The data are what they are and leave no one indifferent, 94% of companies suffered at least one serious cybersecurity incident throughout 2021, according to a study conducted by Deloitte.
The digitalization of Spanish companies is already a fact and extends across all sectors of activity, whether in the commercial, industrial, health, educational or governmental spheres and, consequently, criminal activities have also undergone a process of evolution towards the digital, creating new threats against which most Spanish companies are still unprepared.
The importance of cybersecurity in enterprises
Data is the currency of the future. Companies need them both to interact with their customers and to automate their internal processes. And it is precisely data that is the main target of cybercriminals.
When IT security breaches occur, the results of these incidents can be costly and devastating for companies, both financially and reputationally, which can be even more disastrous.
In fact, half of the Spanish cyberattacked companies have ended up closing down within six months of the attack, as they are unable to meet the high costs, whether derived from the extortion to which they are subjected by cybercriminals, or from the very high costs of the cyberattack. sanctions from the Data Protection Agency that, on occasion, can be as much as fines in excess of 200,000 euros.
This is why companies must give the importance they deserve to the security of their data and implementing cybersecurity solutions to guarantee their protection against possible theft or internal information leaks.
The most common threats faced by a company
During the year 2021 in Spain there was a 125% increase in cyber attacks, and SMEs were the companies most affected by these attacks. More than 60% of the attacks targeted small and medium-sized Spanish companies.
The most frequent attacks that SMEs have to face are:
Phising
Are you familiar with the expression “taking the bait”? Phishing is precisely that, the attempt to “fish” for personal data by deceiving or impersonating a person, company or trustworthy organization.
Phishing attacks start with the receipt of an e-mail.The sender may send an SMS or a direct message on social networks such as Instagram, in which the sender impersonates the identity of a reputable company, including one or several links to a website identical to the real company’s website and in which we are invited to enter our personal data. Usually an e-mail address and a password.
Ransomware
Ransomware attacks have grown dramatically in recent years but have been with us since the 1980s. Ransomware is basically a malware or virus that is introduced into our system through a file (.pdf, .zip, .doc, ….) sent by email, SMS, Whatsapp… and, when downloaded, encrypts our information, making it impossible for us to access the data stored on the company’s computers.
The next step of the cybercriminals will be to ask for a ransom (the payment of an economic amount) to unlock our information.
In recent times ransomware attacks are affecting cell phones, tablets, Smart TV’s and even smart watches.
Ransomware attacks generate real chaos for companies, because while the blockade lasts, the entire company comes to a standstill and does not generate any turnover. In addition, the loss of financial data or sensitive customer data can lead to very high penalties, as we have already mentioned.
Keep in mind that paying the ransom does not guarantee the restoration of all data and systems to their original state, and we may even continue to be subjected to blackmail and threats over time.
Denial of services
This type of attack is aimed at blocking the operation of a company’s systems (website, server, computer network or a simple computer).
These are very common attacks for cybercriminals, but they are also very easy to avoid by installing a suitable firewall.
Denial of Service or DoS (Denial of Service) attacks consist of sending a massive number of requests to the service, with the aim of consuming all the resources it offers, being forced to reject the rest of the requests.
For example, an online store can be completely blocked if a cybercriminal decides to send massive traffic to the store’s website in a short period of time. This will cause the server’s resources to be focused on servicing the malicious traffic until its resources are completely consumed and it goes down.
The economic losses caused by this type of attack can be very high because, until the attack is over, the company’s operations will be completely paralyzed.
Attack on the cloud
With the rise of teleworking, cloud storage and collaborative work have taken on significant relevance in companies and have become a new vein for cybercriminals.
The most popular cloud storage platforms such as AWS (Amazon Web Services), One Drive, Dropbox, Google Drive… are also the most attacked, so many companies are betting on the creation of their own clouds to which only their employees have access.
The most common attacks on a cloud consist of the following Theft of users’ access credentials through phishing or ransomware campaigns, although cybercriminals also try to access the cloud by exploiting vulnerabilities in computers or by taking advantage of poor security configurations and obsolete software.
A successful attack on a company’s cloud can be completely devastating, as all sensitive information and data can be affected, even leading to the total loss of files.
Basic recommendations to prevent computer attacks
According to statistics, 45% of Spanish SMEs fail in cybersecurity, a percentage that increases considerably in the case of the self-employed. This is possibly due to the fact that there is still no clear awareness of the need to protect oneself from this growing criminal modality.
Many freelancers and small and medium-sized Spanish companies see cybersecurity as an added expense to their already strained economies. But nothing could be further from the truth.
Protection against cyber attacks should be seen as an investment in the future. An adequate investment in cybersecurity will ensure that the business can operate with peace of mind, generating trust and a better reputation among its customers.
But how to implement cybersecurity in a company?
Installing a Firewall
A firewall is one of the essential elements to guarantee the protection of any company against a possible computer attack.
A firewall is a system (software or hardware) that will introduce an access control policy in the company’s internal network in order to prevent both intrusions and leaks to the outside.
Install an antivirus or antimalware program.
Antimalware software created to prevent, detect and remediate malicious software on individual computer devices and IT systems.
Protect your passwords
If you are one of those who still use your ID, date of birth, city or the typical 1234… to remember your passwords, you have a serious security problem…
How to create a secure password? For a password to be considered secure it must have the following characteristics:
- Length between 8 and 20 characters. It should never be less than 8 characters.
- Combine uppercase and lowercase letters.
- It must include special characters of the type: – * ? ! @ # $ / () {} = . , ; :
- Avoid blanks
Remembering this type of passwords can be very difficult, so it is highly recommended to use password managers where you can store all your personal and company passwords in the same place with total security guarantees.
Securing your email
Email is the main entry point for malicious software and therefore you should have an email security system that automatically blocks any threat (spam, phishing, APT…).
Most cyber-attacks on companies are initiated by means of the theft of employee access credentialsTherefore, prevent threats from reaching your employees’ inboxes is the key to preventing anyone from falling into the trap of cybercriminals and unintentionally opening your company’s doors to hackers.
Cloud and physical backups
Having backup copies of your information in the cloud is all very well, but it is convenient to have a physical backup copy that is not connected to the network and that is automatically updated periodically. Moreover, if you can and your economy allows it, the ideal is to have several backups in different clouds and at least two physical backups, stored on hard disks located in different offices.
