Federico Perez Acquisto, COO @ ESET Latin America

This Q/A Session was created and published on 03.11.2016

Sergej Strajnak: From which countries (in Latin America) come most cyber threats? It's difficult to geographically localize such threats?

Federico Perez Acquisto: Generally speaking it´s not so easy to separate all the region in different threats, but we have some countries with some groups of malware creators like Peru, Mexico or Brazil in the main stage. Peru or Mexico are specialized in Trojans or Botnets, and Brazil has a tremendous focus in Bankers. In addition with that, in those countries plus Argentina, Chile, Colombia and others, locals campaigns of ransomware, phishing or hoax are created also.

Sergej Strajnak: What is going to be the next trend in cyber attacks in your opinion?

Federico Perez Acquisto: Every year in ESET we published a global inform call Security Trends. From my point of view, there are three important aspects: the first one is that the common and non-technical attacks like phishing continue working in the community, so the most quantity of victims probably is going to be infected or affected by the traditional threats. The second point, probably the ransomware is going to continue growing and infecting others devices. At the beginning (some years ago), we saw ransomware in computers and last year we started to see smartphones infected by ransomware, so probably in the future, we are going to see others devices related with the Internet of Things affected by ransomware. In the third point, in the last years the gaming´s industry is one of the industries that represents the highest growth but not in terms of cybercrime, so probably in the following years we are going to see more attacks with the gammers like targets attacking the platforms or attacking the game and the user.

Sergej Strajnak: Where will be focus main scope of ESET Latin America business about 10 years in the future? Could you give us a quick look into the company's future?

Federico Perez Acquisto: We plan to continue growing every year above the average growth of the security market focusing on most important LATAM markets like México, Brazil, Perú, Argentina and Colombia. We will continue providing security solutions and also security services in order to let the users enjoy safer technology.

Sergej Strajnak: How big influence will be have exploring of quantum processors on security?

Federico Perez Acquisto: One of the biggest advances in quantum processor is related to cryptography. To the extent that this type of processor is developed, it is much easier to break the current encryption algorithms. Gradually the technology should move from traditional encryption algorithms to algorithms that exploit the processing power of quantum processors. We should see a decline in the use of public-key algorithms most used nowadays, such as RSA and Elliptic Curves. In cases like symmetric crypto and hash functions, the current parameters will have to be revisited (usually doubled) to ensure that they stay secure in a quantum world. This shift to modern algorithms should happen transparently to end users; however, whoever is responsible for development or configuration of security applications should be ready for the coming changes – in particular, those who support these functionalities in legacy systems.

Sergej Strajnak: Are you one of those people who think "hacker" is not the best choice of a name for an individual committing cyber crime?

Federico Perez Acquisto: Of course, the community has a wrong perception of hackers and they called hackers that we called cyber delinquent. Actually, the hacker is a good guy with a lot of curiosity and he uses his knowledge to do a benefit in the society or in a specific system, but the hacker doesn’t have the intention to generate a damage in the system or in the owner of the system. Because the this thin line some terms like White Hat, Black Hat or even Ethical Hacking started to be presence in our industry.

Sergej Strajnak: If you could give one advice to IT students and to young people thinking about a career in IT industry, what would that be?

Federico Perez Acquisto: I will give them to advices, one regarding of our security industry and other regarding their professional career in IT Industry. In security: they need to understand that security is involved in all the aspect of a company and not only to have a good AV solutions, a good backup solutions or a DLP solutions. The security is involved in the creation of a software in the first stage of design, the security is involved in the solution of a company crisis or even in the quality of a service that the company provide to the community. Regarding the IT Industry, I advise the IT student that never lost the ambitious of improve their knowledge, because in the technology industry

Sergej Strajnak: Have you ever met somebody during your career who inspire you to change yourself?

Federico Perez Acquisto: Yes, of course. I have an MBA in a well-known school of business in Argentina and during that course I met some teachers that change my view of several issues. I think that we should be all the time learning from other people, and not only from your professors, your family or your boss.

Sergej Strajnak: In your opinion is the partnership between ESET Latin America and universities in Latin America working well enough? Or is there a room for more improvements in applied R&D sector? Does ESET (Latin America) have any opportunities for any exchange or intership for IT students from Slovakia?

FedericoPerez Acquisto: Always there chances to improve things in each project and this concept also applies to the partnership with the university. This year we generate a new agreement with the major technical university from Argentina, so we are started to work with them during this year. Also, we are giving a lot of talks in LATAM universities generating a space for students to participate in a security contest. Regarding the possibility to have an exchange or internship from a student of Slovakia in our office; we have never analyzed it, but could be a possibility if we found a way that works for the student, for ESET HQs in Slovakia, for ESET Latam and also for the university.

Sergej Strajnak: What is your current contact with Slovakia? Do you have time to follow Slovakian (or European) IT events? For example in Kosice we have very good IT events, namely Hackathon, startups weekend etc.

Federico Perez Acquisto: Not so much, because my focus is in Latin American region, so I´m not following the IT events from Slovak or other European Country except from those that have an impact in our region like Mobile World Congress in Barcelona, CeBIT in Hannover or InfoSecurity in London.

Sergej Strajnak: How do you feel about women in IT sector? What is the approximate percentage of women representation in management of ESET Latin America?

Federico Perez Acquisto: For us, if it´s a women or a men doesn’t matter, because we focus in the abilities and the experience of each person. In that way, we are the only Security Company in Latam which has a Security Expert that it´s a woman. Almost the fifty percentage of the employees in Latam are woman in different areas of the company. Regarding the managers, we have 6 managers in the company and two of them are woman. At least in Latam technology industry, this values are very upside the average.

Sergej Strajnak: Have you ever heard about the virus with the name Onehalf?

Federico Perez Acquisto: Really, I didn´t about this specific malware until this question, but I look for more information about it and I found that it´s a Slovak malware, also known as Slovack Bomber. Is a classical malware (was first discovered in 1994) of polymorphic virus family. This malware infects the MBR (Master Boot Record) of the PC and$s the MBR (Master Boot Record) of the PC and also encrypts certain parts of user's hard disk, but then decrypts them at the moment of access, thus user does not notice anything. However, careless disinfection will result in data loss; if the user does not decrypt the data, then destroys the virus which decrypts and accesses it, the data will be lost.