Tell us a little about yourself. What does your job at Telefónica involve?
A few years ago I joined the great Telefónica Tech team in one of the areas with the highest growth in recent times, cyber security. One of our objectives is to offer the best set of solutions to customers who trust Telefónica to safeguard and protect their information and assets from all digital threats (and some not so digital ones).
My current focus is completely customer-oriented. This means that we have to advance with the particular needs and challenges of each organisation, studying each case in a personalised way and trying to find the best possible solution.
In my current role I perform the functions of a cybersecurity consultant, although it is true that, given the circumstances, those functions become that of a cybersecurity architect or engineer (or whatever is required).
In this sense, as mentioned, we act according to the needs of the project and the client, we are versatile and we are not limited by a single task. That’s also one of the things I like about my day-to-day work, we try not to get bored.
Why is cybersecurity so important in our daily lives?
More than important, it is essential and, first of all, it is important to point out that ‘cybersecurity experts’ do not set passwords for fun, there is a lot of evil behind the idyllic world they want us to see, and it is better not to know the bad part.
Just as technology is advancing by leaps and bounds, and our digital life is ‘eating up’ much of our more traditional life, cybercriminals are advancing accordingly in an attempt to obtain greater profits. Hence the need and importance of applying cybersecurity in all the actions we carry out in our daily lives.
We are not talking about three or four, but billions of attacks in both professional and personal environments. We are constantly exposed to the risk of giving our most private information to malicious actors of all kinds, whose only objective is their own benefit.
Sometimes, we are not fully aware of the enormous danger that exists on the Internet (and outside of what is not the Internet), and how a terrible surprise can come our way relatively easily. An email, accessing a website, a text message, a telephone conversation, etc., just by making a single mistake, is enough to cause certain problems in our digital life.
Hence, cybersecurity is present in every digital step we take. Normally, this cybersecurity is always transparent, but that does not mean it is not present in every movement, and enforcing this is not an easy task either. In other words, we professionals strive to increase the level of security without directly affecting users or services, and even if we don’t realise it, there is a lot of work involved in these simple, day-to-day actions.
What are its main components?
From the purest point of view of cybersecurity, we could say that it has five fundamental pillars: confidentiality, integrity, availability, authenticity and non-repudiation.
This covers the whole spectrum of cybersecurity, but, honestly, I feel it is a bit too ‘theoretical’. Personally, I prefer to define cybersecurity as the branch dedicated to the protection of information and the secure availability of all digital assets. And although the previous statement may fall a little short in some scenarios, I think it better captures the essence of cybersecurity.
In any case, when we talk about cybersecurity, we have to remember that the most important thing is the information. Many controls are based on this, focusing on protecting it. For example, publicly revealing the data of its direct customers can mean great losses for an organisation, even its closure.
In this way, we also find different classifications based on the criticality of what we want to protect, the degree of exposure, the associated risks, etc. It is a good model of where we have to focus our work or where we have to invest more time (and money).
I also want to emphasise the human aspect, because we have to bear in mind that within a cybersecurity team there are various roles or components, including those dedicated to the operation itself, colleagues dedicated to management, groups focused on information security itself, etc.
In other words, within the same team we find a diversity of functions, all of them focused on protecting and defending against malicious actors. And not all of them need to know the technical details of the threats, but can focus, as we have said before, on what is most important to protect.
As users, what can we do to preserve it?
End users, obviously including myself, are largely to blame and also have a great deal of responsibility in terms of decision-making. Far from technical and even boring measures, I always emphasise something applicable to almost any action in life, common sense and mistrust (by default).
Perhaps it is surprising and although it might be better to present an endless list of controls, measures and recommendations, I don’t think it would change the film much either. I honestly think it’s best to act ‘with your head’. In today’s world, nobody gives anything away, and in digital life even less, rather the opposite.
Before any action, even a routine one, we should stop and think, be suspicious, verify what we want to do, and once verified, act. This may seem a bit ‘silly’ or not make much sense, but what we should never do is trust everything and everyone, it’s a big mistake. By stopping for a minute to think, we can make great progress in cybersecurity.
To finish and beyond what has been said above, as I was saying, there are a billion technical recommendations applicable to our devices or environments, if we were to start quoting them all this interview would never end. The good thing is that we have a blog at Telefónica written by exceptional colleagues where we can gather much of this information.
What advice could you give for keeping mobile devices secure?
We recently wrote an article about this on the blog, where I try to go over certain settings and recommendations related to mobile devices.
It is quite important to maintain a minimum level of cybersecurity on these devices given the amount of time we spend with them and the growing threats surrounding them. A few simple actions will keep us safe from many problems.
To highlight some of these settings and recommendations:
- Keep devices as up to date as possible.
- Use two-factor authentication whenever possible.
- Make backups.
- Be wary of (or better yet, don’t use) public WiFi or charging points.
- Pay attention to web links in emails, SMS messages, etc.
In a field as constantly changing as cybersecurity, what would you recommend to people to keep up to date with the latest developments?
It is true that every day (and practically every hour or second), new threats, types of attacks or vulnerabilities appear that affect our environment, and it is complex to know about them all. From my point of view, I believe that as users we do not need to know every type of threat in detail, but we do need to be informed about the most critical events.
Fortunately, there are many digital media that make news public. A clear example that I would like to highlight is the National Cybersecurity Institute (INCIBE) in its service to citizens. On this portal we can find notices of the latest campaigns, recommendations, tools or different forms of help. In relation to the latter, they have a direct contact where you can make any query related to cybersecurity.
Likewise, and as we have been saying, there are many websites that provide information about threats and news. We can say that the more sources the better, including Telefónica’s blog, of course.
What challenges does cybersecurity face in the future?
I certainly think that we live in times of great change where cybersecurity is going to play a very important role and one that is also full of great challenges. We can talk about these issues for days, but I don’t think that’s the intention, so I will highlight some of these challenges that are already present today.
Starting with ‘what everyone is talking about’, Artificial Intelligence is already altering a certain part of cybersecurity. As it advances, complex attacks that previously required a great deal of preparation and extensive knowledge can be automated and carried out. Like everything else, AI is a great tool for work, but it is also a big problem if it falls into the wrong hands.
On the other hand, we are moving towards a world where everything is connected, and whose purpose is to help us as much as possible. I am talking mainly about the IoT (Internet of Things) world, where most domestic (and even unexpected) devices will have their own Internet connection. This is also a challenge for cybersecurity, as all these assets have to be massively protected to prevent them from being compromised.
Another important challenge will be quantum computing. This may sound like something out of a film, but it is very real and already in development. The main problem or challenge is directly related to cryptography.
For those who are not familiar with it, in the world of cybersecurity, the main formula for protecting information is based on the use of cryptographic algorithms. With current systems, decrypting this type of algorithm is tremendously expensive, but for quantum computing it is quite ‘simple’. So, as it progresses, so too must the so-called quantum cryptography be developed.
The implementation of Blockchain is more a solution than a challenge. Although there are more and more projects and it is becoming more widespread, it is still a technology with little presence. However, this does not make it a bad alternative; on the contrary, it can be an excellent solution to many current problems.
To summarise very briefly, Blockchain offers a decentralised and immutable model for recording transactions. This eliminates a single point of failure and secures the data.
Finally, I would like to highlight an ongoing challenge that we often ignore, which is the privacy of our personal information. Today, despite many interesting data protection regulations, it is still a problem, and as other techniques such as AI or the aforementioned IoT advance, our privacy or the exposure of our data will continue to be a major challenge. We can also help with this by not ‘selling’ our information on the internet for free.
Who do you work with at Telefónica? Who do you nominate for this interview that you consider excellent in their work?
It’s difficult to choose just one person from the magnificent Telefónica team. In this case, I will include two colleagues in the nomination if possible. Noel Calderón Montero and Javier Marcos Herrero are two true whizz kids of cybersecurity who accompany me in my day-to-day work and make everything easier. I encourage you to write about your story!
