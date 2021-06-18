Considering that today cybercrime is a well-organized and capitalized industry, generating cybersecurity programs aligned to the needs and threats that can affect business should be one of the top management’s priorities, said Erick Robles, Partner of Deloitte Spanish Latin America Cyber ​​Risk.

In an interview, the expert argued that cases such as that of the Colonial Pipe company, where a ransomware attack impacted not only on the organization’s operation, but also on the supply of gasoline among users and the increase in product prices, They alert companies to have an incident response protocol and act more proactively, wondering if they have the ability to detect threats.

“Definitely in companies it is urgent that they incorporate cybersecurity programs from two objectives. One from the awareness to the top management that this is a reality and that cybercrime does not only attack the financial industries. We must make them see the possible impacts derived from these criminal organizations, such as production stoppages, manipulation of controls, fraud and many others. And the other point has to do with surveillance programs, which refer to the continuous incorporation of adversary simulation techniques to have the certainty that they have the ability to detect threats ”, he shared.

According to Robles, the biggest challenge in cybersecurity is the enabling of the programs, because this depends on the importance that top management gives it.

What to take into consideration for an effective cybersecurity program?



Do we know the threats that can affect our company and that are directed to our industrial control systems?



Do we have the ability to detect threats targeting our industry?



What is our recovery plan at OT (Operational Technologies) against cyber attacks?



How are we taking care of the interconnection of IT systems with our OT systems?



Is the cybersecurity office participating in the transformation process of our control systems?



Do contracts with third parties contemplate levels of services oriented to cybersecurity?

“Cybersecurity programs have already evolved, so it is important to have the capacity for prevention and to know when we can detect it or, failing that, why we cannot detect it (…) because I can have many technological controls and have people specialized, but the question is: Can we detect it? Can we prevent ourselves from threats? ”Robles added.

In this sense, Erick Robles shared that cybersecurity has a premise that says: “Do not ask yourself if you are going to be a victim, ask yourself how prepared you are to detect it in time, to contain it and to continue operating even when you have an attack.”

Where do cyberattacks come from?

Although Industry 4.0 brings great competitive advantages, by using technology to obtain competitive advantages, it may be opening security holes where an attacker can position himself within the network and try to manipulate vital systems.

In this regard, Robles mentioned that companies began to make use of the benefits of all these technologies, computing in the cloud, giving access and using wireless communication (Wireless) to facilitate the movement of information within organizations, without realizing that right here cyberattacks can sneak in.