If you look around, half of the technology you can see is zombie, that is, infected with a computer virus and controlled by a cybercriminal. in Spain, 55.3% of equipment is used in illegal activities without the knowledge of the owner; however, fewer and fewer people are aware of it. And although only a few cases stand out, such as the case of the Hospital Clínic de Barcelona and the Autonomous University of Barcelona (UAB), the reality is that Every 11 seconds, a successful cyberattack happens to companies around the world.. Any person, company or government agency is vulnerable to a computer attack or data theft, hence the importance of awareness and investment in security.
These issues were discussed at the meeting Cybersecurity meeting organized by ‘activos’ and Prensa Ibérica groupIt was held recently in Madrid, sponsored by Banco Santander, Grupo Oesía, BBVA and Hewlett Packard Enterprise, and in collaboration with Digitales, the Spanish Association of Security Companies and SI Cybersecurity.
Approximately There are approximately 300,000 Spanish victims of cybercrime and 1.1 million highly exposed assets data that needs to be kept behind a private network, including documents, conversations, and files. “Cyber attackers are looking for vulnerable equipment and exposed services,” said Ignacio González Ubierna, deputy director of the National Cyber Security Institute (INCIBE). Although the string of computer attacks has not stopped growing since 2012, the coronavirus pandemic and digitization have been the catalyst for this problem, due to the increase in the number of computers that need to be protected. “Digital transformation happened very quickly, but on the contrary, people did not evolve at the same pace,” said Javier Calahorra, CISO of BBVA Spain. In other words, we use applications all the time, but we do not know how to manage them correctly.
In the business world, The focus is on small and medium-sized companies (SMEs), making up much of the Spanish productive fabric today. “SMEs have gone digital in a forced march, but maybe we need to give that a big boost,” said Alfredo Díez, COO of Cipherbit-Grupo Oesía. Although large companies invest and are properly protected, smaller companies and self-employed will sooner or later become “a danger to all” if they do not increase their security.
lack of talent
“It doesn’t matter who’s behind it, there are always bad guys,” said Martí Saballs, director of economic information for the Prensa Ibérica group, and offered a piece of information that often goes unnoticed. : The total cost of cyber attacks is 5.5 trillion euros todaytwice as much as a year ago. Therefore, “the important thing is to build defenses to prevent them from defeating us.” Advances in technology have also been noticed in the behavior of these criminals, who are launching increasingly professional and sophisticated attacks. Carles Solé, CISO of Banco Santander Spain, said: “This is a war against highly organized cybercrime that has been allowed to grow. We need a cyber army to fight the bad guys.”
In this struggle, there is an imbalance that negatively affects the good and is based on various reasons. Sergio Gómez, KPMG’s cybersecurity partner in Spain, said one of the problems was the “lack of properly trained cybersecurity capability”. Special, around 30,000 specialists are needed according to its latest report, although other organizations put the figure at 60,000. “It’s a sweet moment because there’s a lot of work, but it’s very difficult for us to recruit and retain talent,” Calahorra agreed. One solution on the table is reskilling (professional recycling) and training people to work safely. What is most needed, of course, is to tackle the problem from the very beginning, with “more collaboration with universities and graduate degrees to change and achieve everything we don’t currently have”.
plan B
Another handicap for cybersecurity professionals is investment. with years Cybercrime has become a structured industry and provides unlimited funding who supports his actions. “The time has come for public administration to act together,” said Félix Martín, Head of Cybersecurity Services for Hewlett Packard Enterprise EMEA and Latin America. The increase in investment in cybersecurity in large Spanish companies has been increasing at double-digit rates for the last 20 years, but it is not enough. “I don’t believe in investing more, but in investing better—Solé summed it up.”
However, in addition to having skilled professionals and investment, companies also if all of the above doesn’t work they need a plan B. “You need to design a disaster recovery based on different industries,” Martín stressed, because maintaining a logistics chain is not the same as accounting for a company. In these cases, firms should have something that holds a minimum of operational short-term.
more edits
Before the experts jump into these last-minute plans, homogeneous legislation spanning all sectors because, as Gómez emphasizes, “there is nothing forcing you to take these measures” at the moment. There are sectors that find it more difficult to bet on cybersecurity, such as the agri-food sector. Others, like the one about robots, take longer to solidify their cybersecurity because they believe they are impenetrable. “Our job is to reach out to the unconvinced,” Díez said. And the main thing is Public Administration. Through the judiciary, the Treasury suffered an attack that allowed the data of nearly 500,000 taxpayers to be stolen; Later, the City Council of the Valencian town of Requena became the victim of a cyberattack that blocked servers and caused delays in paying their employees’ payrolls.
above all The financial sector stands out, that there is a regulation of its activity to protect the data of all its customers. “Sometimes there is a mismatch between directives because sometimes they overlap,” said Calahorra, who approves of the “overregulation” that exists around the bank.
European Union enacts legislation for critical infrastructures. One of the promoted regulatory frameworks is the Digital Operational Resilience Regulation (DORA). For Solé, AB “arrived late but woke up”. “These are repeated regulations over the same checks and companies don’t know very well how to enforce them,” said Gómez, who blamed the complex and familiar bureaucracy in Brussels. The problem stems from the absence of instructions that teach how to apply safety precautions.
dangers of the future
The world of technology is going through a process. a real revolution with the development of ChatGPT and the momentum of the blockchain. However, you should be aware that news always brings new threats. An example is decentralized finance, which greatly simplifies financing channels for cybercriminals due to the lack of monitoring. Something similar happens with artificial intelligence (AI). “It can improve our automation, but the bad guys have guns too,” Calahorra stressed. “The message to send is that you need to criticize AI, you need to raise public awareness about it,” Solé said.
Related news
Tools like deepfake make it difficult for security providers. Like the manipulated voices of politicians and false video calls, Díez said, “What scares me most is the ability to control and deceive the public.” But there is more. The same technology is used to recreate video calls with bosses, fake calls from agencies, and send bank SMSes asking them to provide passwords and bank account numbers. It happens at the institutional level too: “North Korea’s nuclear program was funded by the theft of cryptocurrencies,” said Martín. Experts warn that the dangers are moving into the real world: “Currently the damage is not just digital, it’s also physical damage,” Díez said. For example, a cybercriminal could alter the parameters of medical records in hospitals or alter certain processes at a nuclear power plant.
To meet these challenges, experts call for more public-private cooperation. “We need to talk more between public administrations and private entities or companies because holes are used by the bad guys,” Calahorra said. Solé missed “European cooperation with other blocs to address these sources of crime”. Díez reminded that “Europe needs a very strong investment in development” to reduce dependence on foreign technology and security. “We have to share this type of data between competing companies, that will bring drastic change at the interstate level,” he added. Gómez also said that they demanded a “more homogeneous, clearer and more concise” regulation covering all sectors.