LEVERAGING CONSUMER CYBERSECURITY AWARENESS
vt Cybersecurity has become a primary concern in an increasingly digital world, and of all the potential vulnerabilities for businesses, a lack of awareness among consumers remains the most significant threat.
“As cyberattacks grow more sophisticated, driven by emerging technologies like artificial intelligence, fostering a comprehensive cybersecurity culture among both consumers and organizations has become a crucial priority, says Héctor Méndez Olivares, p resident , CO pA r MEX’s Cybersecurity roundtable at MCS 2024 Echo.
To support this, Méndez highlight the fact that cyberattacks occur every 39 seconds globally, with 95% of breaches caused by human error, a figure expected to contribute to cybercrime costs hitting US$10.5 trillion by 2025.
“If we focus only on the ‘hardware’ and not on the people, we are failing”
Héctor Méndez President Cybersecurity Comission | Coparmex
Among most notable threats, Méndez emphasized that ransomware, phishing through deepfakes, and attacks on Internet of Things (IoT) devices are particularly alarming, as they not only compromise data but also pose risks to physical safety. This risk is especially concerning in critical industries such as healthcare and energy, where breaches can have far-reaching and potentially life-threatening consequences.
But Méndez stresses that the fundamental issue lies in the fact that many consumers are not adequately informed about cybersecurity best practices or the risks they face, creating a significant security gap for companies, with users often being the weakest link in the defense chain.
“Organizations should invest in training and awareness programs that cover critical
aspects such as password management, the use of multi-factor authentication (M fA), software updates, and the use of legal antivirus,” said Méndez on how to address these vulnerabilities. “Implementing password managers and education on configuring secure IoT devices are essential to ensure comprehensive protection.”
Besides internal initiatives, Méndez emphasized that companies must collaborate with government entities and international organizations to promote security standards and best practices. This collective effort not only protects consumers but also strengthens cybersecurity infrastructure on both national and global levels.
However, three significant challenges hinder the realization of this goal. f irst, the task of creating a cybersecurity culture is often met with consumer resistance to change and a lack of motivation to adopt security practices. A prevalent issue is that many users continue to rely on weak passwords, fail to regularly update their devices, and remain unaware of the risks posed by IoT devices.
Another challenge lies in companies’ ability to maintain consumers’ sustained attention and long-term commitment to cybersecurity education programs. “Information must be presented in an accessible and understandable way, tailored to different levels of knowledge and with a focus that motivates users to keep learning,” Méndez noted.
finally, the rapid pace at which cybercriminals adopt new technologies to automate attacks poses a continual challenge to defense strategies. In response, ongoing education must be aligned with emerging cyber threats, requiring regular updates and a dynamic approach to training.
COpArMEX, representing 35,000 companies nationwide, is actively working to support businesses in addressing these challenges. Méndez emphasized the need to focus not
only on technological solutions but on people as the first line of defense. “If we focus only on the ‘hardware’ and not on the people, we are failing,” he cautioned.
Efforts to raise cybersecurity awareness are expected to reduce incidents driven by human error significantly. As consumers become more familiar with best practices and adopt technologies like multi-factor authentication and secure passwords, these vulnerabilities are expected to decline.
“Maintaining a steadfast commitment to cybersecurity education and outreach is essential for both companies and authorities,” Méndez emphasized. “The
future of cybersecurity hinges on enhanced collaboration between the public and private sectors to establish sustainable educational policies and initiatives that foster cyber awareness across all levels of society.”
Méndez concluded by calling for a sustained commitment to cybersecurity education and collaboration between public and private sectors. He also highlighted the lack of comprehensive legal frameworks in Mexico and Latin America to address cybersecurity challenges. “We have been discussing this with lawmakers for three years, but it remains a challenge as politicians may understand the law but often lack technical knowledge,” he said.
BUILDING COHESIVE DIGITAL IDENTITIES ACROSS PLATFORMS
While digital identities and centralized identity management offer powerful tools for addressing the human error factor in cybersecurity, their adoption is hindered by technical, financial, and cultural barriers. To successfully overcome these barriers, organizations need to carefully evaluate their infrastructure and weigh the long-term security benefits against the upfront costs of implementing such solutions, according to industry experts.
In Mexico, the adoption of digital identities remains limited, largely due to legacy, fragmented systems and low interoperability across platforms. “There is a common
pattern where, despite having identity management platforms, organizations are overlooking what is happening with the human and non-human identities within their infrastructure,” says Javier peña, Chief Technology Officer, T-note Global.
This fragmentation restricts enterprises’ ability to integrate with modern identity and access management (IAM) solutions. Implementing a comprehensive identity management system, especially one that supports automation and AI-driven decision-making, can be costly and complex, often requiring significant upfront investment.
“Aligning digital identities with security protocols is not merely a best practice; it is essential for protecting customer trust in today’s interconnected world,” says José Arriaga, CIO, Tokio Marine Mexico.
Another important, yet often overlooked, challenge is resistance from employees and IT staff. In industries where manual processes still dominate, there is frequently a reluctance to adopt new technologies due to the steep learning curve and concerns about disrupting existing workflows. Overcoming this cultural resistance is critical for successful adoption, and it requires strong change management practices and education initiatives to ensure a smooth transition.
“We have a highly diverse technological ecosystem, and we need to understand how to address each employee’s specific needs within the organization” says Mariana Domínguez, Chief Information Security Officer, GBM. “As companies, we must implement authentication mechanisms that are user-friendly while ensuring information protection,” Domínguez added.
The shift toward decentralized digital identity solutions, powered by emerging technologies like blockchain and selfsovereign identity (SSI) systems, presents a promising alternative to the limitations of centralized frameworks. According to Dock, these decentralized approaches empower users with full control over their personal data, enabling them to determine who can access their information and under what conditions, thus significantly enhancing privacy and security.
“Building cohesive digital identities starts with harmonizing diverse data across platforms. This approach is key to ensuring both accuracy and security,” says Juan Hernández, r egional Enterprise Sales Executive, Sentinel One.
These systems leverage advanced encryption technologies and credential verification on interoperable platforms that adhere to
global standards, ensuring a high level of data protection. “Identity is a key that grants access to systems and data, which must be carefully managed,” says Hernández. By adopting integrated platforms that support a unified digital identity across multiple services, businesses can enhance user experiences while safeguarding sensitive information.
To achieve this, a collaborative ecosystem involving both the private and public sectors is essential. Establishing common standards and technologies that foster the interoperability and security of digital identities on a national level will be critical in ensuring wide-scale adoption and trust. “Identity management is not just a technological issue; it must be approached holistically, incorporating processes and people,” peña added.
As the cybersecurity landscape continues to evolve, the urgency to adopt digital identity solutions will intensify, driven by escalating threats of data breaches and increasingly stringent regulatory requirements. Early adopters of these systems will not only gain a competitive edge but also foster greater user trust by ensuring more secure and seamless interactions.
“Cybersecurity is highly dynamic and must continuously adapt to the evolving ecosystem in which companies operate,” says Emilio patricio, CIO and CTO, Up Sí Vale.
According to Dock, the future of digital identities will be defined by greater inclusivity, with a strong emphasis on privacy protection, user autonomy, and the creation of integrated and efficient digital experiences. As Mexico undergoes a digital transformation, the country is well-positioned to become a leader in the adoption of these technologies, setting a benchmark for secure and sustainable digital identity solutions in Latin America.
“new threats are constantly emerging, and we must continuously adapt. It is essential to translate this into effective risk management and team coordination,” Domínguez added.
DEFENSIVE AI VS. OFFENSIVE AI: THE CYBERSECURITY ARMS RACE
The integration of generative artificial intelligence (GenAI) has sparked a complex dialogue within and among organizations about how to balance innovation with cybersecurity. n evertheless, despite prevalent security concerns, the adoption of GenAI tools remains robust, according to recent data from Zscaler.
A staggering 89% of organizations recognize GenAI tools as potential security risks, with 48% viewing these tools primarily as threats rather than opportunities. However, the compelling nature of these tools remains undeniable, with 95% of businesses employing GenAI in some form. Among this group, 57% have fully embraced its use, while 38% are proceeding with caution.
This dichotomy raises critical questions about the future trajectory of GenAI in the workplace. On one hand, organizations are acutely aware of the risks associated with these tools; on the other hand, their willingness to integrate them indicates a complex balancing act between innovation and security, says Sean Cordero, CISO, Zscaler.
One of the pressing security issues surrounding the adoption of GenAI is data ownership. When sensitive information is uploaded to applications, user agreements often stipulate that ownership transfers from the user to the service provider. This shift can create vulnerabilities, especially when proprietary data is involved. A striking example shared by Cordero is Samsung’s decision to ban ChatG p T use among employees after proprietary code was leaked, highlighting the dangers of sharing confidential information on external platforms.
Cordero emphasized, “It is impossible to say we will control data adoption.” His remark underscores the difficulties organizations face in managing how data is utilized and shared by GenAI.
Effective data classification is paramount for the secure use of GenAI. Current findings indicate that only 46% of surveyed organizations are confident that all their data is classified by significance, while 44% have classified at least some of their data. Cordero notes, “We are setting standards not for what exists, but for what is coming.” This forward-looking approach highlights the necessity for proactive data governance and more protocols.
To mitigate security risks associated with GenAI, organizations should implement key strategies. Establishing clear access controls is essential to ensure only authorized personnel can access sensitive data. Additionally, organizations should implement measures to block unauthorized sharing of confidential information and regularly update security policies in response to emerging threats.
Organizations should consider implementing Security Information and Event Management (SIEM) systems to enhance the monitoring of data interactions while ensuring transparency in AI operations. Additionally, the secure management of encryption keys and thorough assessments of data classification
are crucial for compliance. f inally, establishing comprehensive guidelines for content generation will also help maintain data integrity. By adopting these strategies, organizations can strengthen their cybersecurity measures while using GenAI, ensuring a safer environment for sensitive information.
The normalization of data access through AI technologies presents unique opportunities for organizations willing to navigate the associated risks. As reliance on AI increases, the ability to manage and classify data effectively will be pivotal in harnessing the potential of these tools while safeguarding sensitive information.
HARMONIZING VULNERABILITY MANAGEMENT WITH BUSI NESS GOALS
The COVID-19 pandemic set off a digitalization arms race among companies seeking to compete in an emerging digital economy—a transformation that inherently introduced vulnerability risks. four years later, organizations have integrated security technologies that were not adequately aligned with their strategic business objectives or their infrastructure and operational needs. To effectively conduct this risk analysis, industry experts recommend adopting a business-centric approach to vulnerability management.
In many organizations, vulnerability management is viewed as a technical and reactive process focused solely on identifying and correcting flaws in IT systems. However, this approach does not consider the direct impact on the organization’s strategic objectives, such as business continuity, protection of sensitive data, and corporate reputation.
To facilitate what should be an iterative process, Valther Galvan, CISO, pr OSA, suggests using a 30-60-90 day framework
for vulnerability management analysis to help organizations efficiently identify, mitigate, and assess risks, ensuring that security strategies align with business objectives.
Aligning security strategies with business objectives is crucial because vulnerabilities are often not prioritized appropriately based on their impact on business operations. This misalignment can lead to wasted time and resources spent managing risks that do not pose significant threats. The problem is further exacerbated by a lack of internal capabilities, as many companies do not possess the human and technological resources necessary to implement an effective vulnerability management strategy.
“ r ansomware poses significant risks to critical services, disrupting operations, and compromising data integrity. A strong security architecture is vital to safeguarding these essential functions,” said José Antonio Goyri, CISO, Totalplay, highlighting the importance of comprehensive risk assessments.
The integration of vulnerability management into an organization’s business strategy, according the experts, will enable companies to prioritize vulnerabilities based on their potential impact on critical business processes and strategic assets. r ather than addressing vulnerabilities in isolation, organizations should adopt an approach that links them directly to their business strategy. To achieve this, it is recommended that companies implement a comprehensive risk management model that considers
vulnerabilities from both a technical and a business perspective.
According to Abraham Gutiérrez Castillo, Head of the Integral Information Security Division , IMSS, a key factor in effective risk management is developing the ability to anticipate and proactively address vulnerabilities . “The vulnerabilities exist and always will, but we have patterns to efficiently and quickly identify these specifics,” he noted, stressing the importance of articulating the financial implications of failing to address vulnerabilities when communicating with senior leadership.
This model development should consider:
+ A risk assessment that takes into account not only technological aspects but also their impact on the business.
+ Threat prioritization based on the potential impact on key areas such as data protection, business continuity, and reputation.
+ The use of advanced tools, such as automation and artificial intelligence, to continuously scan and monitor systems and proactively detect vulnerabilities.
Technological and Strategic Challenges
One of the most common challenges to realizing this goal is the lack of cybersecurity in both experts and investment in Mexico, which limits the ability of companies to adopt and maintain advanced solutions.
“Cybersecurity investment is not just a budget item—it is a strategic choice to safeguard an organization’s future. The cost of inaction far outweighs the expense of proactive defense,” said Leslie Alonso ferrero, Head of IT Americas, Draexlmaier Group.
Other challenges lie in cultural resistance, especially among SMEs, which makes it difficult to integrate cybersecurity into strategic decisions. In addition, the complexity and high cost of vulnerability management solutions pose obstacles, particularly for
organizations with diversified technology infrastructures.
f or this reason, Goyri emphasized the necessity of clear communication and a comprehensive understanding of risks across all levels of the organization. He stated, “We generate reports in a language that the business understands, highlighting areas where, without implementing security measures, key aspects of the business could be jeopardized.”
To overcome these challenges, according to Manuel Díaz, CISO , Huawei, close collaboration between the technology team and senior management is recommended, along with investment in training and automated cybersecurity solutions. If companies find themselves short-staffed in specialized talent or lack the necessary inhouse resources, outsourcing vulnerability management to specialized cybersecurity vendors may be a viable option.
In the coming years, alignment between vulnerability management and business objectives will become increasingly crucial. As enterprises continue to adopt emerging
technologies such as artificial intelligence, cloud computing, and the Internet of Things (IoT), the attack surface will expand even further. This will require organizations to not only strengthen their security posture but also integrate this function into their overall business strategy.
The cybersecurity insurance market is growing rapidly, driven by escalating cyber threats and increasing awareness of the financial risks involved. Although the industry is still maturing, facing challenges such as risk assessment and policy standardization, it has become an essential risk management tool. To choose the right policy, industry experts recommend to focus on ransomware coverage, compliance, and maintaining a positive front for users to ensure their protection.
In 2024, the global average cost of a data breach reached US$4.88 million—a 10% increase from the previous year—marking the highest total ever recorded, according to new research from IBM and the ponemon Institute. This cost estimate, as detailed in the report’s research methodology, includes both direct and indirect expenses incurred by the organization.
Direct expenses can include ransom payments, forensic experts, outsourced hotline support, and discounts for future products and services. Indirect expenses, on the other hand, include inhouse investigations, customer loss, loss of intellectual property, and disruption of business operations. In light of these potential costs, cyber insurance has grown in popularity among companies seeking to protect their businesses from the financial risks associated with cybersecurity breaches.
“Cyber insurance policies used to be seen as unnecessary and a costly expense, but the pandemic changed that, accelerating their adoption,” says Jesús Consuelos, former CISO, Cinépolis. However, as organizations increasingly recognized the importance of comprehensive risk management in a digital landscape, these policies evolved from being merely “a commercial selling point” to an essential component of a resilient cybersecurity strategy, according to fernando Camacho, CISO, Actinver. This shift highlights the growing acknowledgment of cyber insurance as a vital safeguard against emerging threats.
As cybersecurity threats converge with increased risk management practices by companies, it becomes clear why, “[c]yber insurance remains the fastest-growing subsector of the global insurance market,” according to Manuel Adam, Credit Analyst, S& p. However, despite its rapid evolution, the cybersecurity insurance market is still maturing, as cyber risks intensify globally with uneven adoption rates across various markets and industry sectors. nevertheless, without cyber insurance, companies may be left to shoulder the financial losses on their own, facing the full consequences of a breach.
“ n ow more than ever, we must stay vigilant, aligning organizations with risks and advancing technology. Many times, organizations are not even aware that cyber
insurance exists or haven not considered it as a viable option,” says Erika Cardoso, risk, Cybersecurity & Data protection Associate partner, EY Latin America.
A critical solution to mitigating these risks is the implementation of cybersecurity insurance, which has become an essential component of risk management for modern businesses. Cyber insurance, according to Business Advice, provides broad coverage for a variety of costs associated with cyber incidents, including customer notifications, regulatory fines, and legal expenses arising from attacks such as data breaches.
In this regard, cyber insurance not only covers direct financial costs but also provides additional services such as postincident recovery assistance, security consulting, and preventive audits. These solutions help companies comply with stricter data protection regulations while also strengthening their security systems to prevent future incidents. However, it is important to note that the industry currently faces challenges, including a lack of standardized policies and pricing volatility, which make it difficult for both buyers and insurers to navigate the market.
nevertheless, as the cyber insurance market matures, policies are becoming increasingly customized to the specific needs of each sector and industry. “Today, it is unimaginable not to have cyber insurance. After the COVID-19 pandemic, policies now offer
broader coverage and more specialized protection,” says Alejandro Tinoco, CISO, farmacias San pablo.
In Mexico, for instance, key industries such as finance, retail, and telecommunications are frequent targets of cyberattacks. As a result, cyber insurance policies are being tailored to address the unique risks of these industries, enhancing companies’ ability to recover quickly and minimize the financial and reputational impacts of such attacks.
f or example, in the financial sector, the traditional focus has been on financial risk management, as banks have based their profits on the assessment and calculation of these risks. However, there is now a growing emphasis on managing operational risk, which encompasses threats related to processes, systems, and people, explains Camacho.
Within companies, one of the main obstacles to the efficient implementation of cyber insurance is the lack of preparation in terms of cybersecurity policies. To obtain a cyber insurance policy, companies must demonstrate that they have preventive measures in place, such as firewalls, up-todate antivirus software, and multi-factor authentication protocols. In addition, insurers often require periodic security audits and assessments, which can present an additional challenge for many organizations.
Another challenge is the initial cost of cyber insurance policies, which can be a barrier, especially for small and medium-sized enterprises (SMEs) in Mexico. furthermore, complying with insurers’ requirements—such as regular staff training and implementing advanced security measures—can pose an added burden that companies must manage to maintain the validity of their policy.
With the increase in cyberattacks, businesses will not only be more motivated to adopt cyber insurance. “Having cybersecurity insurance is always beneficial. When a company starts considering it, it reflects a level of maturity. If they are not willing to acquire it, it signals an area where CISOs need
to focus,” says Consuelos. In response to this growing demand, insurers are anticipated t offer more customized and adaptable products. This growth will be further driven by evolving local and international data protection and privacy regulations.
Experts suggest that, in the future, insurance should prioritize preventive measures. “Emphasis must be placed on preventive measures, such as conducting real-time
evaluations,” says Tinoco. “Insurance is not a static product; it is an ongoing process that requires continuous monitoring and followup,” he added.
In the coming years, cyber insurance will become an indispensable tool for strengthening business resilience, helping Mexican companies adapt to emerging cyber threats and comply with international security standards.
LEVERAGING AI TO IDENTIFY MALICIOUS & NEGLIGENT USERS E FFICIENTLY
Insider threats, whether negligent or malicious, constitute a significant and complex risk to organizations. To identify and address this risk, Alfonso Villalba, Data Security Expert, Kriptos, emphasizes the importance for organizations learning “how to catalog suggestive behaviors” in order to proactively prevent data leaks.
Insider threats can be classified into two main categories: negligent users and malicious users. n egligent users are typically wellintentioned employees who unintentionally expose sensitive data due to human error or poor security practices. In contrast, malicious users deliberately seek to compromise organizational data for personal gain or with harmful intent.
“By prioritizing the identification of critical information and fostering a culture of security awareness, organizations can effectively mitigate internal threats”
Alfonso Villalba Co-Founder and COO | Kriptos
must question if it is normal for an employee to be working at 4 a.m.,” Villalba explains.
An essential aspect of mitigating insider threats lies in identifying the sensitive data a company handles. Data protection efforts should not focus solely on safeguarding all information, but rather on strategically pinpointing what is truly critical to the business. “We need to raise awareness among clients about the importance of being strategic and leveraging technologies before implementing data protection measures. It’s crucial to know what specific information needs safeguarding amidst the vast amount of data a company possesses,” explains Villalba.
With organizations often managing an average volume of 10 million documents, of which less than 30% may contain personal information, effective data classification becomes a significant challenge. “Before we can protect information, we must first identify what is critical,” Villalba emphasizes.
To mitigate these risks, it is essential for security leaders to learn how to catalog and recognize unusual behaviors, says Villalba. for instance, why would a marketing employee be accessing sensitive sales data? Or why is there unusual activity during late hours? “Identifying anomalous behaviors is key; we
The statistics are concerning. According to Kriptos, 44% of insider threats are caused by negligent employees, while 8% of employees are willing to exfiltrate corporate data intentionally. furthermore, 59% of employees admit to taking company data when they resign or are terminated, and 55% believe they have access to information they should not see. Insider threats affect more than 34% of businesses globally each year, and
in the last two years, insider attacks have surged by 47%.
The recent implementation of personal data protection regulations across Latin America underscores the necessity for a more rigorous approach to security practices. To ensure compliance and safeguard sensitive information, it is critical for organizations to adopt effective data protection tools. This includes robust monitoring systems, along with alert mechanisms and logging capabilities, that enable the detection and swift response to unusual or suspicious behaviors.
As data continues to grow in volume and complexity, the speed and accuracy of its handling and classification become paramount. Advanced technologies such as machine learning and artificial intelligence can streamline this process, enabling more precise and efficient data categorization.
According to Villalba, the regulatory landscape in Latin America is steadily maturing. Since 2020, there have been significant strides in the implementation of data protection regulations, and by 20252026, regulatory impact audits are expected to begin. This progress, however, contrasts with more established regulatory frameworks in other regions, where such processes are already well underway.
Effective data protection within organizations requires more than just technological solutions—it demands a deep understanding of employee behaviors and the strategic classification of critical information. By proactively identifying and mitigating insider threats, companies can strengthen their defenses and create a more resilient environment in the face of data management risks.
“By prioritizing the identification of critical information and fostering a culture of security awareness, organizations can effectively mitigate internal threats.” Villalba emphasized.
LEVERAGING DEVSECOPS TO UNIFY IT, OT, AND CYBERSECURITY PRACTICES
The convergence of information technology (IT) and operational technology (OT) within smart manufacturing processes—including sectors such as manufacturing, energy, and telecommunications—has introduced complex cybersecurity challenges. In this landscape, DevSecOps has emerged as a vital solution, integrating security into every phase of the software development lifecycle, say industry experts at MCS 2024 Echo.
“It is crucial to integrate IT and OT, two seemingly distinct yet interconnected domains, to mutually strengthen and enhance cybersecurity,” says Lino Avila, Cybersecurity
Associate Director, Seguros Monterrey new York Life.
As cyber threats grow increasingly complex and frequent, traditional security measures in manufacturing often prove inadequate for protecting critical industrial systems. DevSecOps offers a comprehensive solution by integrating development, operations, and security from the outset of software processes, fostering a culture of collaboration and continuous security. This methodology is grounded in several key principles, including security by design (shift-left security), automation, and the
integration of security controls within continuous integration and delivery (CI/ CD) pipelines.
The primary objective is to identify and mitigate vulnerabilities during the early stages of development, rather than addressing them post-deployment, while maintaining a state of constant vigilance through ongoing monitoring. “With DevSecOps integrated from the beginning to tackle vulnerabilities, the number of issues is reduced by 50% compared to traditional approaches,” says felipe García Vivanco, V p of Information Security and CISO, Televisa Univision.
According to UpGuard, the implementation of DevSecOps enables Mexican companies to manage both IT and OT security on a unified platform, facilitating real-time monitoring and protection of systems. This integration optimizes operational efficiency without compromising security, as practices such as automation and continuous monitoring empower organizations to proactively identify and mitigate vulnerabilities, thereby enhancing their overall cybersecurity posture and reducing the likelihood of incidents.
Despite the clear advantages of DevSecOps, its implementation in Mexico encounters several significant challenges. “Working on the DevSecOps component is crucial in cybersecurity. While development may experience some delays, security will make significant strides,” says Enrico Belmonte, CIO, peñaranda.
One of the most pressing issues is the shortage of specialized talent. The country continues to
grapple with a lack of professionals trained in cybersecurity, particularly in the convergence of IT and operational technology (OT) environments. To address this gap, training teams in methodologies such as security-ascode and continuous compliance is crucial for effective implementation.
Moreover, many industrial systems lack the update capabilities and agility typically found in IT systems, complicating the integration of DevSecOps in these environments. “Cultural change is a challenge, and there is a lot of lack of awareness. This is where training solutions for the entire IT department come into play,” says Belmonte.
In addition, more conservative sectors within the industry may resist adopting these innovative methodologies due to concerns about initial implementation costs and potential operational disruptions. As a result, leaders overseeing DevSecOps initiatives must strategically secure the necessary resources, as obtaining financial support from the organization can be challenging for implementing optimal strategies.
“Conducting a controlled hacking exercise is beneficial for determining effective budget allocation and securing necessary resources from the organization,” says Chava Valades, Associate Director - Cyber Security Defense Ops, AstraZeneca.
Another critical challenge lies in regulatory compliance. Organizations must ensure that their security practices align with both local and international regulations, such as the General Data protection regulation (GDpr) and the f ederal Law on p ersonal Data protection. To navigate these complexities, a robust compliance automation strategy is necessary to continuously verify adherence to relevant regulations.
As companies strive to fully optimize smart manufacturing, the adoption of DevSecOps emerges as a critical strategy for unifying information technology (IT), operational technology (OT), and cybersecurity practices.
In the coming years, UpGuard, anticipates that a growing number of organizations— particularly within the industrial and energy sectors—will embrace this approach, driven by the increasing utilization of the Internet of Things (IoT) and the imperative to safeguard critical infrastructure.
“We must adapt to the rapidly changing landscape, as attacks have surged by 300% in just two years. It is crucial to modernize continually in response to emerging threats while ensuring operational stability,” says Jorge p eralta, Director of Information and Communications Technologies , Lotería nacional.