Partner Spotlight: Abacode

All postsarrow
Partner Spotlight: Abacode

This post is part of our Partner Spotlight Series, where we let our partners describe their companies, backgrounds, and experience with LogicGate. This month Jason Gutierrez-Pinho, Market Development Manager and Cybersecurity Consultant for Abacode, sits down with us to answer some of our questions.

LOGICGATE: Can you provide an overview of your company and how you work with your clients?

JASON: Abacode is an industry-recognized Managed Security Service Provider (MSSP) experienced in providing holistic cybersecurity and compliance services to customers throughout the Americas, Europe, and the United Kingdom. With current clients in over 10 countries, our visibility into global threats adds incredible insight and value to our customers.

What sets you apart from other companies in your field?

We address company risk from a business strategy perspective first and cyber-technology perspective second. Our methodology ensures technical and non-technical leadership are able to make unbiased strategic decisions that positively impact the entire organization. Our team regularly speaks at national and international cybersecurity, business, and compliance conferences and has been recognized as one of the fastest growing MSSPs by empowering companies to have a Cyber Capability Maturity Model (CCMM) and consolidate all cyber-risk and regulatory compliance initiatives under one roof.

How do you see client needs evolving over the next year? Next 3 years?

The biggest evolution we see is that privacy and security laws are spreading worldwide, changing organizations from wanting to be secure (or not) to having to be secure. Pretty soon, cybersecurity will not be optional for anyone. In the past few years small and mid-size companies also seemed to have the impression that these regulations came with empty threats or that only the Facebooks and Googles of the world would get hit with substantial fines. This has not been the case. TikTok was fined $5,000,000 by the FTC in the U.S. for privacy violations (March 2019), a hospital in Colorado got fined $111,000 (Dec. 2018) for a HIPAA violation, a hospital in Portugal got fined $450,000 (Dec. 2018) for a GDPR violation, and a Taxi Company in Denmark got fined $180,000 (March 2019) for a GDPR violation, just to name a few.

What trends have you noticed in the IT Risk or Cyber Security industry in the last few years?

Cybersecurity attacks have risen drastically, and will continue to do so.

  1. Spear-phishing attacks (targeted social engineering attacks) have grown immensely, so it is crucial that employees are going through cybersecurity awareness training. They should also have their knowledge—and ability to put it into practice—tested regularly by dummy phishing campaigns.
  2. Shadow IT is out-of-control, and IT perimeters are becoming less and less clear. Organizations need to account for all devices that connect to their networks. That includes IoT devices which might be vulnerable to an attack, such as an office’s smart thermostat.
  3. They’re not just after your data. The convergence of cyber attacks with physical activities has become increasingly problematic. Last year, the Port of Barcelona and the Port of San Diego were hit with cyberattacks, and a drone managed to take down operations at Gatwick Airport for two days. Many cybercrime forums contain dedicated threads related to physical crime, including the sale of devices that can intercept signals and open door locks for a dozen major car manufacturers. A holistic approach to security is important for everyone.

What is the greatest pitfall you see people face when tackling Cyber Security processes?

Budgeting. This stems from two issues. First, for the past 30 years or so, cybersecurity has been an extra weight thrown on top of the IT teams in organizations. That might have been relatively acceptable in the far past, but there are simply too many cogs in the cybersecurity machine for IT to juggle on top of their already-demanding jobs. Whereas IT serves as an organization’s central nervous system, ensuring everything is connected and functioning properly, cybersecurity is the immune system, ready to engage harmful actors. They’re simply different skill sets. Second, people seem to look at cybersecurity as an afterthought. Organizations will budget for every other need, and whatever is left they’ll put towards cybersecurity. However, cybersecurity is a core necessity and fairly expensive, especially due to the world-wide shortage in knowledgable resources.

What is the best advice you would give someone who is charged with leading a new InfoSec program or IT process deployment?

Don’t try to start a privacy and cybersecurity compliance program with half measures. We hear it all the time: the organization just wants the cheapest thing they can do to check the box and pass the audit. We strongly advise against this approach. You might barely be able to pass a normal audit, but good luck in court if you have a breach and an in-depth investigation demonstrates cursory attempts to achieve compliance. Be thorough; your CFO will thank you later.

In your opinion, where should someone start when creating an InfoSec program?

Policy (and procedures) is the backbone of any InfoSec program. You need a framework to be able to build out your program, whether it’s NIST, ISO, PCI-DSS, etc. Find a framework that suits your organization and start from there. Then you’ll know what you need to budget for in order to comply.

In your experience, how have your clients fostered executive awareness or support for investment in their program (for services or technology investment)? Do you think this is always necessary?

The sad truth is that most of the time it’s reactive. Unless there’s a regulation or a need to comply for a certification in order to win business with larger clients, the reason we get a phone call is because something went wrong. Companies with Intellectual Property (IP) might be a bit more inclined to have their environments secure, but even on that end we see a lack of support. That said, one of the best ways clients can foster executive support is by letting them know they can use their cybersecurity implementation efforts as a differentiator against their competition.

Why did you select LogicGate as a trusted partner?

Abacode’s core services are heavily incorporated into compliance frameworks such as HIPAA, FEDRAMP, PCI DSS, NIST, GDPR, SOC 2, and ISO 27001/2. When helping customers through the implementation process, keeping track of all the controls and their relative artifacts and documentation can be troublesome. LogicGate allows Abacode to provide continuous compliance and security control effectiveness tracking for organizations before, during, and after assessments. This supports management through clear oversight of all compliance efforts in real time, not just during an assessment.

arrowAll posts

Related Posts

View all postsarrow