Laia Garcia Padro with Ackcent Cybersecurity

SUMMARY KEYWORDS

webinar announcement, manufacturing market, metal casting, fabrication, cyber security, human component, password management, security education, threat landscape, cyber incidents, security culture, vulnerability auditing, cyber criminals, digital transformation, industrial professionals

00:00

01:12

Welcome to the industrial talk podcast with Scott. Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends, while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go all right once again. Thank

01:30

you very much for joining industrial talk, and thank you for your continued support of a platform that is dedicated to you, industrial professionals all around the world. You are bold, you are brave, you dare greatly, you innovate, you collaborate, you solve problems. That's why you are making the world a better place, and that's why we celebrate you on this podcast. We are broadcasting here in Barcelona, Spain, which is a fantastic town, just FYI. Put that on your bucket list. And we are broadcasting from IoT solutions World Congress. It is a collection of problem solvers. It is a combination of cyber security as well as IoT digital transformation. You name it, it's here. You need to put this on your calendar for next year. In a hot seat we have Laia, Ackcent is the company we're going to be talking cyber security. So put your cyber security hats on. Let's get cracking. I'm tired. Did you have a good evening last night?

02:25

I did.

02:26

Are you from here?

02:27

I'm from here. I'm a local.

02:29

You're a local. So you just went home?

02:30

Yeah, I went home with my family. Hi,

02:33

I'm home, which it was funny. We arrived on Monday. And Barcelona was dead because it was, oh, it was

02:46

a holiday, yeah, we couldn't put

02:49

it together. We're walking around. People don't work

02:50

here. There

02:52

was no cars in the streets, and we were just wandering around with all the others.

02:55

Yeah, all the shops were closed. All

02:57

the shops were closed. And I thought to myself, I'm glad my son and daughter are not here today, because they were just like, what's so great about Barcelona? But it we had a good time last night, and it is it, it doesn't disappoint by any means. No, are you originally from Barcelona? Yes. Oh, we could have had a conversation. I was like, where to go? What do we do? Where do we eat? How do we hang out?

03:22

I can give you a few tips after we're finished. Oh, I bet Yes. Okay,

03:28

all right, before we get into the topic of cyber security and what Ackcent does give us a little background, Laia, on who you are.

03:38

So currently, I'm in charge of securing the human part of cyber security.

03:44

So we're going to talk about that, then the human part. So you want me to go back? No, just keep going. Talking about you,

03:51

talking about me. So I'm a person from Barcelona who's lived abroad, and I've always I have a background in in law, in management and in psychology, but I switch my career into something that's very different, or at least seems totally disconnected from My academic background. It turns out, it's not because, especially the human part of of security has a lot to do with how people understand risks and how they change their behaviors.

04:33

See that, that, to me, is an interesting topic, just because we, we in industry, we in technology, just talks about tech, not technology, but there's that human component associated with with all technology. I don't I think it always gets down to the human component. How long is it accident been around?

04:52

So we're going to be celebrating our 10th anniversary this year, and you've

04:57

been with the company. How long? Eight years? So you were. Pretty much want to, yeah, early, early on, I like it. I like it. So let's talk about that. Let's, let's go down the road of the human. Explain to the listeners what you mean. What do you because let's put it this way, if I want to be, if I'm a manufacturer and I want to be connected. I have my I have my devices. I'm pulling data. It's all connected. A conversation I need to have which I don't really like having is that cyber security side of that conversation I don't like having it. I just want to pull data, and I want to be able to have that. So tell us and explain to us a little bit about that human side.

05:42

But why wouldn't you want to have that conversation by security? Because you don't want to face the fact that you're facing good there

05:48

it is. Yeah, that's the reality of it. It's it's like, just let me, I look at people, and when I'm in an organization, if I'm in a company, and then somebody comes talking to me about cyber security. What that tells me, sometimes, not every time, don't send me any emails on this sometimes, is that now you're trying to get in the way of me and doing my work. And I always have that conversation about, hey, I'm connecting. Look at me connect. I'm connecting. After the fact I don't have it up front, which where it should be. It should be, okay, we're going to connect. But let's have that, you know, protection conversation up front, but I don't do that. Yeah.

06:28

Well, the thing is that if you want to do your job, whatever it is, that your business is about the people who can get in the way of that are cyber criminals, yes, so having that conversation early on is really important, before you have all your structure already built up, because just putting security into the equation afterwards is a lot harder. So whatever it is you do a product that you launch, if you have the security part already baked in. It's a lot easier,

07:05

yeah, but it's so funny, because the human side is always like, I just, oh, I all I have to do is buy that device, a device, and now it's sticking on my asset, and then that asset begins to sort of produce the data. But I don't recognize the fact that that thing's connected, or it's connected, but we're not really

07:21

aware of what risks we're facing. We tend to overestimate certain risks that might not be a big deal, and underestimate other risks, which are the ones that we are actually that we should actually be worried about. And that's why you always have to end up with partnering with people who really know what the latest threats are and how to deal with them. Cyber criminals are evolving their techniques, and threat landscape is changing. The risks might be the same, but the threats keep evolving. I don't know how we're passionate about it. Yeah,

08:05

I look at that and I just know that it is always evolving. Take us through the human side. What are we talking we got the technology. I get it. The technology. Get it, you know? So

08:18

cyber security has three main components, the very technical part of it, which is big, which has evolved a lot, then all these policies, procedures, things that you step by step, processes that you have to go through in order to be secure. But then there's another very powerful element, which is the human side of it, the people who sit in front of computer and make decisions every day, whether they're going to be using this password or this other one, whether they're going to be reusing it across different places, whether they're going to click on an email or download some pirated software, thinking that, ah, no big deal. So that's that's the human part of it, and also the human part also represents this, the people, the specialists who deal with the technology, trying to protect the clients that partner with us. So

09:18

take me through how you approach a client from a human perspective, because I know that that's, again, you got the technology, you said, you got the policies and procedures. And then, of course, that human component, where it's hard, that's, that's sort of the the Wildcat in the whole equation. How do you begin to transform that culture, to understand,

09:40

well first realizing that I'd say 90% of cyber incidents have human component that in some Yeah, some part of the chain of the attack has something to do with the success of that attack. So it can be a very technical attack, but at some point, there will be a person who, most times unknowingly, will make a mistake and help the cyber criminals get in by giving away their password, by, I don't know, leaving some cloud service open and I'm protected. So it's that cute.

10:23

How do you how do you begin to educate? What do you do? What does What does Ackcent do to help facilitate the fact that 90% of of you know

10:32

we should try to, I'd say, take the human out of the equation as much as we can. So whatever we can do to help people not have to be worrying about security all the time. There's a technology that so to give you an example, passwords, they're such a pain, right?

10:52

Oh, passionate

10:55

about passwords, aside from us geeks, right? People, they have these terrible habits of reusing passwords. They they have just a limited memory span. So of

11:10

course, I don't, I don't fall into that position. Yeah, of course, you never

11:13

know passwords. We're gonna have a talk about,

11:18

no, I'm passionate about my passwords. You are,

11:22

which are four characters. So changing those habits is not easy, and I'd say the first step is to be aware of why it is important. If you know that I we could maybe later, check some of the latest data breaches where maybe your email is linked to a password that you've that you're currently reusing everywhere. And that's not hard to find. You don't have to get your hands very dirty in order to find this kind of information. So maybe it's the password you use for, I don't know, maybe some random online shopping or forum that you connected to, but you're also reusing that password somewhere else, right? So making people aware of why we require unique passwords, why it is important for passwords not to be very simple or easy to guess, right? So starting with the why is important, but then enabling or helping people with whatever tools we can give them to make it possible for them. No one can remember 100 different passwords, so we should provide them with maybe a password manager, right, a tool to be able to store all those passwords safely.

12:44

How do you deal with the influx of new people? How do you educate? It's this is an education component. So how do you how do you ensure the continuity of what you've established or what you have trained into your existing resources to new ones. Well,

13:04

you have to go over again, start from the beginning, and slowly build that culture of security. Try to ingrain it within the company, within just make it be part of their values, right to care about security in their jobs. It's part of their response. I wouldn't say security is their responsibility, but being having an intent in educating themselves, of people educating themselves and raising their hand if they have an issue or a concern or they make a mistake, right? So it's the culture in the organization is really important, because organic, there are certain organizations that are very Blamey, right? They like to point fingers the people who make mistakes. Absolutely, that's not where you foster an environment where people feel responsible, saying, I just messed up, right? People will hide under the table and then being able to know that there's an issue, possible incident early on, just has a dramatical difference in the impact being able to deal with that incident early on, because when, when we get infected our device, let's say your computer here now, gets infected, an attacker won't have control of the whole environment in in like two seconds, right? First they'll they'll establish what information you have in there, what accesses you have. They'll try to pivot. They'll try to escalate their privileges until they have enough knowledge and need enough power to be able to maybe delete those backups that you have somewhere that to to. Turn off certain security features that you might have to get in the way of them doing their job, which is extorting you, encrypting your information or exfiltrating it. So understanding that is also important. So

15:14

let's say it doesn't happen under accident, but let's say somebody does have a company that does have a breach. You put in place all the education, but it just happens. What does Ackcent do with that knowledge? Is there a community? It's like, Hey, here's a new threat, here's a here's a new way of being able to penetrate a network, whatever, and then what that's learning on your part? What do we do with that? Well,

15:47

there's a part of educating people, but Ackcent services go far beyond what my role is, which is this more human side of it? So we have teams dedicated to auditing your environment to see if there are any vulnerabilities that you can fix so playing the role of the bad guy, then we have a team, which is the blue team, dedicated to monitoring your environment to see if there are any indicators of people or attackers messing with your environment, and then if any alarms go off, they'll go and check and see if it's a false positive or not, or if they have to go in and maybe disable certain software that's running.

16:36

Is it because there are cyber companies, they're here. Don't get me wrong. Is there a collegial type of understanding that you're trying to help other companies too, saying, Hey, we have a we've identified a new threat. We think you need to be aware of it. It might be a competitive advantage, but that doesn't really serve the masses, in a sense, if there's something new out there, do you? Do you find that you worked with other organizations to say, hey, there's a new thread?

17:07

Yes, that we do? You mean, in our within our industry, yes, yeah, we try to collaborate. The bad guys collaborate more among themselves. If we look at how the the cyber criminal industry has developed and evolved in the last few years. It's incredible. We should not think of the guy, the hacker with the goodie with kids boxes piled up around in a dark basement. That's not it anymore. These are people who have a job, like, right, like we do, and they, they have their incentives, and they, they specialize. So the way the ecosystem has evolved, everyone is specializing in the whatever part of the attack they're better at. And so the barrier, the entry barrier has lowered a lot. So there's people just coding that malicious code that's there's people who are good at getting access at your environment, so they'll sell that access. And then there's all these affiliates that buy the code. And then these big ransomware gangs, for example, they they give you all the infrastructure you might need to extort your your victims. So you'll have these chat services where you can negotiate. You have these services to pay

18:36

against that. That's distance. Well, you gain, yeah,

18:39

well, you got to be ready. You got to be ready. So I understand it's an uncomfortable conversation, but you have to have it. You don't want to give into the bad guys.

18:49

I just want to, like I said, I just want to curl up in the corner, and then I want to be air gapped everywhere, you know, but then that I can't

18:57

there's, so I'd say there's just doing a little bit more than the rest, we are already better off, you know, just doing the, the hygienic, foundational stuff, which is probably not the sexiest one, right, just doing the the 10 things, You know, having backups, having them properly tested and stored, updating your systems, having having an alert system that will just like

19:32

just sort of, what you're saying is there's a at least a baseline of just saying, Hey, if you do this, your Your your percentages, sort of of an attack of a penetration of a problem is decreased dramatically, you know, then there's that point where you could go overboard. And it's like, is there really any, you know, benefit associated with that when I'm just already here, and it's pretty sound,

19:56

the thing is, it's just like with protect. Your home, yeah, you got to be ready to try to avoid anyone from getting in. But also, because you want to still have windows, which, of course, are more vulnerable than all, yeah, and because you want to be you know, you have to have capacities to be able to detect maybe an alarm if someone comes in and then be able to respond, because the alarm goes off and nothing happens. Yeah, you know, so it's not a matter of if this happens, but if you're ready for when it happens. And I'm not trying to scare you, I'm not,

20:37

why are you making me no

20:40

day miserable.

20:41

I think the reality is, is that you have to have this conversation. You just have to have a conversation. What is the right handed hurt? Just be ready. And then, you know, what is also important is finding those trusted individuals to be helped, to help you along on that journey. Is pretty important. How do people get a hold

21:01

of you Laia? So our website is Ackcent, A, C, K, C, E, N t.com, or are you out on LinkedIn also?

21:14

Yeah, you're good out there on LinkedIn.

21:15

Yeah, I'm not very active because I'm busy.

21:20

I'm still gonna put your LinkedIn link out there. All right. Listeners, yeah, her name is life, and she's amazing. You're gonna have to have this conversation around cybersecurity, whether you like it or not, if you want to be digitally connected, you're gonna have to have that conversation. And it is a major human, human component. Just, just do it. Please do it. We want you to succeed. We don't want you to get injured in any way. All right, we're going to wrap it up on the other side. Stay tuned. We will be right back. You're

21:50

listening to the industrial talk Podcast Network.

21:59

All right. Great conversation once again, from IoT Solutions, World Congress, as well as Barcelona cyber security Congress. They were both held at the same location. That was like Garcia Pedro. The company is called Ackcent. That's A, C, K, C, E, N T, cyber security. You can tell there's a human component associated with all cyber security. You want to be connected. Definitely need to address the human component, without a doubt. All right, we're building the platform. As I always say, industrial talk is here for you, industrial professionals. You have a podcast, put it out on industrial talk. We want you to get as much traction as you possibly can, because your story needs to be told. If you have technology, put it out on industrial talk, all you have to do is go out to industrial talk.com. Click the little connect with and you'll be talking to me. So let's figure that out. All right, people, be brave. There greatly. Hang out with Maya, and then you're going to change the world. We're going to have another great conversation shortly. So stay tuned.