Ulises Castillo
View from the Top

Cybersecurity at the Forefront of Risk Management

Wed, 02/24/2016 - 15:28

Q: What is the role IT security plays within all the structural changes taking place in Mexico?

A: Over the past three years, the world has seen a wave of cyber criminals, mainly hackers, rogue employees, former employees, competitors, and even nations and organized crime groups trying to penetrate digital infrastructure. Whether it is private or public organizations is irrelevant; illintended actors are trying to penetrate systems. In Mexico there is a pool of different players from the government and all other sectors who are quite unaware of the new cyber risks. For example, ransomware is a type of malware that infects PCs and servers with a virus or Trojan, encrypting all the information. The hijacker then captures the information held on the hard drive and holds it for ransom. This started happening on a wider scale about three years ago, but in Mexico it began recently and has now become an epidemic affecting large organizations. The typical control for protecting networks used to be technologies like firewalls or intrusion prevention systems, and although those tools remain necessary, they are no longer enough. The landscape has changed significantly in terms of new attacks and new attackers, so awareness needs to be raised. Investments in technology and also in trained professionals need to be prioritized to face the new threats.

Q: What is the relevance of companies focused on cybersecurity in the energy industry, such as Scitum?

A: Companies like energy producers use SCADA and industrial control systems (ICSs), which entail new kinds of exposure. I talk about new risks because in the past, SCADA and ICSs were independent, autonomous, and isolated, but now they are part of an IP network. In many cases, clients are not aware of their accessibility, that is, the ability of anyone in the Internet to compromise their systems. Now we also have a new set of risks in the Internet of Things (IoT). Many new technologies being implemented in the network, such as smart meters or systems to economize a car’s fuel use constitute software, and the people who developed them are not entirely aware of the possible dangers. Companies like Microsoft or Oracle are highly aware of the risks and avoid vulnerability in their codes, but developers for smart technologies unassumingly launch products and features to fulfill the market’s expectations. The IoT implies a new world of vulnerabilities waiting to be exploited, even with basic attacks in some instances that do not work on classic IT infrastructure.

Q: What innovative technology have you developed to combat cyber-attacks?

A: Cybersecurity agents all over the world are expecting bad news regarding the IoT in terms of security bridges. The world needs to become aware of the new risks, mainly the developers of new smart technologies, which are not being designed with security in mind. One of our new goals is to target the new security issues, with a new set of products and services to protect the SCADA systems, ICSs, and the IoT infrastructure. It is important for us to gain more knowledge about the people or entities that pose a threat, their current operations, how they organize themselves, and which attack vectors they are using. For this purpose, we opened the cyber intelligence services division. Our cyber intelligent services division consists of gathering information from social media and the Dark Web, for which we use avatars to infiltrate the system while adhering to legal guidelines. A key component is open channels to share the gathered information with the customers and the law enforcement agencies with which we work.

Q: What are the characteristics of the Cybersecurity Center that was recently launched in Latin America?

A: This is the first cybersecurity and cyber intelligence center in Latin America. Normal IT security, like managing firewalls or content filtering solutions, is performed from our security operations center. However, we have a different approach for Advanced Persistent Threats (APTs). Usually, there is a powerful actor behind an APT, such as a criminal organization or even a government, as an APT needs to go undetected by normal IT security measures. The Cybersecurity Center has considerable knowledge of APTs, and we have an advanced malware lab that provides in-depth analysis of any potential discrepancies in the customer’s systems. When necessary, we share information with other labs, and we are finalizing strategic alliances with CISCO and HP; we have already negotiated with Microsoft. In Mexico we have alliances with the Scientific Police and with UNAM, all of which are sharing information as a community.