Interview with Martín Vigo, cybersecurity expert

Martin Vigo is a prominent Spanish cybersecurity expert from Vilaxoan, Galicia. His passion for computing began at age 9 when he received an Amstrad computer as a First Communion gift. During adolescence, he developed a true passion for cybersecurity and hacking.

After working at Apple, Google, and Salesforce, Martin Vigo founded Triskel Security, a consultancy specializing in information security solutions. He hosts the podcast “Tierra de Hackers,” where he analyzes news and trends related to hacking, cyber threats, and internet privacy. He also serves as an advisor to Axyom, helping create cybersecurity products for SMEs.

“In cybersecurity, education is key.”

Martin, what is the main cyber threat facing SMEs today?

SMEs most frequently face social engineering and phishing attacks designed to trick users into sharing their credentials. Spear phishing presents an even greater danger, with customized attacks targeting specific members of the organization.

How do cybercriminals achieve this level of personalization in their threats?

Attackers research social media to create credible pretexts. LinkedIn scraping reveals workplace details and colleague names. AI-enabled CEO fraud impersonates organizational leaders in emails, requesting compromising tasks such as bank transfers or file downloads.

What is the security perimeter?

The security perimeter represents the boundary separating the inside from the outside of company operations. Attackers seeking to compromise this perimeter must find vulnerabilities in exposed systems, which typically requires significant time and dedicated teams. This type of threat primarily targets large corporations and governments. Social engineering tactics prove more effective for criminals because they exploit people rather than systems.

There is a growing sense that cybercrime has become a full-blown industry

Yes, a clear example is “Cybercrime as a Service” (CaaS). A case in Argentina involved someone creating fake Apple websites to steal mobile passwords. Mobile theft organizations operating across Morocco and China used this infrastructure, sending messages impersonating Apple and requesting unlock codes. Once obtained, the codes were distributed to clients for phone resetting and resale, operating at industrial scale with hierarchical teams, KPIs, incentives, and referral programs, generating enormous profits from stolen device trafficking.

What is the first thing a small business should do to defend itself against these digital threats?

Education is paramount. Clear organizational guidelines establish good work practices. Technological solutions complement this: password managers, Google authentication, databases that prevent password reuse, and two-factor authentication systems. Additionally, solid incident recovery policies must be established. The primary risks from breaches include business interruption and reputational damage; clear protocols minimize the impact.

Which is more secure, Apple or Windows?

Both modern operating systems are perfectly secure with no substantial differences. While Windows previously lagged behind, they are now equal. Regardless of operating system security, if an employee’s credentials are compromised, attacks become possible. Prevention through education remains paramount.