On December 13th, we attended the 1st Government and Resilience Forum in Coruña, organized by ISMS, with Abanca as a collaborator, a brief yet enriching space for cybersecurity professionals.
From Inprosec, our Commercial Director, Roi Fortes, and our KAM in Galicia, Pedro Estévez, traveled to Coruña to witness the interesting cybersecurity presentations.
The event began with Silvia Senabre, Head of the Technological Risk Group of the General Directorate of Supervision of the Bank of Spain, who opened the first lecture emphasizing the new “Digital Operational Resilience Act” (DORA), enacted by the EU. DORA aims to create a risk control over all external providers working with banking, thus ensuring the operational security of financial entities.
In the same vein, Jabier Abad (IT Infrastructure), Cristine Pereira (Business Continuity, Resilience and Crisis Management) and Carlos Pérez (CISO), all from Abanca; described some of the entity’s security mechanisms, risk management, and business continuity.
Vesku Turtia, sales director of Security Scorecard, gave a brief presentation about his company. Security Scorecard, as the name implies, is a SaaS product that ranks a company’s cybersecurity level in relation to others (sector, country, etc.).
Next, we had a very interesting round table in which Iago Crespo (CISO Distribution Naturgy), Jorge Prado (Head of Data Protection and IT Service of SERGAS), and Jonathan Gándara (CISO Votorantim Cimentos) participated. This discussion covered the different approaches to resilience and business continuity in these three distinct entities: the public, energy, and industrial sectors. Special emphasis was placed on the current Achilles’ heel for corporations regarding cybercriminals, which continues to be people.
Finally, Alberto Francoso (head of Analysis of the cybersecurity service of the Cybernetic Coordination Office, under the Ministry of Interior), explained as much as possible, the novelties brought by NIS 2 from Europe. Although not yet finalized, it will bring a substantial obligation to change the data protection and cybersecurity processes of the EU’s business fabric. To date, NIS 1 only mentioned critical sectors in its obligations, but these will extend much further to essential sectors for each of the member countries.
Lastly, an appetizer was held that served as a meeting room among the approximately 40 attendees at the event, which was used to share impressions and ideas about what was witnessed and the potential future of the sector.
