Panda’s first-ever cybersecurity conference, Panda Security Summit (#PASS2018), will be hosted by a very special master of ceremonies, Silvia Barrera. A renowned cybersecurity expert and writer, Silvia was the head of social media investigations at the Spanish National Police Corps for 5 years, and headed the digital forensics group of the National Police’s Technology Research Unit for another 3 years. We had the opportunity to sit with her now that she has quit her job at the Police Force, and talk about how the cybersecurity landscape has changed, and the ways in which companies and public institutions can defend themselves and combat cybercrime.
“Cybercrime is a very profitable business model, with little exposure for the perpetrator and very difficult to fight”.
How do you feel about this new stage in your life?
I feel like a whole new world of possibilities is opening up before me. The Police Force has given me exceptional vision, knowledge and experiences that I couldn’t have had anywhere else. It’s been a privilege. Nevertheless, until now, as a member of the Police Force, my job has always had a reactive nature, identifying and arresting the ‘alleged’ bad guys. However, the paradigm of the fight against cybercrime has changed. Today, less than 4 percent of cybercriminals are identified (let alone sentenced), but at the same time we also know that the great majority of Internet crimes (up to 80 percent) could have been prevented. Cybercrime is a very profitable business model, with little exposure for the perpetrator and very difficult to fight. It’s unavoidable and is definitely on the rise. The reactive approach to fighting it is necessary but not very effective or sufficient (because of the very way the Internet works).
In this context, it is important to be aware that 90% of success in the fight against cybercrime is prevention, awareness and security controls, and 10% is reaction (investigation and prosecution). We must act with all human and technical resources available to us in order to prevent cybercrime and, should it occur, be ready to react quickly and decisively. And that is where the concept of resilience comes to play.
Events like this are necessary to give visibility to cybersecurity, explain some of its key concepts and give it the central place it must occupy. In the corporate world, all business activities rely on computer data and IT structures. And, at public level, crime always has technological implications relative to its modus operandi or in order to obtain the necessary evidence to investigate it, and let’s not forget that a country’s national security can be seriously compromised by cyberthreats.
In your opinion, what level of cybersecurity awareness and training is there in Europe?
I’ve been a member of different cybercrime and cybersecurity working groups in Europe for four years and have participated in dozens of meetings. That’s where you see the difference in resources and the importance given to cybersecurity by each country. Spain is ten years behind countries such as the Netherlands, Germany or the United Kingdom for example, where the public sector dedicates many more human and technical resources to cybersecurity. Even at legislative level, there are countries such as Germany that have specific IT security laws.
How prepared do you think are the Spanish and European institutions to combat cybercrime?
Spain has no reason to envy other European countries. Actually, we have demonstrated to be very efficient in the fight against cybercrime. It’s not a question of lacking competence, as it is a lack of human and technical resources, and cybercrime and the digital world require significant investments.
During a police exchange I had with Germany’s Federal Police for the investigation of a case affecting a number of German banks, I could see how they set up a global team of police officers, prosecutors and members of the privacy sector to work exclusively on that case until it was solved or the investigation came to an end. In Spain, police investigators usually work on dozens of cases at the same time, and despite there is contact with people from different areas, there is not so much teamwork.
Don’t miss the opportunity to listen to and share opinions with Silvia at the Panda Security Summit, where Europe will meet Cybersecurity, on May 18- Madrid.