In recent years, the economy has undergone an accelerated digitalization process, and more and more companies are living in the digital world and working in the cloud. At this point, cybersecurity begins to gain even more importance in the face of the threat of being a victim of a cyber attack.
Cybercrime has become one of the biggest concerns for many companies, and that’s when 94% of Spanish companies were exposed to a cybersecurity incident last year.
In this sense, SMEs, which represent 98% of the Spanish business structure, are still not seen as a reactive and attractive target to the cybersecurity culture, according to a recent study published by Google. However, contrary to what it seems, cybercriminals have turned their attention to smaller targets with fewer defenses in recent months.
To address this issue and discuss the importance of SMEs’ increased investment in cybersecurity, Levante-EMV held a briefing last Friday in collaboration with BBVA in Valencia, moderated by the Director of Corporate Affairs at Ibérica Press. Silvia Tomás with the participation of Juan Manuel Matalobos, global head of BBVA Culture of Cybersecurity; Juan Vicente Oltra, a postgraduate professor in Cybersecurity at the Polytechnic University of Valencia (UPV); Miguel Juan, partner of S2 Grupo; and Pepe Torres, representative and college of the Valencian Community Official College of Industrial Engineers (COIICV) and CDO at Kemex Handling Solutions.
“The importance of cybersecurity is closely linked to the advancement of digitalisation. The digital immersion of companies requires greater reliance on computer systems and therefore greater exposure to a cyberattack with greater impact; unfortunately many companies understand the importance of cybersecurity when faced with a problem”, stressed Juan Manuel Matalobos.
Three million SMEs exposed
During the conference, the participants agreed to draw attention to the increase in the number of cyber attacks against SMEs, which are often the gateway to large companies. “Digital threats have increased as the world has become more and more dependent on technology,” said Miguel Juan. None of the necessary infrastructures for companies are immune from danger.
There are more than three million SMEs in Spain exposed to an alarming wave of cybercriminals. Experts warn that the number of digital attacks is increasing by 85% each year, yet half of Spanish companies do not have any cybersecurity certification. “SMEs see cybersecurity as a cost rather than an investment,” lamented Juan Vicente Oltra, and in turn warned of the danger to the social and economic fabric that their disappearance due to cyber-attacks.
In this sense, it should be noted that 60% of European SMEs that were victims of a cyberattack disappeared within the following six months. “There is a 200-day period between the occurrence of the attack and its detection; In addition, it usually takes another 75 days until it is under control,” added the UPV Master of Cybersecurity professor.
However, Matalobos warned that “companies have a false sense of security,” which has caused them to turn their attention elsewhere.
“You have to help SMEs enter the world of cybersecurity,” said Pepe Torres. In response, the COIICV representative recalled that “companies have automated process control systems that are not ready to deal with cybersecurity issues and represent an attack vector for criminals to enter.”
According to a recent report by Deloitte, 62% of companies increased their cybersecurity budgets to counter these attacks. Thus, investment in cybersecurity at the national level increased by 7.7% in 2022 to reach 1,749 million euros.
However, the vast majority of SMEs cannot afford a large investment in cybersecurity. «Acquiring the necessary resources to combat cyber attacks is very complex, especially for SMEs. Juan Manuel Matalobos, budgeting for cybersecurity often means moving cybersecurity away from other areas that might be a priority for them.
Therefore, most SMEs are committed to outsourcing this type of functionality. In this sense, S2 Grupo is the reference company of Europe and Latin America in the operations of cyber security, cyber intelligence and mission critical systems. “Large companies are well aware of the dangers posed by cyberattacks and have reasonable contingency plans because that’s what their business is about. However, because SMEs cannot think of having skilled personnel, they cannot address such problems”, explained Miguel Juan; therefore, they should commit to contracting with an external service that provides them with “already protected package services”.
more professional attacks
Spain is the third country with the most cyber attacks against companies. According to the data of the Ministry of Interior, 375,506 crimes related to cybercrime were committed in 2022, which represents a 72% increase compared to 2019 data.
“The digitization process increases the profile of cybercriminals whose sole purpose is to derive economic profit from their attacks,” said Miguel Juan. After developing the necessary tools, they try to use them as much as possible.”
Likewise, Miguel Juan warned that criminals look for company vulnerabilities through automated searches before attempting an attack. “Like a virus. A human only intervenes when it finds a spot to break into the corporate network and run malware. In most cases, this could be an employee’s computer from home connecting to the corporate network.
“Attackers are also becoming professional. Matalobos said the number and complexity of attacks have increased exponentially in recent years, and that’s why we need more people to get cybersecurity education.
In this sense, it is estimated that 300,000 cyber security experts will be needed in the coming years in order to face the increasing wave of cybercrime in the European Union. “This is impossible to achieve, it is necessary to bring in more technology. Attackers already use AI to carry out their attacks, so we have to defend ourselves with it,” admitted Miguel Juan.
Job security vulnerabilities
Most security incidents are caused directly or indirectly by humans. “Companies’ biggest vulnerability is people, because they open doors on their computers that they shouldn’t. Companies should raise awareness and train their employees to minimize such intrusions, which are the easiest to fix,” added Juan Vicente Oltra.
«It is impossible to be 100% protected, because there are a wide variety of attacks and they are getting more and more complex. However, with some measures, we can complicate the process of criminals and make the cost of attacking us very high,” said Pepe Torres, continuing his words as follows:
“You must be suspicious,” said Miguel Juan. We’re all exposed to these risks, but it’s not that hard to reasonably protect yourself because you don’t need large investments or knowledge to do so. Likewise, S2 Grupo’s partner warned that the most important thing to “do not touch anything and call an expert” should it fall victim to a cyberattack.
Matalobos explained that in cyberspace we all need to have a set of safe behaviors that are easy to implement: “At BBVA, we are at the forefront of security issues and strive to deliver our services in the most secure way possible. “We are making our resources and experience available to the general public through a campaign to inform them that they will implement the strategy; we also have some free courses for SMEs to establish basic cybersecurity.”
Finally, the speakers agreed that cybersecurity is a booming industry that “moves huge amounts of money” and presents an opportunity for SMEs.