be done to make businesses and organizations resilient in terms of cybersecurity.
[If you missed the first part of our interview with Silvia, you can read it here].
What do you feel is the greatest problem today regarding the security of companies and institutions?
First the human factor and then the technical side. In technical aspects, the problem can be avoided by properly evaluating risks and using internal and external checks and controls. You can’t just think about the employee; organizations and companies need to integrate and align cybersecurity as a strategic objective of the business and as such assume the costs of IT security. There will be difficult times ahead in terms of security risks and data protection, and there will be stiff penalties and consequences, particularly in terms of corporate reputation, as illustrated by the recent cases of Facebook and Tesla.
What challenges do you think businesses and organizations will face with respect to IT security in the next two years?
The change in consumer mentality. We have to try to be as preventive as possible, acting at every point of the process to mitigate the cost of cybercrime for users, but we cannot truthfully tell users or customers that they will never be the victim of an attack. They will be, and consequently they must be prepared.
The more concerned you are about your cybersecurity, the more secure you will be, and this goes for your business, reputation, etc. Cybe-security never costs more than the damage that can be inflicted. The Internet offers an infinite array of tools and features that can make life easier, but it can also ruin it.
What does it mean for you that a company or institution is resilient from the point of view of cybersecurity?
Resilience is the best factor for gauging the strength of a company or institution. It tests how you manage communications, data, security and IT infrastructure. The capacity to recover from a possible attack is also a factor to evaluate your readiness and how you can improve it. Ultimately, it shows who can successfully adapt to technological changes and demands. And with regard to external customers, how you take care of this within your organization will also reflect how you take care of your customers’ information. Your reputation and their trust is at stake.
In your view, what aspect of resilience is the most important to keep companies and institutions secure?
All of them. From prevention, avoiding the vast majority of attacks and incidents, to detection and response. Although there is no 100 percent security, as we know, almost 99 percent of attacks can be avoided. How? By taking into account all factors of resilience. It is important to be aware that cybersecurity is like taking care of your own security and personal health. You might not get a tangible return from it, but it guarantees a long life, full of satisfaction and success. That is resilience.
Excellent post, and completely agree regarding taking into account all factors of resilience. Big changes are needed (and hopefully coming) with regard to security and the encryption of every connected device – as the small gain of being connected is astronomically outweighed by the potential negative effects of a security breach.
Thanks a lot Mike for reading us and sharing your opinion!