Eng. Alberto Friedmann, CEO of Codeco Mexico deeply analyzed the current state of cybersecurity in Latin America.
By Duván Chaverra Agudelo
The topic of cybersecurity has taken on such an important relevance as it has never been presented before. The pandemic, the home office, the increase in the strategies of cybercriminals, among other reasons, raised the need to know more about the subject, to implement customized solutions and to further protect the assets of companies.
To delve much deeper into all these aspects, we spoke with Eng. Alberto Friedmann, CEO of Codeco Mexico, an expert in the field of cybersecurity, who analyzed this sector and shared some recommendations on its correct implementation.
VDS: What is your general analysis of the issue of cybersecurity in Latin America?
Alberto Friedmann: In order to analyze the level of cybersecurity in LATAM, we have a metric that shows the certain level of development and preparation of each country in five pillars related to computer security that encompass legal measures, technical measures, organizational measures and development and cooperation capacities. The metric is integrated by the ITU Global Cybersecurity Index 2020 (GCI= Global Security Index of the International Telecommunication Union), which rates 182 countries and shows the position they occupy within the ranking. The countries with the best indices (for the present case we only mention the world position of the countries of the American Continent) are - USA which is in place 1 and Canada in place 8; later and further behind in the ranking, there are the countries of Latin America (LATAM) where Brazil occupies the highest position with the 18th place, followed by Mexico in the 52nd and later followed by Uruguay 64, Dominican Republic 66, Chile 74, Costa Rica 76, Colombia 81, Cuba 82, Paraguay 84, Peru 86 and Argentina 91.
Once the classification is shown, we can mention that Cybersecurity in LATAM has great deficiencies in most countries, since there are few concepts, laws and elements to be executed in an adequate environment; In addition, there is a shortage and little preparation of resources to counter the threats of cybercrime.
It should be noted that LATAM is the fourth largest mobile market in the world, where more than half of the population uses the Internet in addition to the fact that governments increasingly use digital media to communicate and provide services to citizens. There are also shortcomings in terms of prediction, prevention and mitigation of the risks of all malicious and criminal activities in cyberspace.
Four out of five countries do not have adequate cybersecurity strategies or lack protection plans for mission-critical infrastructures and systems, in addition to the fact that two out of three countries do not have a cybersecurity command or control center and many of the prosecutor's offices do not have the capacity to investigate and prosecute cybercrimes. Protecting citizens or organizations from cybercrime cannot be a simple option, as it is a key foundation for the development of the region. It can be concluded that the LATAM countries maintain a significant lag in terms of cybersecurity.
VDS: What are the most immediate challenges facing the cybersecurity industry?
Alberto Friedmann: The main and immediate challenges are related, among others, to digital payment systems and digital commerce, remote care, social security and health systems; the various governmental and private systems; the identification and dissemination of false information or disinformation, software, hardware and applications without updating or obsolescence; the inclusion and advancement of different communications systems, for example 5G.
Mobility, automation, artificial intelligence, machine learning, operation and cloud attacks; early detection of malware, as well as human interaction with equipment, systems and applications; phishing, culturization, education and training in general; knowledge of variants and new attack techniques, their analysis, prediction, prevention and mitigation, particularly with regard to Ransomware and its early detection; the development of integration and modernization of encryption processes in different authentication and identification processes and systems; the analysis and evaluation of risks at the different stages of the processes and procedures, as well as the detection and assessment of those weapons that may have a double edge.
We must also analyze the use and development of new detection tools with the use of artificial intelligence and machine learning, as well as the generation of behavior patterns, integration into decentralized identification systems with more advanced techniques, for example with the use of blockchain, and finally the use of intelligence for detection, identification, analysis, traceability and identification of the different cybercriminal groups, among others.
VDS: What needs does the electronic security sector have in terms of cyber attack situations?
Alberto Friedmann: In this regard, it is worth mentioning that basically cybersecurity focuses on the set of procedures, processes and tools that are integrated for the protection of data and information that is captured, generated, identified, processed, communicated and stored in different digital media, such as controllers, computers, servers, mobile devices, networks and in general in electronic systems.
When the electronic security sector is involved and uses the aforementioned elements and concepts comprehensively, it must align itself with cybersecurity in practically all aspects. So one of its main and primary needs is to integrate immediately and fully into the cybersecurity ecosystem, adapting and integrating into its operation and validity the global schemes, techniques and procedures of operation and management. This means that the electronic security sector has as its primary need and objective, to be a fundamental part of cybersecurity management processes.
VDS: Do you think that the electronic security segment is well protected against possible cybercrime attacks?
Alberto Friedmann: Currently it is visualized that there are some advances in this regard with certain manufacturers, suppliers and integrators, however, they are presented as isolated, particular cases that are not synchronized, so it can be said that this sector only has incipient protections both in the technological and in terms of procedures, resources and training, in the face of possible incidents of cybercrime.
Attacks can come from both internal and external causes of different organizations and the vulnerability that systems, equipment and infrastructure can present due to the lack, lack of integration and adaptation of the elements, concepts and policies of comprehensive protection against cyberattacks and cybercrime is evident.
VDS: How has the hacker or cybercriminal evolved in recent years?
Alberto Friedmann: Cybercriminals evolve remarkably day by day, form and integrate organized groups, in addition to maintaining companies with highly specialized teams. On the other hand, they are characterized by updating, technifying and automating procedures, as well as attack techniques in order to achieve greater and better results with high efficiency and productivity. They use increasingly new and advanced techniques both in the use of malicious programs (malware), in addition to those that are used to exploit vulnerabilities in both people and systems, equipment and infrastructures, as well as the use of methods and procedures of attack and insertion and operations. It should be noted that while there is a large number of individual cybercriminals who act as black hackers or malicious hackers, the greatest danger lies in cybercriminal organizations, which currently already operate as organized crime.
There are different types of hackers, we will mention the three main ones: those with black hats, who are basically criminals and do not have any ethics; on the other hand, there are those with white hats or "ethical" and are those who are usually dedicated to investigating, detecting and finding vulnerabilities, as well as executing penetration tests, but always with the exception that they only use "ethical mechanisms and procedures"; and additionally there are those with a gray hat, similar to those with a white hat but with the great exception that they do use "unethical" techniques and procedures in different cases.
It is worth mentioning that currently there is also an infinity and variety of tools and search engines that are available, such as Metasploit, Nmap, Hydra, Netcats and the Shodan search engine, among others. These tools are used for both hacking and pentesting, in addition to the fact that, due to the ease of access to them, there has been a notable increase in malicious activities today.
VDS: What do you think of the Cloud?
Alberto Friedmann: The cloud is a fundamental component of the current digital ecosystem and is one of the present and future technological elements for the operation and performance of multiple organizations and processes, to obtain integrations, operations and solutions in critical operation and productivity environments.
The cloud will be secure and reliable, as long as all the correct and accepted security requirements, procedures and policies for this environment are observed and complied with.
VDS: In what aspects should the security system operator be trained more to minimize the risks of cyber attacks?
Alberto Friedmann: The first training must be directly related to the correct safeguarding and operation of application equipment, systems and information, always considering the basic practices of information protection, along with the corresponding operation and protection policies that must be aligned with an institutional regulation, such as the one associated with ISO 27001 and 27002, together with the basic elements for the assessment of risks and vulnerabilities in the field of action.
Additionally, it is of vital importance that users of electronic security systems know and have real awareness of the value and risks they face due to the use and operation of tools, equipment, applications and resources, being under their protection or custody, and in the same way with the information that is handled, for the above concepts. Likewise, there must be training in terms of the procedures, prevention, management and administration of the risks they may face and, where appropriate, those processes of mitigation and remediation of events that may arise associated with the equipment, tools and information. Finally, there should be training in good and best practices, as well as in compliance and governance of procedures and information.
VDS: What are the main cybersecurity solutions recommended for video surveillance projects?
Alberto Friedmann: As video surveillance systems are information systems, they must be aligned with all the corresponding and inherent practices of information security and cybersecurity; have management tools and procedures for security and protection, the analysis and detection of vulnerabilities, along with the training and awareness of human elements involved in video surveillance projects.
Additionally, good and best practices must be contemplated and had both in the generation of projects and in their operation. Some examples correspond to the fact of keeping the applications, equipment and infrastructure updated, in terms of licensing and operational updates, in addition to the fact that they must be current and tested. For access in general, strong, secure, updated passwords (access codes) must be maintained and additionally it will be preferable to integrate processes of at least double authentication.
It is also essential to properly configure the systems both globally and in a particular way to the logical ports, enabling for example, only those necessary for the correct, safe and adequate operation. Additionally, it is a priority to maintain a policy to have control of permissions and access.
On the other hand, it is recommended that the information be kept in a defined environment and infrastructures with backup, either physically or virtually and in case media are shared, the use of VPNs is favorable. Finally, the fact that the entire structure of the system including devices, applications, controllers, infrastructure, interfaces and communications are integrated into a defined and comprehensive concept of cybersecurity and information security, including the people involved.
VDS: How do you see the future of the cybersecurity industry?
Alberto Friedmann: In order to have a future perspective, you have to know and have control of the present. Under this premise it is a fact that cybersecurity must be synchronized with the advances and technological developments that are presented day by day. The challenge to the future is enormous since it is essential to keep in mind the dynamics in the evolution and technological development, it is essential in all aspects to go one step ahead of the techniques, attacks and criminal tools.
On the other hand, it is essential to integrate processes of prediction, prevention, identity management, encryption and decryption processes with reliable and efficient automation, using current technological concepts and tools such as AI, machine learning, as well as strengthening and compliance procedures, in conjunction with laws and legislations. In addition to covering the use and improvement of best practices, always with the support of the advances and development of programming, communications, the increase of capacities and the evolution of both processing and behavior and ideas.