Kymatio hires a 4iQ co-founder to direct the business strategy.

Kymatio hires a 4iQ co-founder to direct the business strategy. 1

David Sánchez Torreswho worked for clients such as LifeLock, Iberdrola or Telefónica as a  4iQ cofounder, is the new head of Kymatio’s business strategy.

Kymatio records first level executive talent for his business. The internal risk prevention startup has incorporated David Sánchez Torres (DST), co-founder of 4iQ, to Kymatio’s team. The executive, whose chief position is Chief Sales Officer, will continue the omnichannel development of the product of one of the most influential Spanish cybersecurity startups.

“It’s one of the Spanish cybersecurity companies with the greatest market potential and I’ve been struck by its principles,” DST said. “It’s a new philosophy, a different approach, but completely necessary, which is why it motivates me.” has added.

Interview with David Sánchez Torres, CSO of Kymatio

Kymatio Team David Sanchez Torres

David Sánchez Torres

CSO

You move from 4iQ to Kymatio. Why??

4iQ is a mature project that is following its own path and during 2018, some of the people who started it decided that it was time to start getting involved in new initiatives.

Kymatio is a powerful, innovative project that covers a space in which right now there are no defined solutions, it is therefore an exciting challenge that allows me to work in a different area of the cyber sector that I had been approaching from other perspectives.

There is still a lot to do but that is precisely one of the challenges that we are passionate about for entrepreneurs and that make startups with this potential our natural meeting and development space.

Why is the problem of the internal threat caused by the human factor so worrying?

According to the latest reports of ENISA insider risk within cybersecurity continues to occupy a place in the top threat both in 2017 and 2018 but if we add to this threat others such as phishing, vishing, ramsonware, identity threat, cyber espionage, etc. that are also related to the internal threat produced by the human factor, we realize that the problem is transversal to many of the cyberthreats that companies have to deal with. If we add to this the incident data published by the U.S. State of Cybercrime insider risk within cybersecurity continues to occupy a place in the top threat both in 2017 and 2018 but if we add to this threat others such as phishing, vishing, ramsonware, identity threat, cyber espionage, etc. that are also related to the internal threat produced by the human factor, we realize that the problem is transversal to many of the cyberthreats that companies have to deal with. If we add to this the incident data published by the U.S. State of Cybercrime, with 50% of incidents where private or sensitive information was unintentionally exposed. 40% of incidents where employee records were compromised or stolen. 33% of incidents where customer records were compromised or stolen. 32% of the incidents where confidential records were compromised or stolen (that is, trade secrets or intellectual property) we realize that the problem is very serious and that not many preventive solutions are found in the market. Nowadays it is impossible for companies to know what their level of internal risk is, if the training campaigns in awareness are really having an effect (normally they are not very effective) and what they could do to improve these situations. Kymatio gives a solution to these problems in an agile way and with a comprehensive vision of the problem., with 50% of incidents where private or sensitive information was unintentionally exposed. 40% of incidents where employee records were compromised or stolen. 33% of incidents where customer records were compromised or stolen. 32% of the incidents where confidential records were compromised or stolen (that is, trade secrets or intellectual property) we realize that the problem is very serious and that not many preventive solutions are found in the market. Nowadays it is impossible for companies to know what their level of internal risk is, if the training campaigns in awareness are really having an effect (normally they are not very effective) and what they could do to improve these situations. Kymatio gives a solution to these problems in an agile way and with a comprehensive vision of the problem.

What should be improved in companies from the point of view of prevention of internal risk?

In the first place, it is necessary to understand that it is a problem whose responsibility does not affect a specific division of the company but is shared at least by the departments of Human Resources, Information Security and Legal, in fact, the problem of internal risk, It should be addressed either from a new unit with that responsibility or at least from a specific committee that includes the heads of these departments.

Secondly, to improve investments in prevention that are now being carried out only with training plans without comparing their effectiveness.

Therefore, with Kymatio, companies will improve in terms of employee protection, which is the weakest link, efficient execution of training and awareness plans, strengthening activities as well as knowledge, in general, of risk levels internal as well as in comparison with other companies in its sector.

Why should a customer choose Kymatio?

Kymatio provides a unique solution in terms of prevention of internal risk produced by the human factor as well as the internal risk assessment of companies. There is currently no solution that addresses this issue beyond the companies that carry out training plans for employee awareness. Therefore this gap is definitely solved with Kymatio.

Kymatio also provides the necessary intelligence on the exposure that suffers in relation to human risk (Kymatio Human Risk Scoring), determines the needs of the company in relation to strengthening, generating a corporate action plan for the mitigation of human risk with granularity departmental and per employee.

Another interesting point is how to support in compliance that allows our clients to reach a proactive position in the NIST framework (in the identification and protection phases) or the executive order 13587 of Obama (NITP), thus fulfilling the regulator’s requirements.

¿Cuál es el feedback de los clientes?

The feedback cannot be more positive. Initially, we value the entry into medium-sized companies, since we wanted to understand what the entry barriers were for domestic sales as well as the points that could hinder the implementation of the project. Once this point has been understood, we have turned to larger organizations where we have found that they have that need and nothing to address it.

In some IBEX 35 companies and in organizations such as the INCIBE they have congratulated us for the project and have assured us that they have not seen a solution like Kymatio to date and that we have understood the gap that exists in a market as complex as cybersecurity and find a solution for it. Right now these companies are conducting concept tests with the aim of implementing Kymatio at the corporate level.