Artwork for podcast The Industrial Talk Podcast Network
Laia Garcia Padro with Ackcent Cybersecurity
15th November 2024 • The Industrial Talk Podcast Network • The Industrial Talk Podcast with Scott MacKenzie
00:00:00 00:23:06

Share Episode

Shownotes

Industrial Talk is onsite at IoT Solutions World Congress and talking to Laia Garcia Padro, Security Awareness Manager at Ackcent Cybersecurity about "The human solution to cybersecurity".
Scott MacKenzie announces a webinar on adapting to new China tariffs in manufacturing, featuring Eric Millinger and Jorge Filio. The podcast, hosted by Scott, features Laia Garcia Padro with Ackcent discussing cybersecurity, emphasizing the human element in security. Laia, from Barcelona, explains that 90% of cyber incidents involve human error, advocating for early security integration and continuous education. She highlights the importance of unique passwords, password managers, and a security-conscious culture within organizations. Laia also mentions Ackcent's services, including auditing, monitoring, and response teams, and stresses the need for readiness against evolving cyber threats.

Action Items

  • [ ] Promote the webinar and encourage attendance.
  • [ ] Provide tips on things to do and places to go in Barcelona.
  • [ ] Connect with Laia Garcia Padro on LinkedIn to learn more about the human aspect of cyber security.

Outline

Webinar Announcement and Introduction

  • Scott MacKenzie announces a webinar titled "Post Election Manufacturing Adapting to New China Tariffs in 2025" featuring Eric Millinger and Jorge Filio.
  • The webinar will focus on metal casting and fabrication, scheduled for Wednesday, November 20, from 12 to 1 PM Eastern Standard Time.
  • Scott emphasizes the importance of educating, collaborating, and innovating within the manufacturing market.
  • The webinar will be available on demand for those who cannot attend live, highlighting the support from Redstone Manufacturing.

Introduction to Industrial Talk Podcast

  • Speaker 2 introduces Scott MacKenzie as a passionate industry professional dedicated to sharing innovations and trends in manufacturing.
  • Scott thanks the listeners for their support and celebrates industrial professionals for their boldness, bravery, and problem-solving skills.
  • The podcast is broadcasting from IoT Solutions World Congress in Barcelona, Spain, focusing on cybersecurity.
  • Scott introduces Laia Garcia Padro with Ackcent, the guest for the episode, and mentions her local connection to Barcelona.

Laia Ackcent's Background and Role

  • Laia shares her background, including her education in law, management, and psychology, and her career shift into cybersecurity.
  • She explains her current role in securing the human part of cybersecurity, emphasizing the importance of understanding risks and changing behaviors.
  • Scott and Laia discuss the human component in technology and its significance in the manufacturing industry.
  • Laia mentions that her company, Ackcent, is celebrating its 10th anniversary and she has been with the company for eight years.

The Human Component in Cybersecurity

  • Scott and Laia discuss the reluctance of manufacturers to address cybersecurity concerns, focusing on the human aspect.
  • Laia explains that early integration of security measures is crucial to avoid complications later on.
  • They talk about the common misconception that cybersecurity is an obstacle rather than a necessary precaution.
  • Laia highlights the importance of being aware of the risks and partnering with experts to stay updated on evolving threats.

Educating and Training Employees

  • Laia emphasizes the need for continuous education and awareness among employees to prevent cybersecurity incidents.
  • She discusses the challenges of changing habits, such as reusing passwords, and the importance of using tools like password managers.
  • Scott and Laia talk about the role of new hires in maintaining security culture and the importance of starting from the basics.
  • Laia stresses the importance of creating a culture where employees feel responsible and comfortable reporting security issues.

Handling Cybersecurity Incidents

  • Laia explains Ackcent's approach to handling cybersecurity incidents, including auditing environments for vulnerabilities and monitoring for threats.
  • She describes the role of the blue team in responding to alarms and addressing potential threats.
  • Scott and Laia discuss the importance of collaboration within the cybersecurity industry to share knowledge and address new threats.
  • Laia highlights the evolving nature of cybercrime and the need for organizations to stay vigilant and prepared.

The Role of Trusted Individuals in Cybersecurity

  • Scott and Laia discuss the importance of finding trusted individuals to help with cybersecurity efforts.
  • Laia mentions that Ackcent provides various services beyond her role, including auditing and monitoring.
  • They talk about the importance of having a baseline of security measures to reduce the risk of cyberattacks.
  • Laia emphasizes the need for organizations to be ready for when, not if, a cybersecurity incident occurs.

Conclusion and Contact Information

  • Scott wraps up the conversation by emphasizing the importance of having cybersecurity conversations and addressing the human component.
  • Laia provides her contact information and encourages listeners to reach out for more information.
  • Scott thanks Laia for her insights and encourages listeners to stay connected and informed about cybersecurity.
  • The podcast concludes with a reminder to be brave and innovative in addressing cybersecurity challenges.
Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2023. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

LAIA GARCIA PADRO'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/laia-garcia-padró-870790158/ Company LinkedIn: https://www.linkedin.com/company/ackcent/ Company Website: https://ackcent.com/

PODCAST VIDEO:

https://youtu.be/1WVG7gUJ3Xc

THE STRATEGIC REASON "WHY YOU NEED TO PODCAST":

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us Hexagon: https://hexagon.com/ Arduino: https://www.arduino.cc/ Fictiv: https://www.fictiv.com/ Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/ Industrial Academy: https://industrialtalk.com/industrial-academy/ Industrial Dojo: https://industrialtalk.com/industrial_dojo/ We the 15: https://www.wethe15.org/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/ Active Campaign: Active Campaign Link Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES...The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

Transcripts

SUMMARY KEYWORDS

webinar announcement, manufacturing market, metal casting, fabrication, cyber security, human component, password management, security education, threat landscape, cyber incidents, security culture, vulnerability auditing, cyber criminals, digital transformation, industrial professionals

00:00

pting to new China tariffs in:

01:12

Welcome to the industrial talk podcast with Scott. Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends, while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go all right once again. Thank

01:30

you very much for joining industrial talk, and thank you for your continued support of a platform that is dedicated to you, industrial professionals all around the world. You are bold, you are brave, you dare greatly, you innovate, you collaborate, you solve problems. That's why you are making the world a better place, and that's why we celebrate you on this podcast. We are broadcasting here in Barcelona, Spain, which is a fantastic town, just FYI. Put that on your bucket list. And we are broadcasting from IoT solutions World Congress. It is a collection of problem solvers. It is a combination of cyber security as well as IoT digital transformation. You name it, it's here. You need to put this on your calendar for next year. In a hot seat we have Laia, Ackcent is the company we're going to be talking cyber security. So put your cyber security hats on. Let's get cracking. I'm tired. Did you have a good evening last night?

02:25

I did.

02:26

Are you from here?

02:27

I'm from here. I'm a local.

02:29

You're a local. So you just went home?

02:30

Yeah, I went home with my family. Hi,

02:33

I'm home, which it was funny. We arrived on Monday. And Barcelona was dead because it was, oh, it was

02:46

a holiday, yeah, we couldn't put

02:49

it together. We're walking around. People don't work

02:50

here. There

02:52

was no cars in the streets, and we were just wandering around with all the others.

02:55

Yeah, all the shops were closed. All

02:57

the shops were closed. And I thought to myself, I'm glad my son and daughter are not here today, because they were just like, what's so great about Barcelona? But it we had a good time last night, and it is it, it doesn't disappoint by any means. No, are you originally from Barcelona? Yes. Oh, we could have had a conversation. I was like, where to go? What do we do? Where do we eat? How do we hang out?

03:22

I can give you a few tips after we're finished. Oh, I bet Yes. Okay,

03:28

all right, before we get into the topic of cyber security and what Ackcent does give us a little background, Laia, on who you are.

03:38

So currently, I'm in charge of securing the human part of cyber security.

03:44

So we're going to talk about that, then the human part. So you want me to go back? No, just keep going. Talking about you,

03:51

talking about me. So I'm a person from Barcelona who's lived abroad, and I've always I have a background in in law, in management and in psychology, but I switch my career into something that's very different, or at least seems totally disconnected from My academic background. It turns out, it's not because, especially the human part of of security has a lot to do with how people understand risks and how they change their behaviors.

04:33

See that, that, to me, is an interesting topic, just because we, we in industry, we in technology, just talks about tech, not technology, but there's that human component associated with with all technology. I don't I think it always gets down to the human component. How long is it accident been around?

04:52

So we're going to be celebrating our 10th anniversary this year, and you've

04:57

been with the company. How long? Eight years? So you were. Pretty much want to, yeah, early, early on, I like it. I like it. So let's talk about that. Let's, let's go down the road of the human. Explain to the listeners what you mean. What do you because let's put it this way, if I want to be, if I'm a manufacturer and I want to be connected. I have my I have my devices. I'm pulling data. It's all connected. A conversation I need to have which I don't really like having is that cyber security side of that conversation I don't like having it. I just want to pull data, and I want to be able to have that. So tell us and explain to us a little bit about that human side.

05:42

But why wouldn't you want to have that conversation by security? Because you don't want to face the fact that you're facing good there

05:48

it is. Yeah, that's the reality of it. It's it's like, just let me, I look at people, and when I'm in an organization, if I'm in a company, and then somebody comes talking to me about cyber security. What that tells me, sometimes, not every time, don't send me any emails on this sometimes, is that now you're trying to get in the way of me and doing my work. And I always have that conversation about, hey, I'm connecting. Look at me connect. I'm connecting. After the fact I don't have it up front, which where it should be. It should be, okay, we're going to connect. But let's have that, you know, protection conversation up front, but I don't do that. Yeah.

06:28

Well, the thing is that if you want to do your job, whatever it is, that your business is about the people who can get in the way of that are cyber criminals, yes, so having that conversation early on is really important, before you have all your structure already built up, because just putting security into the equation afterwards is a lot harder. So whatever it is you do a product that you launch, if you have the security part already baked in. It's a lot easier,

07:05

yeah, but it's so funny, because the human side is always like, I just, oh, I all I have to do is buy that device, a device, and now it's sticking on my asset, and then that asset begins to sort of produce the data. But I don't recognize the fact that that thing's connected, or it's connected, but we're not really

07:21

aware of what risks we're facing. We tend to overestimate certain risks that might not be a big deal, and underestimate other risks, which are the ones that we are actually that we should actually be worried about. And that's why you always have to end up with partnering with people who really know what the latest threats are and how to deal with them. Cyber criminals are evolving their techniques, and threat landscape is changing. The risks might be the same, but the threats keep evolving. I don't know how we're passionate about it. Yeah,

08:05

I look at that and I just know that it is always evolving. Take us through the human side. What are we talking we got the technology. I get it. The technology. Get it, you know? So

08:18

cyber security has three main components, the very technical part of it, which is big, which has evolved a lot, then all these policies, procedures, things that you step by step, processes that you have to go through in order to be secure. But then there's another very powerful element, which is the human side of it, the people who sit in front of computer and make decisions every day, whether they're going to be using this password or this other one, whether they're going to be reusing it across different places, whether they're going to click on an email or download some pirated software, thinking that, ah, no big deal. So that's that's the human part of it, and also the human part also represents this, the people, the specialists who deal with the technology, trying to protect the clients that partner with us. So

09:18

take me through how you approach a client from a human perspective, because I know that that's, again, you got the technology, you said, you got the policies and procedures. And then, of course, that human component, where it's hard, that's, that's sort of the the Wildcat in the whole equation. How do you begin to transform that culture, to understand,

09:40

well first realizing that I'd say 90% of cyber incidents have human component that in some Yeah, some part of the chain of the attack has something to do with the success of that attack. So it can be a very technical attack, but at some point, there will be a person who, most times unknowingly, will make a mistake and help the cyber criminals get in by giving away their password, by, I don't know, leaving some cloud service open and I'm protected. So it's that cute.

10:23

How do you how do you begin to educate? What do you do? What does What does Ackcent do to help facilitate the fact that 90% of of you know

10:32

we should try to, I'd say, take the human out of the equation as much as we can. So whatever we can do to help people not have to be worrying about security all the time. There's a technology that so to give you an example, passwords, they're such a pain, right?

10:52

Oh, passionate

10:55

about passwords, aside from us geeks, right? People, they have these terrible habits of reusing passwords. They they have just a limited memory span. So of

11:10

course, I don't, I don't fall into that position. Yeah, of course, you never

11:13

know passwords. We're gonna have a talk about,

11:18

no, I'm passionate about my passwords. You are,

11:22

which are four characters. So changing those habits is not easy, and I'd say the first step is to be aware of why it is important. If you know that I we could maybe later, check some of the latest data breaches where maybe your email is linked to a password that you've that you're currently reusing everywhere. And that's not hard to find. You don't have to get your hands very dirty in order to find this kind of information. So maybe it's the password you use for, I don't know, maybe some random online shopping or forum that you connected to, but you're also reusing that password somewhere else, right? So making people aware of why we require unique passwords, why it is important for passwords not to be very simple or easy to guess, right? So starting with the why is important, but then enabling or helping people with whatever tools we can give them to make it possible for them. No one can remember 100 different passwords, so we should provide them with maybe a password manager, right, a tool to be able to store all those passwords safely.

12:44

How do you deal with the influx of new people? How do you educate? It's this is an education component. So how do you how do you ensure the continuity of what you've established or what you have trained into your existing resources to new ones. Well,

13:04

you have to go over again, start from the beginning, and slowly build that culture of security. Try to ingrain it within the company, within just make it be part of their values, right to care about security in their jobs. It's part of their response. I wouldn't say security is their responsibility, but being having an intent in educating themselves, of people educating themselves and raising their hand if they have an issue or a concern or they make a mistake, right? So it's the culture in the organization is really important, because organic, there are certain organizations that are very Blamey, right? They like to point fingers the people who make mistakes. Absolutely, that's not where you foster an environment where people feel responsible, saying, I just messed up, right? People will hide under the table and then being able to know that there's an issue, possible incident early on, just has a dramatical difference in the impact being able to deal with that incident early on, because when, when we get infected our device, let's say your computer here now, gets infected, an attacker won't have control of the whole environment in in like two seconds, right? First they'll they'll establish what information you have in there, what accesses you have. They'll try to pivot. They'll try to escalate their privileges until they have enough knowledge and need enough power to be able to maybe delete those backups that you have somewhere that to to. Turn off certain security features that you might have to get in the way of them doing their job, which is extorting you, encrypting your information or exfiltrating it. So understanding that is also important. So

15:14

let's say it doesn't happen under accident, but let's say somebody does have a company that does have a breach. You put in place all the education, but it just happens. What does Ackcent do with that knowledge? Is there a community? It's like, Hey, here's a new threat, here's a here's a new way of being able to penetrate a network, whatever, and then what that's learning on your part? What do we do with that? Well,

15:47

there's a part of educating people, but Ackcent services go far beyond what my role is, which is this more human side of it? So we have teams dedicated to auditing your environment to see if there are any vulnerabilities that you can fix so playing the role of the bad guy, then we have a team, which is the blue team, dedicated to monitoring your environment to see if there are any indicators of people or attackers messing with your environment, and then if any alarms go off, they'll go and check and see if it's a false positive or not, or if they have to go in and maybe disable certain software that's running.

16:36

Is it because there are cyber companies, they're here. Don't get me wrong. Is there a collegial type of understanding that you're trying to help other companies too, saying, Hey, we have a we've identified a new threat. We think you need to be aware of it. It might be a competitive advantage, but that doesn't really serve the masses, in a sense, if there's something new out there, do you? Do you find that you worked with other organizations to say, hey, there's a new thread?

17:07

Yes, that we do? You mean, in our within our industry, yes, yeah, we try to collaborate. The bad guys collaborate more among themselves. If we look at how the the cyber criminal industry has developed and evolved in the last few years. It's incredible. We should not think of the guy, the hacker with the goodie with kids boxes piled up around in a dark basement. That's not it anymore. These are people who have a job, like, right, like we do, and they, they have their incentives, and they, they specialize. So the way the ecosystem has evolved, everyone is specializing in the whatever part of the attack they're better at. And so the barrier, the entry barrier has lowered a lot. So there's people just coding that malicious code that's there's people who are good at getting access at your environment, so they'll sell that access. And then there's all these affiliates that buy the code. And then these big ransomware gangs, for example, they they give you all the infrastructure you might need to extort your your victims. So you'll have these chat services where you can negotiate. You have these services to pay

18:36

against that. That's distance. Well, you gain, yeah,

18:39

well, you got to be ready. You got to be ready. So I understand it's an uncomfortable conversation, but you have to have it. You don't want to give into the bad guys.

18:49

I just want to, like I said, I just want to curl up in the corner, and then I want to be air gapped everywhere, you know, but then that I can't

18:57

there's, so I'd say there's just doing a little bit more than the rest, we are already better off, you know, just doing the, the hygienic, foundational stuff, which is probably not the sexiest one, right, just doing the the 10 things, You know, having backups, having them properly tested and stored, updating your systems, having having an alert system that will just like

19:32

just sort of, what you're saying is there's a at least a baseline of just saying, Hey, if you do this, your Your your percentages, sort of of an attack of a penetration of a problem is decreased dramatically, you know, then there's that point where you could go overboard. And it's like, is there really any, you know, benefit associated with that when I'm just already here, and it's pretty sound,

19:56

the thing is, it's just like with protect. Your home, yeah, you got to be ready to try to avoid anyone from getting in. But also, because you want to still have windows, which, of course, are more vulnerable than all, yeah, and because you want to be you know, you have to have capacities to be able to detect maybe an alarm if someone comes in and then be able to respond, because the alarm goes off and nothing happens. Yeah, you know, so it's not a matter of if this happens, but if you're ready for when it happens. And I'm not trying to scare you, I'm not,

20:37

why are you making me no

20:40

day miserable.

20:41

I think the reality is, is that you have to have this conversation. You just have to have a conversation. What is the right handed hurt? Just be ready. And then, you know, what is also important is finding those trusted individuals to be helped, to help you along on that journey. Is pretty important. How do people get a hold

21:01

of you Laia? So our website is Ackcent, A, C, K, C, E, N t.com, or are you out on LinkedIn also?

21:14

Yeah, you're good out there on LinkedIn.

21:15

Yeah, I'm not very active because I'm busy.

21:20

I'm still gonna put your LinkedIn link out there. All right. Listeners, yeah, her name is life, and she's amazing. You're gonna have to have this conversation around cybersecurity, whether you like it or not, if you want to be digitally connected, you're gonna have to have that conversation. And it is a major human, human component. Just, just do it. Please do it. We want you to succeed. We don't want you to get injured in any way. All right, we're going to wrap it up on the other side. Stay tuned. We will be right back. You're

21:50

listening to the industrial talk Podcast Network.

21:59

All right. Great conversation once again, from IoT Solutions, World Congress, as well as Barcelona cyber security Congress. They were both held at the same location. That was like Garcia Pedro. The company is called Ackcent. That's A, C, K, C, E, N T, cyber security. You can tell there's a human component associated with all cyber security. You want to be connected. Definitely need to address the human component, without a doubt. All right, we're building the platform. As I always say, industrial talk is here for you, industrial professionals. You have a podcast, put it out on industrial talk. We want you to get as much traction as you possibly can, because your story needs to be told. If you have technology, put it out on industrial talk, all you have to do is go out to industrial talk.com. Click the little connect with and you'll be talking to me. So let's figure that out. All right, people, be brave. There greatly. Hang out with Maya, and then you're going to change the world. We're going to have another great conversation shortly. So stay tuned.

Chapters

Video

More from YouTube