That was the view of Pedro Pablo Perez, Telefónica’s VP of global security, who was a panellist on this year’s Capacity Latam panel on cyber security.
Pablo Perez said that in some regions, including Latin America, regulations around security were very complex for local operators. Those rules, he added, should be applied equally.
“Telefónica has invested heavily on security as part of being a digital telco,” he said. “Within Latin America we are a little bit away from what happens in Europe.
“We have some regulations and guidelines around critical infrastructure, but each country has a different regulations. In Brazil we have some local regulations which are quite complex for local operators. So we should take some measures that assure the minimum of security but the same rules should apply equally.
“Regional regulation for cyber security doesn’t work. The same rules should apply to everyone, globally."
He was joined on the panel, which closed the two-day conference, by Wellington Lordelo, verticals coordinator at Equinix; Renato Moura, consumer business director at Kaspersky Lab; and Hector Grynberg, regional security director (Latin America) at Time Warner Inc.
Kaspersky’s Moura said that one key element to improving data security is education and improving the behaviour of employees.
He explained: “Our founder Eugene Kaspersky is concerned with critical infrastructure and governments, education is the most important factor. 32% of data leakage could be avoided with education and the human factor, so we hope to improve this culture to work to prevent this.”
“The responsibility for security falls on everyone – from the smallest employee right up to the CEO of the company. There are malicious apps out there so we have to be aware of threats, and the industry cannot deal with the speed of the smaller apps out there. But the user does not know they are malicious either.”
Time Warner’s Grynberg agreed with this view, explaining the value of good planning and preparation is a preventative measure for cyber attacks.
“Good planning makes life easier for security,” he said. “As much as companies define the tolerance to risk, it is easier to be protected and not suffer this kind of attack if you’re prepared.
“It is not corrective actions, but investments in intense training in how to avoid being victims of ransomware or similar types of attacks. The investments in training will be reflected by a lower amount of attacks on the company, but initiatives going against any type of attack is always positive.
