Como responsable de sistemas de información nunca estaría en una empresa con servidores en nuestras instalaciones. El contrato con un socio tecnológico de nivel sería por prestación de servicios, dejando las infraestructuras y la ciberseguridad en manos de especialistas. Lo contrario es condenar a tu empresa a la obsolescencia y a la rigidez, limitando su capacidad de respuesta antes los cambios del mercado.

It's a mug's game to guess where the hackers will attack. Rather than attempt to foresee risks, take advantage of proven, known measures to mitigate risk: 1. Deploy layered security measures 2. Use MFA everywhere 3. Segment your network 4. Verify devices when they try to connect 5. Monitor network traffic and block suspicious activity 6. Use fine-grained access controls 7. Use effective endpoint detection and response 8. Monitor users and processes more closely in sensitive domains 9. Block all email from domains less than 60 days old 10. Monitor KEV lists, and patch or mitigate vulnerabilities in critical processes 11. Observe the SANS guidance 12. Observe the CISA guidance

If you’re a buyer, ensure your vendor is SOC 2 Type 2 and ISO 27001 certified compliant. Most young companies will delay such certifications increasing risk.