JUAN JOSÉ FUSTER, INTEC

Doctor TIC interviews Jan José Fuster, managing director of the mallorcan company Intec Tramuntana, the only company specialized in cybersecurity of the Balearic Islands and one of the first in Spain, located in the Parc Bit and which already has clients in many countries; among international companies and public bodies. Juan José is an engineer in computer management and has a Master degree in computer science from the UIB. But he tells us that he’s already started in the computer world at age of 10 (now he is 41): “In 2 years he already programmed and did reversing (decoupling code to understand what he does and modify it to do whatever he wants ) “. For 25 years, he has worked professionally in the world of IT, the first 7 as a worker and for 18 years in his own company, from where he has worked for companies around the world in different types of projects, until about 5 years ago it was finally focused on what really he has always been passionate about cybersecurity.

1. The ESCUT computer security project has been presented combining AI, Machine Learning, Big Data, Ciber Intelligence, a pioneer in the Balearic Islands, to serve companies, entities and research centers around the world. Will this make it possible to move forward to cyber attacks, increasingly frequent?

Indeed, from our center, monitoring the computer systems of our clients, we can anticipate the attacks and prevent them from entering their systems and doing the disasters they are doing. Therefore, in addition to our team of experts, which is recognized throughout the world, we have the best tools on the market, and additionally we are developing our owns based on our experience to cover gaps.

2. This new computer science cybersecurity center that you have presented is expected to require you to cover new jobs in the coming months, in fact you are already receiving interests from around the world to come to work here. Is this in line with the strategy of the Government of the Balearic Islands of “Sun and data”, what are your main obstacles to attract talent? And to retain it?

There is a lack of awareness in our society to value IT professionals as it is done in other countries and consequently pay decent salaries. The current problem in the Balearics is that the computer is not specialized, which for € 1,000 a month makes the web, keeps us the systems and, by the way, it comes to fix the computer at home without getting paid for it, because ‘he likes his profession and enjoy this’. All the talent of the Islands is leaving, because they are better valued professionally and can earn much more money in other countries. As a professional in the sector, I sometimes hear “technology does not make me earn more money, it’s a waste”or “I have a 17 year old nephew who is really good in computing and will take care of it”. I am sure whoever may read this about the profession, will now be smiling and agreeing.

There is also a lack of business awareness, local businesses do not invest in ICT, it is only used in tourism and construction. As in other countries, there are ‘true’ investors that if they have to invest several million euros in a project they do so, here they are not, companies want to make a lot of money, very fast and without problems (this is also what I want !). Unfortunately if you want to innovate, being a leader in something, you have to invest and work hard as we have done in Intec. We have invested more than € 400,000 in the recent years, and we are a small company. I can not imagine how far we could get with a real investment! Here is our true business, when creating technology and services that can be marketed around the world, but few think like that here.

3. Precisely, you have more customers outside and have your own international network of collaborators: companies, research centers and specialists in various countries such as the USA, UK and Israel. Being a company so young (created in 2013), how did you get it? Do you plan to keep growing, outsource?

As i told you earlier, we have invested a lot of money in this project, we have worked and traveled a lot in the recent years, in addition to our years of personal experience in the world of cybersecurity. There is a fact that few people know about it and about 20 years ago, there was a good number of people dedicated to security in the Balearic Islands, but with the crisis in 2008, many have left. The few remaining are now at Intec and keeping these colleagues after so many years, has allowed us to be well positioned in the world of cybersecurity.

Yes we have plans to continue growing, both locally and abroad, for this we have our network of contacts and a strong reputation in our sector.

4. Thanks to this new center you will also make cybersecurity accessible to SMEs and smaller entities, which are precisely more vulnerable to computer attacks (43% of cyber attacks are targeted at SMEs). How to convince them of the importance of Computer security monitoring, despite its resource constraints? What annual losses and consequences can cybernetics mean?

The truth is that it is difficult to raise awareness among local companies, in Intec we have heard of every kind of comments, there are companies that think it won’t happen to them, other think that their anti-virus is enough, or that their IT team is prepared for it. … it really is very difficult, since very few companies understand that it is now easier to thieve them through the technology than physically. The duty to raise awareness is in the end made by the mafias and black hat pirates themselves. Actually, the vast majority of our customers have come because they have faced a real danger or been exposed, or they are foreign companies which are more conscious on that field .

The losses may range from several thousand euros to the closure of the company. In Intec we have taken over the scam of the largest CEO in Spain, about € 1,000,000. There are companies that are about to close because they can not deal with the economic costs, loss of customers or image damage that an attack supposes, but this reputation or forecast for the future. The decision makers in the companies are often not aware of it. In a conversation on this same topic, I heard saying “the market is self-regulated”, so that companies that are not prepared will disappear over time and that is what will happen in the very near future.

5. Is cybercrime moving more business volume than drug trafficking and prostitution? We are talking about the fact that 70% of the crimes are already digital and, according to data from the National Institute of Cibersecurity (INCIBE) last year in Spain, they registered 120,000 cyber attacks, and only in the Balearic Islands, 3,000 . Could you give us examples of what are the most common dangers that companies face and how can you predict / solve them?

They are diverse depending on the nature of the company, but we can name several such as money fraud (accessing the bank account, CEO fraud, credit cards …), ransomware, espionage between companies to snatch customers or sensitive information such as business plans, budgets, accounts, disgruntled employees who boycott or steal information, frauds on purchase or reservations websites, websites occupancy, the list is very long.

In each case it is solved differently and from the center we create a personalized service for each client to avoid being attacked and in case it does preventing the attack from causing serious damage to customers.

6. Not only companies, but also people can be victims of cybercrime, either through social networks, smartphones, IoT devices, etc … Where are the limits of our privacy, with the use made by Big Data companies?

For example, insertion of a remote control malware on a personal mobile device, to know almost everything about a person (where it has been, where it is, its calls and their content, activate the microphone and the camera and accessing to what is said, social networks, emails, whatsapp activities).

There are no limits, we increasingly have more presence in the digital world, even those who say no, such as people who do not have Facebook, but even in photos that other people have done, or anonymous comments on forums, not to mention the black markets on the Internet (dark web).

7. How is your collaboration with the Civil Guard and the National Police concerning cybercrime, do they have enough resources?

Facing a technological crime, we need to perform some technical tasks that take a long time and for which we need to have specific tools and equipment, this is where we can participate on technical tasks (investigations, experts, forensics) that result in a report well detailed that the victims delivers to the police forces to proceed. I must add that Intec has limitations when it comes to proceeding, for example, we can not ask an operator to whom an IP belongs, in addition, we have cases for which we need the advice of the police forces to see how to proceed regarding a certain situation to know how a piece can be lawful before a trial at a court.

8. Public administrations have also suffered cyber attacks, are they sufficiently prepared and aware? And from now on, companies that make public contracts will have to comply with the new safety regulations, is it being fulfilled, right?

I do not know how public administrations are, but I suppose they will be taking the necessary measures.

9. Do you consider that the blockchain is contributing to greater security in transactions? Have you seen more crimes of theft of cryptomonedes wallets?

At the moment it is not a very used system, which is a little soon to say, and regarding theft of wallets, they have increased, if they do not have sufficient security measures, if an attacker gets access to your wallet and password, and make a copy of your file, then it is even more simple than stealing physical money.

10. You are using Cuckoo, the most advanced malware scan. What is it, in simple words?

It is one of the best systems of analysis that is currently in use, it is not the only one we use, since for analysis many are needed, but to explain it in non-technical words, basically it allows you to create a controlled environment where you execute the malware and know what you are doing, where you are accessing, what you load in memory, processes you run, which helps the analyst understand his or her behavior.

11. What technological knowledge do you consider essential for a person who wants to work in your sector? And to stay up to date?

Depending on the profile we are looking for, it is a junior profile or a very specialized profile in something very specific. In both cases, in order to work in cybersecurity, the widest possible background in computer science in all the possible disciplines (programming, networks, systems …) must be as wide as possible. Without this background and a minimum of knowledge we do not hire anyone, since training someone is very hard and costly, the base must already be carried. From here, if you are a junior profile, you need a minimum security knowledge. If the profile is high, years of demonstrable experience are required, we do not require qualifications, only experience and talent, a lot of talent, given that we are competing with the best companies in the market. We do not hire people with a minimum of experience..

12. Any book and any movie that have influenced your work?

Influenced none, but I liked some like ‘Tron’ or ‘War Games’, which are fine. Currently, I would mention ‘Open Window’, ‘IT’ or the first season of ‘Mr Robot’.