Cybersecurity Solutions in a New Reality

Q: What does cybersecurity for the connected car entail?

A: One of our areas is telematics security, which is basically cybersecurity for cars. These days, cars are more and more like mobile phones: they are connected to networks and they can support all kinds of applications. You can sync your phone, watch TV and connect to many platforms, such as SiriusXM. This connectivity makes cars vulnerable to exploitation. An attacker can literally take control of a vehicle. Incidents involving cars can also simply happen because one of these systems fails to execute or run together with others due to an error. We work with companies that create these applications and devices, such as HARMAN International, to ensure that they work safely. We execute penetration tests that simulate attacks to identify faults and areas of weakness. We take a look at the software’s code to ensure proper standards were followed. Here in Mexico, there is an ongoing boom in software development. It is important that telematic products are developed with security as a priority. In many cases, automotive suppliers have no certifications for these products but big automakers, such as Ford and Nissan, require high security standards. This is where we can help.

Q: What are your main areas of activity in Mexico?

A: We consider telematics as a niche market. Our general cybersecurity consultancy follows three vectors: defensive, offensive and preventive cybersecurity. Preventive, in this country, is primarily about compliance with requirements and standards, such as ISO:27001. Another example are standards related to the Payment Card Industry (PCI). If you manage credit cards, you must follow international PCI standards. In 2018, there was a highly publicized security incident after Banxico’s Interbank Electronic Payment System (SPEI) was hacked. This was a wake-up call for many financial institutions to develop new security requirements. Since then, cybersecurity systems in the country have matured but generally the ecosystem is still behind regions like Asia and the US. Often, we are still seeing what we call checkbox security: only implementing what a compliance standard requires without further analysis on what or how to properly apply it to their company. What we find is that a majority of companies are still focused on perimeter security, where they think they are protected with a simple perimeter, such as a firewall. However, if one employee clicks on a phishing link inside the network, the perimeter fails. You need to take many more precautions, such as segmentation of the networks and implementing controls to prevent and detect any lateral movement within the network after an attacker gains access. One of the advantages of being a global company is that we can bring our experiences from other markets to Mexico and vice versa.

Q: You design information security management solutions for clients. What steps does this require?

A: These are systems for policies and controls based on a standard or framework. They clearly define the company’s policy and the procedure in case of a breach. We help implement it. We hold conversations with employees and carry out an analysis of the existing infrastructure. Some companies may already have an Intrusion Detection System (IDS) in place, in which case we will look at where we can improve and add to it. There is a misunderstanding that cybersecurity is a simple recipe.  Every company has its own conditions, which present unique risks and threats. In Mexico, unfortunately, a lack of resources is the primary barrier to investing in cybersecurity. We try to develop solutions that enable companies to meet security demands with the resources they have. We are a services company, which allows us to provide strategies that are not biased toward particular software. Some of the tools we use are open source and very useful. Others are commercial products. Open-source products can be a great tool for companies with a low budget but with high security risks.

As part of our MSSP service offering, we implement, manage and monitor security solutions. We will conduct robust testing of the company’s systems, getting to know its network and the behavior of users to identify abnormalities and potential threats.

Q: You also offer incident response services. What does this entail?

A: There are two types of responses. One is incident response, which aims to mitigate the attack immediately, contain it, resolve any issue and reestablish the system. The other is forensic analysis, which takes places after an incident has happened. This is where we find out what happened, gather evidence and prepare the company for potential legal action. Our response to incidences goes through our Support Operations Center (SOC), which is capable of monitoring our client’s operations 24/7 as part of our Network Monitoring offering. Our service is based on the client’s needs, which can translate into us signaling an internal team of our client or taking action ourselves against the threat found on the network. What we are seeing is that the trend is moving away from monitoring to a demand for detection and direct response services.

Q: What threats have grown as a result of the COVID-19 pandemic?

A: Overall, as the world becomes more and more tech dependent, the cybersecurity threat grows. Many people are working from home and we have seen an increase in phishing campaigns and social engineering as a whole. We have aided many companies that experienced such attacks over the last couple of months. These phishing campaigns can come in the form of an email with supposed information about COVID-19, for example. People at home are no longer under the protection of their office’s network that previously blocked many of these malicious links. Companies need to consider new policies and controls for this new reality. Home office will require more than the traditional antivirus tools. Rather, there needs to be a combination of technologies and company policies. How we record and log our data is essential. One suitable approach could be IDSC, for comprehensive intrusion detection.

Q: Which sectors represent the biggest opportunity to attract new clients?

A: Any company that deals with confidential information, financial information or personal information is interesting for us. We have a strong presence among financial services companies, but also with retail, manufacturing and pharmaceutical companies, particularly companies that own patents and other proprietary information. However, we are not limited to any industry. One of our biggest clients is a telecommunications company.

Brier & Thorn is a cybersecurity consultancy firm known for its protocol on securing connected cars. It provides broad personalized cybersecurity solutions that are based on various methods including penetration testing, SOC services and compliance among others