Some major world events in recent years, such as pandemics or wars that broke out in different parts of the planet, have significantly changed the daily lives of citizens and taken control of the economy. The consequences of this go even further, because they enter the virtual world; increase in cybercrime.
State, regional or local governments are targeted by hackers. Proof of this is that there are municipal councils in the province of Alicante who claim that the cost of the security measures they need to protect their data can already reach 15% of their budget. from Alicante Provincial Council Another information was shared that reveals the magnitude of this situation. The state agency must repel more than 7,000 attacks every week, most of them coming from Asian countries, with a significant portion concentrated in the Middle East region. In this sense, we can also underline that a City Council like Alicante encounters 100 hacking attempts a day. All of this forces managements to update their systems’ access policies to prevent information theft.
in case Valencian generalCybersecurity is an important element of its strategy and is primarily the responsibility of the Directorate General of Information and Communication Technologies (Dgtic). With the Generalitat Management Strategic Digital Transformation Plan GEN Digital 2025, which aims to complete the regional digital transformation, the road map for the coming years is determined with the objectives of digitalizing the way of working, rationalizing and simplifying management, and simplifying internal processes. and transforming the organizational culture of the Generalitat.
Dgtic has a General Sub-Directorate of Cyber Security, which is responsible for the security of information systems, directs the development of the cyber security strategy and creates the necessary measures for this. protect systemsDepending on the criticality of the information and the level of risks they are exposed to. The Valencian Community Cybersecurity Center (Csirt-CV) is affiliated with this centre, which provides services to administrations, citizens and companies and whose main goal is to contribute to the improvement of the security of information systems.
The rise of remote working has increased the risk of incidents and forced us to urgently review security protocols
José Manuel García Duarte, Director General of Information and Communication Technologies, assures that the latest events in the world “increase the pressure to protect information systems and the work carried out every day.” public employee personnel, in the face of cyber attacks and attempts to steal information. Regarding the impact of the pandemic, he adds: “The period of stay-at-home and lockdown led us to urgently review our security policy, among other things, to adapt to the Generalitat’s needs for remote working, which poses too much risk.” An entry point for important events.
After the epidemic came Russia’s invasion of Ukraine. This led to the adoption of measures such as implementing a double authentication factor or replacing all credentials, as García Duarte points out. corporate domain accountsas well as other temporary actions. Over the past year, the Generalitat has had to intensify its work to counter the launch of cyber attacks on the regional government, the emergence of disinformation campaigns regarding vaccination against Covid-19 or the use of information from the pandemic to create malicious websites.
Regarding the figures presented by Csirt-CV, it is worth noting that the Valencian Community covers more than 240,000 public employees. Its main objectives are to contribute to the improvement of the security of information systems and at the same time to promote the security of information systems. safety culture and good practices using new technologies to minimize incidents and actively combat new threats that constantly emerge. His work includes penetration testing, vulnerability audits and forensic analysis.
Events
More than half of the incidents managed by Csirt-CV are incidents classified as fraud; Among these, the receipt of phishing emails, whose campaigns are constantly received, stands out. With them, cyber criminals They want their identity information to be stolen through identity theft. Other relevant cases in terms of volume are intrusions, which mainly consist of compromising user accounts, using malicious code or brute force attacks.
At the provincial level, Alicante Provincial Council on average 7,000 attacks per week. “So far none have affected our servers, they have all been repelled,” says David Aracil, vice president of innovation. Every year, the provincial institution directly invests in cybersecurity, and to this should be added its indirect actions, because it supports all municipalities of the province, paying special attention to the smallest towns, those that do not reach 20,000 inhabitants.
Ten years ago the Provincial Council launched the Modernization Plan, now in its seventh edition. “We respond to the needs conveyed to us by municipal councils. A huge investment of around 3 million was recently made for its renovation. hardware and software», adds Aracil. Comptes Audit Office also values the work done at the Provincial Palace in this field. Proof of this is that in its latest report on the subject, it named this institution, together with Benidorm City Council, whose mayor is also the President of the County Council, Toni Pérez, as the Community’s best achievers. Cybersecurity rates.
At the municipal level, Finestrat’s Councilor for New Technologies, Héctor Baldó, presents some of the technological tools that the PP-led City Council uses to protect itself from dangers. virtual attacks. “For external access from the Internet to the corporate network, we have a secondary network that is segmented and separated from the internal network that government employees use,” he explains. Employees’ access to remote working has also been strengthened to prevent the theft of identity information.
Regarding the ongoing projects in Finestrat, the segmentation of different municipal networks is being completed in order to minimize the impact of possible attacks. This action is also used to complete the application. wireless networks In all municipal buildings. Looking ahead to next year, work continues on the implementation of the SIEM solution (Security Information and Event Management System), a technology that can quickly detect, respond to and neutralize computer threats.
Councilor for Modernization and New Technologies Ricardo Mira García from another municipal council in the province, in this case PSPV-PSOE-run Xixona, recalls that in 2021 they were subjected to a “bestial computer attack”. Council member explained the problems cyber security Vehicles for smaller municipalities. «Keeping everything up-to-date and up-to-date costs our coffers a lot. “Since that attack we have tried to ensure that everything is in the cloud and we are working with companies that specialize in data processing,” he says.
Passwords
One of the measures implemented at Xixona focuses on making the passwords currently used industry-specific. So not all employees have access to everything. “The problem is that we can’t go overboard with it. security precautions. “It would be crazy if we changed passwords every week,” says Garcia Mira himself. The support the municipality received from the Provincial Council last year allowed the renewal of computer services.
Experts warn that despite technology advancing, the human factor remains key to avoiding damage
The Cyber Security coordinator of the Spanish Smart Cities Network is Josué Castillo, head of the Telecommunications technical department of the Elche City Council. According to this expert, despite technological advances human factor remains the key to security. “Awareness is very important. Any means can be used, but if public servants are not alert, the danger will continue,” he warns.