Last week, our executive Roi Fortes, accompanied by our CEO Iago Fortes, attended telematically the 9th Cybersecurity Forum organized by the ISMS Forum and the Cyber Security Centre (CSC). During the event, we attended several presentations and round tables where different cyber security challenges that exist today were addressed.
Presentation of the Legal Office of the Unit for Cybersecurity
The first presentation was led by Boryana Hristova-Ilieva, Legal Officer of the Unit for Cybercurity and Digital Privacy of the European Commission, in which she spoke about the Pillars of the NIS Directive:
- Capabilities of each EU member.
- European cooperation.
- Risk Management.
Boryana analysed the difficulty and slowness of the Member States in implementing the directive. So at this time they are reassessing whether the scenario set out at the outset is being maintained or changes will be made in the future.
Presentation by the head of the Office of Cybersecurity of the Department of Homeland Security (DHS)
In another talk, Mar López, head of the Office of Cybersecurity of the Department of Homeland Security (DHS) whose vision is to develop the national strategy for cybersecurity, with the mission of articulating and cohesive public-private partnership environment; the latter was a recurring theme throughout the event. He spoke about the initiatives that are being carried out from the DNS, including the establishment of three working groups whose function will be to advance the following issues:
- Cybersecurity Culture
- Promotion of Industry and R & D & I
- Training and talent.
Presentation of the CISO of Banco Santander Spain
One of the most interesting talks was given by Carles Solé, CISO of Banco Santander Spain and Board Member of the ISMS Forum. Carles spoke about the evolution of cyber attacks in recent years, explaining that the scams and deceptions are hundreds of years old but as technology has evolved they have become more sophisticated and massive. Currently the most widespread attacks are RATs (Remote Access Tools), which are based on the user unknowingly installing a malicious program that makes the attacker have remote access to the computer, and can get really important data, such as online banking to steal money from your account. Some of the recommendations he gave to avoid this type of incident are Awareness:
- banks never ask for user data on the Internet.
- Information sharing: collaboration at both public and private levels is essential.
- Dealing with abnormality: being suspicious in the face of strange behaviour, using for example artificial intelligence engines.
Presentation of the head of Digital Security of CaixaBank
In another interesting presentation, Lucas Varela, Digital Security of CaixaBank spoke about “Zeus”, the first ransomware that was created in 2005 by Slavik, a Russian citizen. Today, this modified and more advanced malware is used by more than 10 organized groups that ask for money under the threat of making public confidential information that they have obtained fraudulently. The cybercrime networks have evolved so much that they have their own systems to automate processes, such as when collecting ransoms depending on the criticality of the information obtained and the size of the company.
John Kindervag’s presentation
John Kindervag (Creator of Zero Trust; Field CTO, Palo Alto Networks) spoke about the strategy to avoid security incidents by talking about Zero Trust, as he did in the presentation we attended in person at his Palo Alto offices in Silicon Valley during the RSA in February.
Zero Trust is based on an increasingly widespread cyber security strategy that states that organizations should never trust any internal or external entity that enters their perimeter.
Round tables
During the event, several round tables were held to allow attendees to discuss and share their experiences:
- In the first one, the importance of covering security needs in the current scenario where local and cloud environments coexist was discussed. To this end, cybersecurity providers are increasingly relying on Secaas (Security as a service).
- At another table the manufacturers spoke about their strategy in applying the Zero Trust strategy to their services and products.
Finally, the CISOs of three entities spoke about a survey conducted in 100 companies to measure their level of maturity. The results showed that most of the companies were at the basic level, with only one of them at the highest (optimized) level.