How to Make a Company Cyber-SavvyBy Andrea Villar | Thu, 12/10/2020 - 05:00
Q: What was the motivation behind launching Marzhal Hackers?
EM: The company was born a couple of years ago from an idea that had nothing to do with cybersecurity. The initial project was to create a platform that would support teachers in different areas. It was through this platform that we met Jahir, an expert hacker. And I would like to clarify that a hacker is not the same as a cybercriminal. While the former is a person with very high technical knowledge, a cybercriminal is a person who uses that knowledge to commit crimes. That said, after meeting each other, we started to fall in love with cybersecurity and we realized what a problem this represents for everyone in the country. To tackle the issue, we decided to found Marzhal Hackers.
JU: One of the issues we observed is that in Mexico cybersecurity is considered an expense and not an investment. Not only are we being attacked from different countries through phishing. Cybercriminals can also gain access to companies through the simple neglect of IT equipment or through any employee.
Q: Why is Mexico such an attractive target for cybercriminals?
EM: It is mainly a cultural issue. We are one of the least-educated countries in terms of cybersecurity. In 2017, according to the Norton Cybersecurity Insights Report, 33 million Mexicans were victims of a cyberattack. This statistic makes cybercrime the biggest crime in the country and that is something that almost no Mexican knows.
Q: How is Marzhal Hackers cultivating a cybersecurity culture in companies?
EM: Education is precisely one of the areas we have focused on the most. There are giant cybersecurity companies that only focus on offering the best software and technological tools to companies. However, according to Cisco, only 26 percent of cyberattacks are through technology, the rest is through phishing. Companies may spend millions of dollars a year to have the best cybersecurity systems but if they do not educate their staff, they are only addressing a small part of the problem. At Marzhal Hackers, we have nine different types of training to grow people's consciousness so they start to become cyber-savvy. We are all exposed to this threat in the same way. Cybercriminals do not distinguish between a CEO and any other employee.
JU: Companies tend to invest in infrastructure such as firewalls to protect themselves from external attacks but most of the time it is their employees who violate this security. As they do not have access to platforms such as YouTube or Facebook, they download programs that allow them to do so and thus put the company at risk. We have also come across children who want to be hackers and without knowing what they are doing they can damage a business from wherever they are making an attempted attack.
Q: What does your training entail?
EM: One program is focused on raising awareness and creating a culture of cybersecurity among all employees. In this program, we do not talk about technical concepts but we do explain the position of risk in which we find ourselves. According to the World Economic Forum's Global Risk Report 2020, among the five problems most likely to collapse the world in the next 10 years are climate change and cybercrime. The big difference is that almost everyone knows what climate change is, while only a tiny fraction knows the risks of cybercrime. Another program is focused on passwords. People often use the same password for many years and for various platforms. People are also reluctant to change their passwords. We developed a tool called Marzhal ID, where users can generate different passwords for different accounts on one platform. It is like a master key to access the accounts. After the training, in coordination with company managers, we perform vulnerability tests to identify employees who still do not know how to identify the red flags in their e-mails, for example.
JU: Training for the IT team is also essential. We want to make sure their software is always updated and to have their servers correctly installed internally. Likewise, we focus on training them on how to link their projects to the cloud and their data centers. We also offer courses on good programming practices and code mitigation. One of the problems in this area is that most people think they do everything right. They often do not and tend to make mistakes that they do not want to admit. What we do then is show them how we can get around a system that they themselves developed.
Marzhal Hackers is a Mexican cybersecurity company. It offers protection software to companies, as well as training to employees to raise awareness and spread the culture of cybersecurity