In this talk, the experts explained how to manage risks, comply with legal regulations, and train professionals to meet the challenges of the digital future.
The Importance of Cybersecurity
In today's environment, companies must take a strong stance on cybersecurity due to the increasing complexity and frequency of cyberattacks.
Cybersecurity is no longer optional; it is crucial to business continuity.
The average company faces between 400 and 500 automated attacks each month, in addition to between 30 and 50 attacks specifically aimed at compromising its systems.
These figures underscore the gravity of the current situation, in which failing to take cybersecurity seriously can jeopardize business continuity. Cyberattacks are no longer sporadic; they are constant and targeted, forcing organizations to implement robust security policies to prevent irreparable financial and reputational losses.
Shortage of professionals
During the conference, Roberto Ambrosoni and Ethel Kornecki highlighted the shortage of trained cybersecurity professionals, both locally and globally. They noted that this shortage of experts is not unique to Uruguay, but rather a problem that affects the entire world.
Organizations need not only professionals who can identify and mitigate risks, but also those who are capable of managing cybersecurity in a comprehensive manner and contributing to the company’s strategic decisions.
Organizations are desperate to hire professionals with the right training, as cybersecurity expertise has become essential to protecting businesses from constant cyber threats.
Kornecki added, “Training is key to ensuring that future specialists can handle complex incidents, and the job market is open to those who choose to specialize in this field, with great opportunities both locally and internationally.”
In addition, both agreed that training should go beyond mere awareness-raising, focusing instead on educating professionals so they can take on key roles in information security governance within their organizations.
To develop a solid strategy, organizations must start with a risk analysis.
This analysis should include an assessment of the maturity of your cybersecurity infrastructure and the identification of the critical assets you need to protect.
During the conference, it was noted that risk assessment is a crucial step in establishing a strong cybersecurity posture. It was emphasized that organizations should begin with a gap analysis to determine their current cybersecurity posture.
This assessment helps identify critical assets that require protection and establish a framework, such as the National Institute of Standards and Technology (NIST) standards or those used by the Uruguayan government.
From there, it is necessary to assess the organization’s level of maturity in terms of security—whether it has implemented partial or robust measures, or is in the process of adapting.
In addition, it was noted that this evaluation process must be accompanied by clear policies, documentation, and management tools that enable the monitoring and prevention of incidents.
In this way, appropriate controls and continuous improvement processes can be implemented to mitigate risks and ensure business continuity.
Documentation and Policies
Creating security policies is essential, but they must have the support of senior management and not simply remain as documents that are never implemented.
Policies must be put into practice and become an integral part of business processes.
The Impact of Cybersecurity on Business
Organizations that do not take cybersecurity seriously risk suffering significant financial losses or even going out of business.
Security incidents can damage a company’s reputation and result in significant fines, especially in regulated environments such as the European Union, where the General Data Protection Regulation (GDPR) applies.
Specialized training
At the conference, there was extensive discussion of the Specialization Diploma in Cybersecurity offered by Universidad ORT Uruguay. Ethel Kornecki explained that this program is designed to train professionals who “can identify, assess, and mitigate cybersecurity risks in an increasingly challenging environment.”
The certificate program provides a comprehensive overview of cybersecurity, covering technical, organizational, legal, and ethical aspects.
Notable topics include:
- Information Security Governance and Management: How to Establish Robust Policies and Participate in Strategic Business Decision-Making.
- Cryptography: Best practices and algorithms for protecting information.
- Infrastructure and ICT Security: How to Strengthen an Organization’s Technology Architecture.
- Security in application development: Apply security principles from the earliest stages of development.
- Incident management: Security operations, monitoring, and response to attacks using tools such as CERT and SOC.
In addition, it was emphasized that the program aims to prepare professionals to take on key roles, such as that of CISO (Chief Information Security Officer), enabling them to interact on an equal footing with other executives within the organization.
<iframe width="560" height="315" src="https://www.youtube.com/embed/XyvXKJGkHtI?si=zYaLSoLhhboEix5M" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>