Tell us a little about yourself. What does your job at Telefónica involve?
Since I started working for Telefónica Tech in 2019, first as an external contractor and then as an employee since the end of 2022, I have had the opportunity to work with different clients, projects and environments related to cybersecurity.
I am currently working in a small Technical Office with four people dedicated to a client whose main objective is to protect information systems, networks, devices and data from cyber threats, attacks and vulnerabilities.
To achieve this goal, we rely on a series of specific tools and technologies such as antivirus software, firewalls, VPNs, active directories, group policies, email managers, cloud tools, CCN tools, etc.
We carry out a series of tasks such as analysing alerts and dealing with incidents, managing access, and administering and managing all the technologies and tools at our disposal. We then carry out another series of more specific tasks or projects such as migrations, updates, or customer requests related to security.
In this case, in the OT, as there are only a few of us, we all have to be versatile and know how to perform all the tasks mentioned above, although each of us is specialised in a particular technology or product.
In my specific case, as I belong to the Cloud Security vertical, my work focuses on administering and managing cloud security, which in the case of this customer is contracted to MICROSOFT. This includes managing email protection (EXCHANGE), computer antivirus (DEFENDER), information compliance (PURVIEW), cloud application security and active directory security in the cloud, among other things.
Why is cybersecurity so important?
More than important, cybersecurity is indispensable, especially in the digital age in which we live, where we increasingly use electronic devices connected to the network (phones, tablets, PCs, IoT (Internet of Things) devices), and we increasingly use open connections from these devices (internet: 3G, 4G, 5G, Bluetooth, Wi-Fi, NFC, …), we are using more and more applications and trusting them more, in the sense that we give them a lot of information directly or indirectly, through cookies, pixels, metadata, tracking systems, identifiers, etc., and, above all, because more and more data is being shared over the network and stored in the cloud.
For me, the importance of cybersecurity will depend, to a large extent, on the importance of the data to be protected. All data connected to the network in some way is exposed, to a greater or lesser extent, and will be more or less vulnerable to the endless cyberattacks that exist and are taking place, and it is thanks to cybersecurity that the vast majority of them are being blocked or mitigated.
How do you think it will evolve with technological advances?
That’s a difficult question. There are many technological advances, and in a short time they can lead to new advances or new advances can appear, and all of them are related to cybersecurity to a greater or lesser extent. But I would say that, among all the advances, there are two that are revolutionising the world as we know it, and, of course, cybersecurity: these would be Artificial Intelligence (AI) and Quantum Computing.
AI is automating numerous processes, such as code creation and highly routine analysis tasks, which until now took a long time to complete. This is leading to new types of attacks appearing more quickly, attacks becoming more sophisticated and even modifications to malicious software to circumvent current prevention systems. At the same time, the leading companies in the sector are adding AI-based solutions to their products to be able to analyse and protect more quickly in this new scenario.
Quantum computing is achieving specific data processing speeds that are unattainable for current computers. For example, it is predicted that all of the most secure encryption methods currently in use (RSA, AES, etc.), used in certificates, signatures and connection protection (SSL), could be decrypted and exploited in a matter of seconds. This is forcing a change in current connections. The SSL connection is being changed to make the initial client-server negotiation more secure, several companies, including IBM and GOOGLE, are creating new quantum-safe certificates, and companies such as TELEFONICA are already beginning to implement these and other measures for their customers.
What are the main threats to cybersecurity today?
There are many threats today, although the type of cybersecurity threat will depend on the objectives, both of the target of the attack and the objective of the attack. This will mean that attacks will be more or less delocalised, specific, dedicated and sophisticated. The main threats to cybersecurity include malware, social engineering attacks, password attacks, web application exploits, denial-of-service attacks and man-in-the-middle attacks.
However, for me, the main threat to cybersecurity is that everything is connected: devices, applications, the cloud, and any misstep, no matter how small, can be a security breach that brings down the entire cybersecurity framework. And we must not forget that in the vast majority of cases, it is usually more due to human error than to a problem with the security measures in place.
What types are there and what are their characteristics?
The threats described above can be classified into the following types and characteristics.
Malware is malicious software that can cause many types of damage to an infected system. The most common types are: ransomware, which encrypts files on an infected device and demands a ransom to restore the data; Trojans, which pretend to be legitimate software; and spyware, which is designed to spy on and collect information about the user of an infected computer.
Social engineering attacks are a set of manipulation techniques that seek to obtain personal data and confidential information from users. Among the most commonly used are phishing, which uses techniques to trick recipients into performing actions that benefit the attacker, and smishing, which are phishing attacks carried out via SMS text messages.
Password attacks are attacks that attempt to guess passwords either by brute force, trying all possible combinations until the code is cracked, or by dictionary, trying different combinations and variations of commonly used words.
Web application exploits are vulnerabilities in web applications that allow attackers to perform malicious actions. Common examples are SQL injection, which allows attackers to control the action performed on a database, and remote code execution, which allows attackers to execute malicious commands on a system.
Denial of service (DoS) attacks are attacks that attempt to make systems or networks inaccessible to legitimate users. These attacks can overload the network infrastructure and make a system unavailable.
MitM (Man-in-the-Middle) attack is a type of cyberattack in which an attacker interposes themselves between two parties who are communicating, intercepting and manipulating the information being exchanged without the parties involved being aware of it.
Changing the subject. Given your personal experience, what can specific training in other subjects bring to your working life?
For me, as a geologist who retrained in IT, having specific training in other subjects, apart from the knowledge I have gained, has allowed me to broaden my spectrum and approach work from other points of view and be able to adapt better to certain work situations. And then, perhaps, having had the opportunity to train in several areas has allowed me not to be lazy when it comes to exploring new branches of IT, because to work in cybersecurity you don’t just need to know about firewalls, for example, you need to know about networks, devices, hardware, programming, operating systems, vulnerabilities, etc.
Who would you nominate for this interview from among the people you work with at Telefónica who you consider to be excellent at their job?
I have met and worked with many excellent people at Telefónica, but I would nominate Pablo Marcos López and Amando Borja Ureña García, who I am sure have a lot to contribute.
