Data protection is still hugely important for companies, and more so for those in sectors that manage particularly sensitive data, such as the financial industry. Alfonso Muñoz is Global Technical Cybersecurity Lead & Head of the cybersecurity lab at BBVA Next Technologies and one of the top 25 cybersecurity influencers in Spain according to IDG. Here he takes a look at the security risks facing organizations today, including Living-off-the-Land attacks or ransomware, as well as advanced measures for dealing with them, such as behavioral technology, threat hunting or pen testing.
In your 15 years of experience in the sector, how has cybersecurity changed? What have been the biggest changes that the area has undergone?_
Alfonso Muñoz: Over the last two decades, we’ve seen several notable paradigm shifts. On the one hand we have the professionalization of cybercriminal organizations and targeted attacks. On the other hand, the boom of communication technologies and their impact on organizations as far as IT security is concerned. Some clear examples of this are philosophies like BYOD, IoT, and so on. From a defensive point of view, I’d highlight the boom of multidisciplinary teams to detect and mitigate increasingly sophisticated attacks and increasingly large exposed areas.
As for changes, I think hyperconnectivity and the accelerated lifecycle of both software and hardware mean that defending systems and protecting data is a truly Herculean task.
Alfonso Muñoz, Global Technical Cybersecurity Lead & Head of the cybersecurity lab at BBVA Next Technologies
What direction will cybersecurity take in the future?_
A.M: Cybersecurity problems are, in a broad sense, the same as they were 20 years ago, just now they are amplified by the amount of information processed and shared, as well as by the technologies involved. Trends need to start shifting towards zero-trust, where behavioral authentication and authorization systems are key elements. Another important part is to properly manage risks, and ensure that, when working with data, it is in an encrypted domain,
Bearing in mind the fact that it is one of your specialties, what is the current roll of cryptography in cybersecurity, and what roll will it play in the future?_
A.M: The current challenge with cryptography is to successfully, and with enough flexibility, protect the broad range of systems and types of communications. In the future, the important thing will be to provide mechanisms that make it easier to work in an encrypted domain (the information is processed when it is already encrypted) when hardware capacities allow this. It will also be important to bring new, lightweight, cryptography solutions to mobile and low capacity devices in order to increase global communications security.
In your opinion, what are the most dangerous cyberthreats for companies these days?_
A.M: Right now, the risk of information being stolen, manipulated or hijacked via multiple exfiltration mechanisms is still the leading threat.
Back in September, a Russian citizen was indicted in the USA for stealing the data of over 80 million JP Morgan customers. Financial institutions tend to be one of the most popular targets for cyberattackers. What measures should they take to protect their data and their customers?_
A.M: Luckily, in Europe, the legislation currently in place is a strong enough guarantee, and companies have the obligation to properly implement it to stop attacks or situations like in JP Morgan.
Over the last few months, we’ve seen how several public administrations have suffered ransomware attacks, such as Baltimore or Jerez Municipal Government What can institutions do to protect themselves?_
One important recommendation is for systems administrators. Most operating systems provide mechanisms to mitigate, and at times stop this kind of attack using policies and commercial or open source tools, such as Anti Ransom.
On the other hand, a useful measure is to pay attention to the backup system, ensuring that backups are made periodically and that they can be recovered. It is also important to make sure that, in the event of a malware infection, these backups cannot be modified by the malware.
How can we deal with cyberattacks that use Living-off-the-Land techniques or fileless malware, given that they can get around the most common cybersecurity measures?_
A.M: The industry trend is focused on behavioral technologies. Even if an attack uses legitimate system tools, the system itself could be used to identify improper or uncommon uses that would allow us to identify the attack.
What benefits does threat hunting provide compared to more reactive or traditional cybersecurity strategies?_
By definition threat hunting is a proactive approach to detecting and isolating threats that are able to evade existing solutions. This is why developing these capacities along with current, and future, security technologies provide an appropriate blend of protections.
How useful for professionals are concepts like pen testing and Red Team – Blue Team simulation exercises?_
Pentesting is an ideal way of detecting vulnerabilities and possible attack vectors. The ideal situation would be for it to be as concurrent as possible, and for it to be included in the technology development cycle, and not just at the end. On the other hand, Red Team simulation exercises tend to be a more realistic representation of an attack on an organization, replicating its persistence and exfiltration of information. All organizations should continually use both processes .