Luis Pérez Pau, CISO, Ribera healthcare group
Asked about the threats that keep him up at night, Luis Pérez Pau, CISO of the Ribera healthcare group, mentions that he feels helpless in the face of vulnerabilities, because “it is something that you cannot defend yourself against, only react to, and the attacker has a “one step ahead when it comes to exploiting it and accessing your systems.” The manager adds during the debate “Cyber security, a pending issue in the health sector?” organized by Cybersecurity TIC that the impact of a vulnerability can arrive at any time, on any system; No matter how many security measures have been implemented, in the face of a vulnerability “we cannot be able to predict what the next entry route will be and what impact or scope it will have,” he says.
Asked about how the protection of clinical data is being addressed and where the challenges lie, Luis Pérez Pau comments that it is based on the discovery of the data, an aspect that he considers “has to be automated to the extent of possible to, based on a series of formulas and some tools with artificial intelligence, make labeling almost in metadata to know where these clinical data are located and establish control measures.”
The CISO of the Ribera health group also assures that the user must be given “adequate means and established procedures so that they act with the data in a responsible manner and keep it within the established perimeter, because the moment they leave that perimeter "You will not have the ability to monitor them and protect them."
Referring to backup copies to protect data, he agrees with his fellow debaters that there has been a great evolution and that now is the time to opt for immutable backups so as not to have a problem in case of that a cyber attack affects the data.
Luis Pérez Pau is clear that generative AI is a great technology and can be very beneficial, “but as long as it is used responsibly.” The Ribera health group educates users “so that they are aware that the use they have to make must be linked to a business need” and that they understand that everything that is shared with generative AIs, It should be considered public by default, so that “forget about uploading source code, forget about uploading credentials, forget about uploading internal processes, forget about uploading personal data.”
The manager is also clear that you cannot turn your back on technology because it is a great competitive advantage “but you must pivot towards corporate solutions managed within your perimeter of trust,” says the CISO of Ribera.
