What We Need to Know about Cyber Security
INTERVIEW
Tomás de Lara Aguilar started his career holding sales and management positions at Oracle and Iecisa. He then moved to Silicon Valley where he co-founded Secuware Inc. He worked as part of the senior team to develop and execute the global strategy for the company, co-started international operations partnering with the EVP and other executives on leading the company, and increased revenues to position the company in Gartner’s Magic Quadrant 2007 & 2008.
During his time in Silicon Valley, Aguilar became an expert on Corporate Strategy and how to make Cybersecurity companies grow fast. Back in Spain, he joined Trend Micro where he was rapidly promoted to General Manager for Spain and Portugal, transforming Trend Micro's business in both markets. He is currently Associate Professor at IE, professional coach, and public speaker.
The information age has presented the world with an unprecedented level of threats. Attacks which are so extremely complex, sophisticated, and ever-changing that they render our senses redundant. No longer are threats confined to physical forms such as hungry predators, enemy tribesmen, guns, or bombs : today a simple piece of code has the potential to wreak an irrational amount of havoc. Following his presentation on cybersecurity at Rooms Hotel, Tbilisi, last Tuesday, GEORGIA TODAY sat down with the professor to pick his brain on the subject.
What are the main threats facing the world in the realm of Cybersecurity?
It’s very important to differentiate between that for the average person and for a large corporation. I’d say that the biggest threats are faced by the latter as the attackers are after either money or information, which of course makes large corporations a very profitable target for hackers as they provide plenty of both.
So, you only become a target once you acquire some sort of value?
Exactly. It follows the principle of risk vs reward. Attackers gain a bigger reward targeting a large corporation. Having said that, obviously consumers, people in general, have to implement some security policies. Basic measures include: antivirus programs, personal firewalls, VPNs, and so on : all that should definitely be implemented by everyone.
How has social media changed ‘the game’ of Cybersecurity; especially considering its ubiquitous presence in the lives of younger generations?
The exposure you get and give as a person and/or a company is exponentially higher thanks to social networks and media. Thus, our attackers can access and make use of a lot more information. I would be careful and educate the young generations that everything they put in Environment 3, the Digital World, is going to stay there forever. You have to be careful about the information you share about yourself, your kids, your family, etc. Caution is key.
Of the three types of attackers you mentioned in your presentation : professional mercenaries, hacktivists, and cyber terrorism, which one do you believe represents the biggest threat?
It depends, you know. Despite the reality that most attacks are done for money, any kind of attack has the potential to be greatly harmful. The theft of money and information is a serious risk presented by all three: you have to be vigilante against the threat(s) provided by all of them.
On a more global scale, how do you see the trajectory of future international conflicts, especially between states : will there be an increased migration, if you will, towards Environment 3 in this regard?
That’s a good question but unfortunately I don’t have enough data to give you a confident answer on this topic. However, for anyone online, for anyone who is connected, a system is a system, and an organization is an organization everywhere. The digital infrastructures are very similar : so, everyone in the digital world is at the very least at risk of attacks, if not already the subject thereof. So, for sure they have to protect themselves, and provide a risk analysis: as much countries as large organizations and individuals.
What can the average person do to better prepare themselves and try to ensure a more secure existence in the information age?
I urge everyone to better educate themselves on the possible threats out there, and to be vigilant. It’s often the small things that get to us: some hacks are accomplished throughout the creation of URLs that differ only by one letter or character from the original/official one. The reason I say that using a Netflix compatible VPN is important is because it helps to protect your privacy and your security on the internet. For example, imagine you want to do some online banking but you have a typo in your URL that takes you to a hostile version of your bank’s website. It’s basic things like this that the home user has to be aware of. Making yourself aware of your surroundings and the preventable threats facing you is imperative.
Taking it one step further, if someone wants to get into cybersecurity, what is that they need to do and/or keep in mind?
That depends on which side of the coin they’re interested in: business or technical. For the business side, you don’t even have to know cybersecurity that much. There’s such a professional shortage that there are people coming into the field from a host of other sectors: they keep up and they learn.
Now, from a technical standpoint, you can start as a junior and make your way up gradually by continuously learning on the job. Or, you can get yourself a certification that is very well respected in the market such as the Certified Information Systems Security Professional (CISSP).
Mate Foldi