Interview with Ana Mª González Monzón: Computer Security, key to the survival of any Company
Within the campaign of prescribers of cybersecurity from REALSEC, today we have an interesting interview with an expert in computer security, Ana María González Monzón.
Ana María is a professional with over 25 years experience in Information Technology. She has focussed in the field of computer security in the last six years where she works as a consultant.
In addition, she is a regular contributor for the security section of the technological magazine Baquia.com and pulsarec.com.
- From your point of view, how has the computer security world evolved over the past decade?
In my opinion, the threats have exponentially increased both in number and complexity of attacks. Cybercrime has become one of the most lucrative businesses. According to the Centro Criptológico Nacional de España (CCN), each year, cybercrime pushes more than 575,000 million dollars, above the nearly 300,000 million dollars annually from drugs and 250,000 million pushing prostitution even beyond the sale of weapons and drug trafficking. Therefore, companies should be aware that they have to take proactive steps to keep the security of their information as well as their brand image.
- Do you think there is a true “culture of cybersecurity” in Spanish Organizations?
Although a large awareness campaign is being done since last year, on behalf of the media such as television, from different governmental organizations such as CCN and INCIBE and also through the organization of several events such as the Campus Party, X1RedMasSegura, and MundoHacker Day, among others, Spanish Companies still do not allocate enough budget to computer security.
Financial managers are the ones responsible for expenses in a company. They are used to planning new investments if the return on investment is guaranteed. In the case of computer security, it is very difficult to ensure a ROI. Therefore, you should deal with it just as if you were hiring an insurance policy. It is an essential expense where you cannot see its tangible benefit until an incident takes place.
On the other hand, we are witnessing a change in trends with regard to the aim of cybercriminals, which is enabling computer security to be taken more into account in SMCs. Recently, the targets of computer attacks were large companies of which they aimed to discredit, plagiarize, or extort. But now, the cybercrime has come closer to small businesses through the known Cryptolocker. This is precisely what people fear about this famous mutant virus which is so difficult to fight and what is helping many companies take computer security seriously and take a course of action.
- As a computer security consultant, what areas are the most demanded?
Currently, the issues that most concern clients are the contamination of the corporate equipment by the Cryptolocker or any other Trojan that is spread by email phishing techniques and on the other hand, attacks which many websites are suffering from. An attack of this sort can paralyze the activity of the companies whose businesses mainly deal on online services.
Both threats can be solved, but in most of the organizations, several security measures should be taken because most are generally quite unprotected.
- In your article “Memorias de un perito forense” (Memories of a forensic expert), you highlight the importance of digital evidence in forensic information technology. Therefore, do you think that the Digital Signature could be the key for the validation of these processes?
It’s true that the Digital Signature can be the key for a judge to be able to properly solve a judicial procedure. In court cases where an email is provided as digital evidence, in order for this not to be contested by the opposing party, a series of facts should be accredited to prove its identification, authentication and message integrity. The procedure will then be shortened and would have greater evidential value in a trial if the mail had been digitally signed.
- In your opinion, do you think that the people in Spain have understood what a digital signature and an electronic signature is?
In general, in Spain, I think that there is some confusion between these two terms, especially since the use of the digital signature is not even too extended despite its clear advantages. Although its use in the Public Administration is fairly widespread, in transactions in the private companies is not yet a general practice since many of its operations are carried out by traditional methods. Among the benefits of the use of the digital signature, it is worth mentioning the guarantee of the identity of the signer as well as the integrity and confidentiality of messages.
As the use of electronic transactions with legal value in the Spanish market is expanding, a growth in the need for SMCs has been observed to integrate digital signature systems in their information systems.