Let's prioritize cybersecurity in digital business

In recent months we have witnessed an increase in cyber attacks, many people have migrated to digital platforms in order to carry out operations and activities that were traditionally carried out in person. Currently, with remote work, electronic commerce, digital financial services, among others, we are exposed to "phishing"[1] and other fraudulent tactics to access personal and / or sensitive information, for this reason it is necessary for companies to strengthen their security controls in order to prevent these potential cyberattacks.

In the current context in which we live, where we prefer to carry out operations through digital means, either because of their immediacy or because they adapt to the new normal as a result of the pandemic caused by the spread of Covid-19, cybersecurity plays an extremely important role. . In this sense, the World Economic Forum considers that this year 2020 will be a key point for the launch of cybersecurity[2], given that the number of Internet users increases daily and digital platforms collect more information about their users.

So what does the concept of cybersecurity comprise? Cybersecurity is the set of internal policies, processes, procedures and resources used by an organization to protect the information it handles by preventing, detecting, responding and recovering from incidents or attacks that may occur in cyberspace.[3].

Cyberattacks typically aim to access, modify, or destroy sensitive information, as well as extort money from users or disrupt normal business processes.[4]. That is why it is necessary to properly manage the risks that surround operations through digital channels, in order to have adequate protocols in place in response to any incident that may arise.

It should be noted that the application of effective cybersecurity measures is especially difficult today due to the fact that the attack modalities are increasingly sophisticated, in addition, the universe of digital channel users is growing by leaps and bounds.

This situation presents a great challenge for most companies, since on the one hand they are undergoing agile digital transformation processes to provide a value offer to their clients and at the same time they must take care of the defense and protection of the information that they entrusted to them. , of potential fraud.

For this reason, it is important to have policies and standards in line with the current reality and that seek to properly manage the risks to which users are exposed. In this sense, companies must have within their schemes of regulatory compliance operational risks related to information security, business continuity and potential cyberattacks that may arise when carrying out operations through digital channels have been mapped.

For the World Economic Forum, with the exponential growth of innovation, new challenges appear in the field of cybersecurity, they are currently working in three areas to reinforce cybersecurity policies in the world, among which are:

  1. International cooperation to attack this front.
  2. The record of opportunities and threats that new technologies present.
  3. The global gap in terms of capabilities to deal with the security challenges that arise[5].

For this, it is important to have good international practices in order to guide local regulations so that an adequate management of the risks that arise in digital spaces can be achieved.

For the financial industry, cybersecurity is essential because both personal and sensitive information of financial users is handled, as well as their money. In that line, The SBS has published the Draft Regulation for the management of information security and cybersecurityAmong his main contributions are:

  • Define what cybersecurity comprises.
  • It establishes different regimes (general, simplified and reinforced) on information security management proportional to the size, nature and complexity of the operations of companies in the financial sector.
  • Any company that has a presence in cyberspace must have a cybersecurity program for incident management.
  • The minimum requirements for the authentication of operations through digital channels are reinforced.
  • Definitions for data processing services (cloud storage) and outsourcing are updated.
  • The duty to report the occurrence of a cybersecurity incident is established.

Denmark, the United States, Sweden and France are among the countries with the highest cyber security standards[6]. In order to reach the level of these countries, it is necessary to consider how many attacks are carried out, the reaction capacity, and the policies and regulations in terms of cybersecurity to prevent and punish information security incidents that arise.

In terms of international standards, there is ISO 27032 on cybersecurity, seeking to preserve the confidentiality, integrity and availability of information in cyberspace, as well as to manage it properly to face potential attacks.

Technology companies like Microsoft are developing tools to manage risks related to cybersecurity[7], since they have determined that it is an aspect in which many companies require support to optimize their levels of protection of the information they store.

In order to reach optimal levels of protection and compliance in cybersecurity, it is necessary to rely on the use of technology. The technological tools that stand out for this work are cloud computing, artificial intelligence and machine learning, since they allow the information handled by companies to be properly cared for and treated. Thus, for example, artificial intelligence makes it possible to predict and identify threats in cyberspace based on the experience of past incidents in order to mitigate the effects that these events had on the company and users. Finally, according to a Webroot report, artificial intelligence is used by approximately 87% of cybersecurity professionals in the United States.[8].

* The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.


[1] Fraudulent tactic that seeks to trick people into sharing their personal and / or confidential information.

[2] For more information see: https://www.weforum.org/agenda/2020/01/what-are-the-cybersecurity-trends-for-2020/

[3] Definition adapted based on the draft Regulation for the management of information security and cybersecurity published by the SBS.

[4] For more information see: https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

[5] For more information see: https://www.weforum.org/platforms/shaping-the-future-of-cybersecurity-and-digital-trust

[6] For more information see: https://forbes.co/2020/03/05/tecnologia/radiografia-estos-son-los-paises-mas-ciberseguros-del-mundo/

[7] For more information see: https://www.microsoft.com/en-us/security/business/cybersecurity

[8] For more information see: https://www.bbvaopenmind.com/tecnologia/inteligencia-artificial/inteligencia-artificial-en-ciberseguridad-retos/

- Advertising Notice-
Alejandra Huachaca
Lawyer from Universidad del Pacífico (UP) and Finance Director at Lawgic Tec. She currently works at EY LAW Peru in the area of ​​Financial Regulation and FinTech. He has studied abroad at the Institut d'études politiques de Paris (Sciences Po). Former member of FORSETI Law Review. Email: alejandra.huachaca@lawgictec.org


1,954Happy fans


*All fields are required
es Spanish