Maintaining cyber-security is of great importance to any business. The problem is how to develop a coherent strategy and how to recruit people with the right skills. This can prove challenging in the context of a cyber-skills shortage. Globant specailizes in meeting such challenges and has a road-map for strategy development.
To learn more, Digital Journal spoke with Pablo Villareal, CISO at Globant.
Digital Journal: How significant is cybersecurity for businesses?
Pablo Villareal: Nowadays, cybersecurity should be a key practice for every single business. I can’t think of a single business that doesn’t work with technology on a daily basis, whether it’s through email or home banking services. Of course, as companies grow and become more complex, and the more they rely on technology in core business practices, the more necessary a proactive cybersecurity strategy is.
DJ: What are the most dangerous types of cyber-risks?
Villareal: There are no top 10 cyber-risks that are the same for every business across the board. There are the usual suspects, phishing for example, but each risk depends on how each unique company defines specific threats. However, generally speaking, we could say that data exposure is always a potential risk, and while it may not lead to a direct economic or financial impact, it may negatively affect branding and customer trust in an organization.
DJ: Where do most of the cyber-risks originate from?
Villareal: Most cyber-risks originate from people. Companies are investing more and more in protecting their information, whether that be personal data, financial data or IP, using technologies and talent training. Technology requires humans to understand what is being protected and apply the necessary rules to comply. If that fails, and there are no safeguards or automatic controls in place, then the potential for a breach is created, just waiting for someone to exploit.
On the other hand, when someone tries to get into a company’s systems, one of the easiest ways to break in – apart from the one mentioned before – is to simply ask through phishing.
There’s another kind of risk, also originated by people, that is the extensive use of rogue IT. Again, when there’s no cyber awareness training for employees, many people will try to use these kinds of unapproved technologies because it’s easier than asking IT.
DJ: How can businesses best meet such cyber-challenges?
Villareal: Training is a key factor for cybersecurity best practices, and having the proper processes in place to detect risks is essential to take the next steps: Avoid, Accept, Mitigate or Transfer. Many businesses don’t yet have the proper resources to detect these risks.
Staying on top of cybersecurity requires a lot of time, technology, people and finances, which are not always a given for small businesses. This is why training is so important across the board, so employees have a base knowledge of potential cybersecurity issues.
DJ: Is there a cyber-skills shortage?
Villareal: Yes, there is a growing IT skill shortage in general, and information security skills are no different. On top of that, the need for cybersecurity staff has grown over the last decade, but the exposure for cyberattacks and data leaks have grown far more quickly, creating a huge shortage of highly-skilled professionals in the area.
DJ: What types of technologies can best aid businesses?
Villareal: First, businesses should invest in the basics of firewalls, DLPs, antivirus software, encryption and proper employee training to use these solutions. In addition, user solutions that provide behavior analytics are another great way to understand what’s happening with the people working in your organization. There have also been strides in technology and services that can help test for security configurations and deviations, which can be a beneficial, proactive measure for many organizations. Regardless of the solutions organizations invest in, business leaders must be aware of how much data they can process, along with knowledge of how to make that data make sense and actionable in order to get the most out of their tech investment and ensure it’s making improvements throughout the organization.