2023-09-20 00:14:23
The first thing a cybersecurity expert recognizes is that no one is completely safe from the expertise of a hacker. We can never rule out being victims of a computer attack. But resignation is not worth it. You have to try to make it difficult for them. Otherwise, we could even be sanctioned by the Spanish Data Protection Agency, if it considers that we have been negligent when processing third-party information. «And it’s no joke. The fine can reach 2% of the company’s annual turnover if we are talking about a serious infraction or go up to 4% if it is very serious,” recalls Nekane Estalayo, Director of Operations and Strategy at Sagenso, a Polish startup dedicated to cybersecurity that next month participates in B-Venture and is currently finalizing the opening of its first office in Spain in Bilbao.
«We did not want to set up just a commercial office and thanks to the invitation of the Basque CyberSecurity Center to learn about the Basque business network, we verified that there are many companies that fit the profile with which we usually work: medium-sized firms that already have their own IT department but need external support because they have not been able to incorporate a cybersecurity expert, since it is a professional profile that is difficult to find,” explains Estalayo, who also highlights another “very important” point: “We saw a high level of awareness.”
Stop production
Sagenso
«In Poland it is not like that. It’s now when they start to have it. Here, on the other hand, companies are very aware that a cyber attack forces them to isolate the affected equipment and that, in a completely digitalized industrial environment, can mean paralyzing production, so they look for solutions that, to the extent possible, guarantee them the continuity of its activity without requiring great knowledge on the part of that technical team.
With that premise, the two services that Sagenso currently offers were born. On the one hand, it offers companies the possibility of carrying out a self-assessment that measures their level of protection against a possible attack. “It was born from an Excel with which we ourselves assessed what each client was going to need, but it was so successful that they asked us to do their own controls,” laughs Estalayo. Today, in its commercial version, the survey is based on the ISO 27001 standard and the COBIT standard, established internationally to audit information security and systems control. But, despite so much technicality, it only requires a few minutes of attention from the technical service – and even less in its version for managers – to give us a note and immediately determine if we are making it too easy for hackers.
With these results in hand, it is possible to look for solutions that automate the detection and correction of cyber threats. For this, they developed their second product, a ‘software’ that, once installed, continuously analyzes both the company’s computer equipment and the processes that are started with them to alert of any possible risk. «From an email that enters or leaves to any type of action carried out both in the work environment itself and by an employee who works remotely. It’s like working under a layer of security. It requires very basic monitoring by the company’s IT service, which is also the only one that receives these alarms and, if necessary, can request our assistance at any time. The rest of the workers do not see their work interrupted by any type of message or notice, although periodically the management team receives a report that explains what threats have been detected,” highlights Estalayo.
Internal audit
Companies have the possibility of rating their security level with a technical survey
Insurance contracting
In addition, the firm offers an advisory service in contracting insurance against cyber attacks. «Normally we work with local insurers, which in the case of Spain we are still looking for. “It’s about helping SMEs to take out a policy that really fits their needs and, on the other hand, helping them meet the requirements that this insurance will require to compensate them in the event that there is finally an incident,” he summarizes. he. Precisely the search for insurers is one of the reasons why Sagenso goes to B-Venture next month, where it also does not rule out finding financing to close the two million round that it currently has open with tickets of half a million.
The firm, which last year invoiced 150,000 euros and this year expects to reach 250,000, will allocate financing to the development of Artificial Intelligence capable of predicting cyberattacks, continuing with its international expansion (Spain will be followed by Latin America) and continuing to increase its technical team. B-Venture, the startup event organized by EL CORREO, will celebrate its eighth edition on October 17 and 18 with the sponsorship of the Department of Economic Development, Sustainability and Environment of the Basque Government, the development agency SPRI, the Provincial Council of Bizkaia and the Bilbao City Council, as well as with the collaboration of BStartup of Banco Sabadell, BBVA Spark, BBK, Laboral Kutxa, CaixaBank and the University of Deusto.
At Toyota dealerships
In principle, Sagenso orients its services to medium-sized companies, although there are always exceptions. One of them in its case, and it could be an example that can be extrapolated to companies with small production centers far from the headquarters, is Toyota, which has the firm to cover the cybersecurity of its dealer network in Poland, the Czech Republic, Slovakia and Hungary. «He is very demanding in everything, also with his franchises. Therefore, in addition to constantly monitoring that they comply with the legislation of the European Union, where they operate, it also imposes a series of its own regulations and others established by Japanese legislation,” explains Nekane Estalayo.
#difficult #hackers