Phishing Attacks Up 300% During PandemicBy Jan Hogewoning | Fri, 08/28/2020 - 09:31
Q: What is your product offering in Mexico?
A: We offer the same products anywhere in the world. Fortinet has the broadest portfolio in cybersecurity for all industries. We are solely dedicated to this, offering products and services to the end user and from small and medium to big companies. Today, direct hacks are only a small part of cybersecurity threats. The central aspect of cybersecurity is the firewall but our products offer many more capacities beyond this, such as hyperfilters of information, web filters, IPS protection and many more functionalities.
Our strategy is called Fortinet Security Fabric. Like a piece of fabric covering a surface, our software covers every point of a possible attack (Attack Surface). Sensitive information goes from data centers, through clouds, to the edge of networks. All devices that belong to a company and that are connected to the internet are a potential point of vulnerability. If a company works with clients, they have another set of entry points to confidential information. Attacks can go through mobile phones, tablets or any other device in use (IoT). This is why we offer integrated security solutions, not just separate tools with independent functionalities. In the area of utilities and manufacturing cybersecurity, Fortinet is also a global leader in operational technology cybersecurity.
Q: What types of protection are growing the most in Mexico?
A: We see demand in Mexico for security solutions that cover more complex IT infrastructure. There are two big tendencies going on in digital transformation. One is the hybrid and dynamic cloud that comes in different models and connects private and public information used by companies. There will be aspects of the cloud that will still need to remain at the company’s premises, but most others are facilitated by cloud providers. Because of this cloud infrastructure, a new tendency is to buy managed services provided to companies through the cloud, like software-defined networks. These services no longer need to be created by the company itself, which makes them more cost-effective and optimal. While cloud providers give you the infrastructure, they do not necesarily protect your information. This is where we help.
Another tendency is Secure Access Service Edge (SASE). This aims to protect every point where a potential attack can reach sensitive data. SASE combines many different techniques, such as controlling network access to confidential areas or the use of endpoint detection and response to detect devices in an opportune way. The architecture is dependent on the policies and strategy that a company has in place.
Q: How important is cybersecurity today?
A: Fifteen years ago, cybersecurity was a secondary priority for companies, or even below that. In many cases, a firewall and an antivirus would suffice. However, technology has changed so much in the last years and so has the amount of digital information that is vulnerable. The amount of money that moves around in cyberattacks globally is between US$6 to US$7 trillion, only second to drug trafficking. Cybersecurity has taken center stage today. According to the World Economic Forum, cybersecurity risks are second only to natural disasters and climate change. A new culture of cybersecurity is growing and experts in the area are also becoming more abundant.
Fortinet feels a responsibility to make Mexico safer. This is why we are involved in academic initiatives that go beyond other disciplines besides just software and devices building. I always use the word “resilience” when talking about implementing cybersecurity. You need to ask yourself: how prepared is your company for an attack? How much time can your company be down without delivering its service or product? How much money can you lose? Cyberattacks can kidnap your information or entire operation. Large companies may lose millions of dollars and suffer serious reputational damage. Middle to small businesses, however, risk not surviving a cyberattack at all.
Q: Why do companies choose Fortinet?
A: We were fighting for third or fourth place in the industry five years ago. But then we redefined and restructured our company, segmenting cybersecurity per industry. We hired new individuals with not just expertise in cybersecurity but also in retail, finance, government affairs and more. Now, we have both cybersecurity experts and industry experts attending clients. In Latin America, we are No. 1 and worldwide we are at No. 3, and currently fighting for second place. This has been the result of our three-tier system: commercial partners and channels, distributors and ourselves. We train and enable partners and distributors, providing certifications so they can attend clients and offer our solutions. In some cases, in the Enterprise segment, we cater to customers directly but still we use this very effective ecosystem. Fortinet does not respond to attacks against companies directly. Instead, we give our information to our partners, who use our solutions to efficiently respond. They also assist our clients in using new tech and updating it continuously.
Q: In which sectors are you strongest in Mexico?
A: We serve all sectors, from finance and insurance, to health (such as pharmaceutical companies), manufacturing (such as automotive), consumer products and goods, as well as the government at both the federal and local levels. In the case of telecommunications companies, we attend either their own infrastructure needs or provide cybersecurity for the infrastructure of their clients.
Q: What efforts have you made regarding cyberattack prevention?
A: There are attacks you are aware of and attacks you are not. Detecting the attacks in an opportune manner and responding quickly is very important. Fortinet has its crown jewel with the FortiGuard labs, distributed at different locations around the world, that analyze cybersecurity threats 24/7, 365 days a year. Our analysis is shared with many organizations, our clients, our partners and at times with our competitors too. Fortinet proposed the creation of the Cyberthreat Alliance a few years ago. In this alliance, we share information with different security organizations, such as Interpol, Europol, NSA and other agencies that manage cybersecurity mechanisms. Globally, Fortinet has access to the largest number of devices installed and connected: close to half a million world wide. With such a quantity of devices connected and being analyzed by our labs, we can ensure that if an attack happens in one part of the world, we can immediately implement measures to protect clients in Mexico, for example.
Q: Now that many people are working from home, how can they best protect their personal laptops?
A: If you are not in the office network, you can use a VPN that is validated by your company for any device you use to perform company activities. If you are using your own Wi-Fi, there are a few things you need: an antivirus, a firewall and, very important, better practices. It starts with a company providing a token that gives access to company networks, preferably with double factor authentication. Companies should also instruct and train employees on how they should identify and act in case they receive a malicious message. You should not click on suspicious links or documents.
During the pandemic, phishing attacks have risen by 300 percent. The first wave of attacks came in the form of messages with information about the COVID-19 virus. The second wave followed with information about how to protect against COVID-19; for example, an email containing information about the vaccine. If you click on links or open an archive, attackers can send a Trojan that can retrieve your password or complete credentials, for example. Another phenomenon that is on the rise is spear phishing: phishing directed at the executive, or high profile person, of a company.
Q: What do your experience labs offer to clients in Mexico?
A: We have a lab in Mexico City where clients can test and try out our technologies. For example, they send us a script with different objectives and we try penetrating their system. We show them how our software stops it. Direct interaction with clients has been limited due to the COVID-19 situation. However, we can still carry out tests remotely to demonstrate the effectiveness of our solutions.
Fortinet is a cybersecurity company that offers a wide range of products, which can be integrated and personalized to customers’ needs. Its products include Dynamic Cloud Security, Secure SDWAN, AI-Driven Security and a SASE platform