“Strengthening, separating and segregating networks, and cryptography”. This is what was meant by security when Marta Beltrán began her career 15 years ago. As this author, lecturer and researcher (she is the coordinator of the first cybersecurity degree in Spain) points out “the aim was simply to protect data in motion and data at rest- Since then, we’ve changed how we interact with technology, and we work on different concepts in relation to protection, “we start to talk about managing logon IDs, secure development methodologies, malware and advanced threat protection”.
-
In 2014, you wrote Cloud Computing, Technology and Business. How do you think the cloud has changed in terms of security?
I would say that we’re starting to protect our cloud systems. Until now, products and services have been created that are marked by the needs of the client, only worrying about how well they work, but not at all about security. Security was usually added on at the end of the creation process. In the last two years, we’ve taken a quantitative and qualitative leap as far as cloud security is concerned. We’re starting to be more aware of its importance, and of the fact that, for example, externalizing part of the technological infrastructure doesn’t mean forgetting about the risks that we’re running. The provider is no longer the only source that needs to concern itself with the company’s security. Most users are now aware that there exists a shared responsibility, that there are threats when it comes to contracting cloud-based services, and the measures and protection that need to be taken are different for each of these specific services. An antimalware agent isn’t the same for a PC as for a cloud-based service.
-
Constant innovation can be a challenge in terms of security. How do you manage to stay up-to-date?
You need to have a clear strategy. There are certain sectors where the appetite for innovation is part of their key strategy, and so this allows them to advance more quickly and to take more risks. Others, such as the industrial sector, or critical infrastructures, tend to be more conservatives because citizens and governmental administrations depend on their services (airports, nuclear power stations, power plants). In the case of startups, which are very cloud focused, and usually have everything externalized, it isn’t that it suits them to be innovative, rather that they must innovate to survive. This is why they tend to assume more risks, and their innovation can’t have a negative impact on the security environment. This is always going to depend of the sector, the business, the country. At the university, what we try to do is to have as much technological transparency as possible. We allow ourselves to be more innovative, to think big, in order to convey that innovation to companies, to the productive sector, and to administration. This exchange of knowledge is important: subjects that are researched at the university need to reach companies.
-
How important is it to train employees?
Training and awareness, in both personal and professional environments, are very important. People aren’t always aware of the risks they run in the personal ambit, or of the fact that it can have consequences in the professional sphere: the use of unprotected networks and devices from which people often access personal banking, or where sensitive information is stored, or from which people access corporate accounts. In the case of the professional sector, the internal risks, which are so common, most of the time aren’t down to malice, rather to carelessness or imprudence, or even a lack of awareness of the rules. Companies must take security seriously, provide training about company policy (about laptops, networks, having secure passwords). We must implement security from the very beginning, have a clear idea of what can be accessed and what can’t, and designate a security contact with whom to make contact in case of incidents.
-
What cybersecurity advice would you give a company that wants to stay safe in a new ecosystem?
I would tell them that it’s important to apply common sense and to stay protected at an appropriate level, according to the risks that they’re facing. From a technological point of view, there aren’t as many limitations as it may seem. That is, there are already cybersecurity solutions for almost every problem that we could have to face. I would also say that it’s important to approach security from an incremental standpoint. Once you know the risks you’re facing, you can’t expect to resolve them all in one day, because they are always going to be changing. As you try to mitigate risks, other new risks are going to appear. Companies must start out from a base scenario and go on improving non stop, acquiring new knowhow, and new practices to face up to constant threats.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
2 comments
Dear Ladies and Gentlemen!
I am very disappointed with your customer service.
My supervisor “Mr. Schneider” promises a callback in the next 30 to 45 minutes. Unfortunately, I often wait for days, if not for weeks on this callback.
Last action: I have paid on request of him 5000 €, so that the “lookup” is deleted and I can sell a portion of my shares.
This all happened yesterday evening at about 17 o’clock. I have not heard from him until 10.29.
But I absolutely need 4000 of my previous 9215 shares to clear the bank account of me and my wife. I am at the absolute financial limit.
Please arrange for Mr Schneider to meet scheduled deadlines. I’m sick of his excuses.
Yours sincerely
Gunther Petrasch
Hello Gunther,
It looks like you have been the subject of a phishing or scam call from individuals pretending to be members of the Panda Security support team. We can assure you that Panda Security has no relation whatsoever in regards to this matter.
Therefore, we strongly recommend you follow the instructions below, in order to report this situation to the competent authorities, so they can tackle the issue as soon as possible.
National Do Not Call List
Avoid phone scams by registering your home and cell phone numbers with the National Do Not Call Registry or by calling 1-888-382-1222. This national registry was created to offer consumers a choice regarding telemarketing calls. It won’t stop all unsolicited calls—but will help stop most.
Report Telephone Fraud
If you believe you have been a victim of a telephone scam or telemarketing fraud, you can file an online complaint with the Federal Trade Commission (FTC), or by phone at 1-877-382-4357.
Regards,
Panda Security