César González Lobo, Telecommunications Engineer, Master Information Security Management and CISSP, with more than 15 years of experience in the information security sector working with large companies such as Iberia, BBVA or Daimler, is the new head of product strategy and security of Kymatio.
Interview with César González Lobo, CPO / CSO of Kymatio.
César González Lobo
Among all existing security products, is there really a gap that needs to be filled?
Internal risk is the pending task of cybersecurity. Until recently, security focused exclusively on the protection of the perimeter. At present, the perimeter has blurred due to interconnections between companies, the use of cloud services and the proliferation of mobile devices that are remotely connected to the organization, so security efforts have now been directed to this new paradigm.
But internal risk, although it has always been known by security teams, has not been properly managed. First, because as I said before, the focus was different. And second, because the technological solutions were designed to defend against the external attacker and its reuse to manage internal risk made it understood as a variation in which the “enemy” is inside. That is why these products are not designed to adequately manage internal risk.
The internal risk is obviously that which is generated within the organization and in its origin are people with access to it. But if we consider employees as potential attackers, we are not understanding the problem.
Kymatio considers the people in the organization as the first and last line of defense in information security. That is why they are the center of our solution, and the objective is to help them and the organization so that the internal risk is minimized so that the probability of materializing threats is as low as possible.
What is internal risk management?
Risk management is the process by which risks are identified and analyzed, depending on the value of the assets, the potential vulnerabilities, the threats to which they are exposed and the probability of such threats exploiting the vulnerabilities. Subsequently determine how to act (acceptance, mitigation, avoidance or transfer).
In the case of internal risk, the vision we have in Kymatio is that people are equivalent to “information systems” in the traditional paradigm of computer security, that is, they handle information, have vulnerabilities and are targets to threats.
Internal risk management, following this approach, implies identifying the vulnerabilities and threats associated with people, estimating the probability of materialization and calculating the risk from the possible impact on the assets. And, finally, propose the mitigating measures to reduce the risk to the levels that each organization deems acceptable.
How can you reduce internal risk?
From Kymatio’s point of view, the risk is reduced by acting on people and their environment. There are technological tools focused mainly on the detection of incidents that, even in their earliest stages, are always postmortem , or at least during the occurrence of the incident. Other systems seek to prevent risk actions (such as data leak prevention systems or DLP), but are only focused on computer systems.
Kymatio proposes actions aimed at employees and departments of the organization, according to their typology, so as to reduce the possibility of an incident associated with people. Likewise, we support the use of existing technological tools, but used efficiently, where they are truly needed and where their benefit is greater.
The idea is to act at the earliest possible stage, that is, Kymatio does not seek detection but prevention, indicating the available actions that allow “deactivating” the risks before they materialize.
What does the motto “Activate your human firewalls” mean?
For Kymatio, people are the first and the last line of defense in information security.
Many attacks are targeted to people (phishing, vishing, extortion, etc.) and will be stopped immediately if people know how to recognize them and act accordingly. In these cases, they are the first line of defense.
On other occasions, technology-based attacks (such as different varieties of malware) can spread across the organization, overcome different protection systems, such as antivirus, intrusion detection, firewalls, etc. and it may be the people themselves, if they are duly aware and involved in the organization, who can detect these situations and prevent them, or if necessary give the alarm to act; being, as we said, the last line of defense.
Kymatio seeks to “activate” these aspects of people. By understanding the human factor and taking efficient and personalized actions, employees will be an essential element in the prevention and even deterrence of security incidents.
For more information contact the Kymatio team.