Data Protection: New Competitive DifferentiatorBy Miriam Bello | Wed, 06/16/2021 - 16:05
You can watch the video of this panel here.
Data is the most important asset companies, nations and individuals have. While there are national and international regulations that aim to protect it, companies still need to develop an individual approach to promote trust and reliability, agreed experts at Mexico Cybersecurity Summit 2021.
The evolution of software once took 10 years; now it happens in one. The pandemic accelerated the digital transformation for multisector companies, which evidenced the need to have a safe, flexible and buildable infrastructure. But how can companies create it? “Through cloud or hybrid infrastructure. The cloud is a need for companies, rather than a plus,” said Brenda Zetina, Territory Director Mexico at Datadog.
Protecting information only became more important as companies and users began “to use their money in websites, platforms or apps,” said Raymundo Ceja, President at the IT Cluster of Zacatecas. Under these circumstances, trust is key to generate loyalty from users.
Data thievery is the leading crime in Mexico, leading to large information leaks that only highlight the need for a robust, flexible infrastructure that will protect the personal data companies collect, added Ceja. “The cloud and other digital platforms will also allow for live reporting and action in the face of data robbery.”
There are already some international standards that companies can follow to create a robust methodology for data protection, which are ISO 2701 and PSI by VISA and MasterCard, said Gustavo Chapela, Director of KIO Cyber Security. These standards also respond to Mexico’s law of data protection of 2010. Companies large and small can use them as a baseline in their strategy. “IT systems have become the heart of many businesses,” said Chapela, “so business continuity and data protection can benefit from these standards.”
Mexico’s data protection law is too old, mentioned Segura. Chapela agreed that it needs an urgent update and improvement. “The law is insufficient for today’s problems; it does not allow records or reports on cyberattacks,” said Chapela. For that reason, companies need their own cybersecurity departments that respond to attacks. “Companies evolve but regulators will not respond immediately. We have fintech companies and startups that are creating new environments and needs that regulators have not foreseen,” Zetina added. “However, regulators can grant permits, which will serve the first step in creating a better framework. If companies ask, regulations will respond.”
The current data protection law does address individual data protection well, explained Chapala, as it forces companies to have an efficient data protection. The law also exposed companies failed to comply, which means a loss of prestige for the company.
Regular information audits, monitoring and reporting are also crucial for data protection, according to Ceja. But it is also key to spreading information and educate users to avoid unreliable platforms when doing business. Education is critical to protect users and companies, added Chapela. “There are many phishing emails that will threaten individuals and companies. These attacks can only be prevented by promoting a culture of data security through a joint effort from companies, government and people.”
“There are two steps to protect user data,” said Chapela. “The first for top managers to impose cybersecurity as a pivotal aspect for the company. The second is a risks analysis that determines the needs of the company.” Also, companies should dedicate a specific budget for this area. “Good wishes will not serve to combat something that requires sophisticated responses for sophisticated attacks,” said Chapela. Finally, having an expert to lead the way will be a cost-effective solution. Cybersecurity might be expensive, but it is necessary. “Mexico does not invest on cybersecurity, so companies will have to invest in it individually.”
Companies cannot forget that their approach to cybersecurity will also be seen by users. “As consumers, we need data transparency to be certain it is not being misused or that it is protected from an information breach,” said Zetina. To protect user data, Zetina recommended the use of tools that will monitor changes in information and operations to avoid leaks. These solutions can also “allow the user to be aware of how their information is being used.”
Data protection for end users has evolved, but users have not, said Francisco Segura, Director of COMEXPOSIUM. “While users adopt technology, they continue to prefer in-person activities but there is a reason why some people should use technology. Companies have to prove they are making life easier for consumers.”
One of the main hurdles that companies must overcome is an outdated perception of what is a cyberthreat and where does it come from. “Companies continue to think that the guard outside of the office is the one protecting their information, when it can be stolen from another continent,” said Ceja. For that reason, companies must invest in developing an approach that protects their most important asset: information.