The most important event on computer security in Latin America, the ISEC Infosecurity – On Site Tour 2022 – 'A New World Tour', was held last Friday, July 15, at the JW Marriott Hotel Caracas, and numerous experts in the field were present, including the ethical hacker Rafael Núñez Aponte, our director at MásQueDigital and MásQueSeguridad.
The conference, whose main objective was to share experiences on cybersecurity and digital security solutions for companies and organizations, was held in support of Aldeas Infantiles Venezuela, a non-profit organization with more than 42 years in the country working in the prevention of the loss of the family nucleus in children and adolescents.
Technology and people
The round of presentations by experts began with Juan Villegas Azuaje, CEO of Infrasoft (CyberArk's commercial partner in Venezuela), who spoke about identity security, the trends currently driving this concept, and the challenges posed by new technologies and digital evolution in the human factor.
Representatives from Blackberry/NetReady and ADV Consultores then spoke, and both explained the processes to be followed in the business environment when implementing IT security solutions, as well as the country's remaining shortcomings in terms of technological infrastructure.
Rafael Núñez Aponte and the mentality of a hacker
Rafael Núñez started his presentation by congratulating his colleagues and agreeing with them regarding the current synergy between technology and the human part, which always turns out to be the weakest link in the cybersecurity chain.
He then showed a video narrating his story as a 'gray hat hacker' (who are those who do their thing with no bad intentions and only in order to help webmasters realize their vulnerabilities), his participation in the famous 'World of Hell' group, the hacking records he broke in it being its leader, and how that experience led him to be eventually arrested in the United States.
About these experiences he said that they helped him understand the importance of protecting himself, especially taking into account his hacker mentality, which always drives him to think about all the processes behind the huge web of codes and data that is hidden behind a web portal.
That mentality, Rafael Núñez Aponte recounted, is what made him recognize that in Venezuela there were (and are) many obsolete online security systems that, if worked on, would not really require so much work, and he cited the multiple tools presented by different companies in the field in the presentations prior to his at the event.
"I have seen over the years that investors in companies are reactive and not preventative. Until the incident happens they don't react," he criticized, adding that business leaders need to be more proactive, attend cybersecurity conferences, learn about the subject and build for their companies a technical and human team to address the issue.
This need is urgent because, he explained, attacks abound in the world, with novel and sophisticated systems evolving non-stop and affecting not only companies but entire countries. "If it happens to state security agencies, how can it not happen to us," he reflected.
He insisted on the importance of having security systems… but not boasting about them because, in his opinion, that is a good tactic for hunting down potential attackers, especially those who operate within companies. In this sense, he recalled that it is essential to raise awareness and educate inwards, targeting the employee, as he or she is often cannon fodder for organized crime.
On the other hand, Rafael Núñez Aponte explained how current scams are developed, especially via social networks or Whatsapp, and reiterated that personal care is unavoidable, which is why multiple aspects must be taken care of, such as from where a person connects, to knowing how to recognize changes in behavior in contacts and close ones. "The human factor must be taken care of," he said.
Finally, our director at MásQueDigital and MásQueSeguridad offered some prevention recommendations, particularly asking companies to regularly check if their systems are obsolete. He also urged to have contingency plans, not to neglect security in the world of cryptoassets and mining, to be attentive to the risks of reputational damage, and even joked on the need to have a hacker himself, one who like him in the past is able to help any company to know how to identify its vulnerabilities.