As defined by Kaspersky, a leading provider of cybersecurity solutions and services, it is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. Also known as information technology security or electronic information security.
The Information Systems Audit and Control Association (ISACA ) states that cybersecurity is the “protection of information assets by addressing threats that put at risk information that is processed, stored and transported by interconnected information systems”.
Cybersecurity measures are therefore designed to combat threats to networked systems and applications, which originate from both inside and outside an organisation.
Types of threats
Hackers are constantly looking for loopholes to attack companies, institutions or individuals, and there are different ways they try to breach our digital security.
The main ones are:
- Malware: one of the most common cyber threats, it refers to malicious software, such as worms, viruses, Trojans and spyware, that provide unauthorised access or cause damage to a system. Malware is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer.
- Ransomware: is a type of malware that locks files, data or systems and threatens to erase or destroy the data, or to release private or confidential data, unless a ransom is paid to the cybercriminals responsible for the attack.
- Phishing (identity theft): refers to when cybercriminals attack through emails that appear to be from a known company and request confidential information. This type of attack seeks to get people to provide their credit card details and other personal information.
- Man-in-the-middle attacks: this is an attack by unauthorised eavesdropping. The cybercriminal intercepts and transmits messages between two parties to steal data. For example, on an unsecured Wi-Fi network, an attacker could intercept data transmitted from the victim’s device and the network.
- Social engineering: refers to a tactic that cybercriminals use to trick you into revealing your confidential information. They may ask for a monetary payment or gain access to your confidential data.
Cybersecurity, on the rise with the pandemic
The COVID-19 pandemic forced digital tools to become the centre of our lives, especially due to the lockdown and the need to telework, which also brought an increase in the number of corporate and industrial cyber-attacks, in terms of both volume and complexity.
Cybercriminals are always ready to take advantage of new opportunities.
According to the FBI, cybercrime cases increased with the onset of the pandemic by as much as 300%. This was largely due to the fact that many companies did not have a robust cybersecurity structure in place at the time of the move to remote working.
In addition, many attacks took the opportunity to exploit the pandemic itself, including fake vaccine offers and phishing campaigns.
Cost of crime
The Cost of a Data Breach Report 2021, produced by IBM Security, reflects the high cost businesses incur as a result of such attacks. Thus, the costs of data breaches increased from USD 3.86 million to USD 4.24 million between 2020 and 2021, which is the highest total in the 17 editions of this report.
In this regard, it highlights that costs were much lower for those companies with a more entrenched security posture, and higher for those that lagged behind in areas such as AI and security automation, “zero trust” and cloud security.
Another important finding highlighted in this IBM Security study is that teleworking and digital transformation due to the pandemic increased the total average cost of a data breach.
The percentage of companies where telework was a factor in the data breach was 17.5%. In addition, companies with more than 50% of their personnel teleworking took 58 days longer to identify and contain data breaches than those with 50% or less.
Cybersecurity data in Spain
The 2021 balance sheet of Incibe, the National Cybersecurity Institute, remarks that 109,126 cybersecurity-related incidents were managed, of which 90,168 were from individuals or companies, 680 from critical and strategic operators, and 18,278 from the RedIRIS (academic and research network). In addition, there were 21,946 new documented vulnerabilities.
During the past year, the highest number of incidents in Spain was the result of malware, with 29.88%, followed by fraud, with 28.60%. In this section, Incibe includes the unauthorised use of resources using technologies and/or services by unauthorised users, such as identity theft, infringement of intellectual property rights or other economic trickery.
The remaining incidents are distributed between Vulnerable systems, which are failures or deficiencies of a system that allow access to information, with 18.89%, and other incidents (22.63%), which includes intrusion, attempted intrusion, abusive content, information theft, availability, information harvesting, etc.
The cost of cyber-attacks in Spain has doubled over the last year and stands at an average of 105,655 euros for the Spanish companies that have endured them, many of which ceased to be operational and lost customers after suffering such an attack, according to the annual report on “Cyber Readiness Report 2021”, by the insurance company Hiscox.
This study notes that the average cost suffered by Spanish companies as a result of cyber-attacks is higher than the world average, at 78,409 euros.
In addition, more than half of Spanish companies have been the victim of a cyber-attack (51 %), with an average of 84 attacks per company.
In fact, one in six companies affected last year said the attack had threatened the viability of their business.
Within this section, a final note indicated by the report entitled Cyberthreats and Trends 2021 drawn up by the National Cryptological Centre of Spain points out that 61% of cyber-attacks over the past year have been “high risk”.
Around the world
The Trend Micro Smart Protection Network report provides an overview of cybersecurity threats around the world. The Trend Micro cybersecurity company reports that 94,289,585,240 threats managed to be blocked in 2021.
The report highlights that critical industries such as governments, banking and health services were the most heavily attacked.
Meanwhile, the cybersecurity firm Tenable says in a report that ransomware (digital blackmail) groups operate as small start-ups, offering their services to clients, allowing them to be used by cybercriminals who lack technical expertise.
According to the data provided by Tenable, in 2020, criminal groups using this technique would have earned a collective $692 million from their attacks, an increase of 380% over the previous six years combined.
Cybersecurity within everyone’s reach
Incibese sends a message about the need to carry out a series of cybersecurity practices, which do not require great knowledge about computers or networks, nor very advanced technological equipment; all that is needed are the devices, common sense and following a series of tips, which Incibe itself compiles in a guide, Guía de Ciberseguridad (Cybersecurity Guide). Cybersecurity within everyone’s reach.
This guide details the different steps that must be taken to keep both the devices and the information (data, photos…) that we have stored digitally protected.
These tips range from always keeping devices up to date with the latest versions of their operating systems, having an antivirus, having strong passwords, surfing the internet securely, and avoiding different types of fraud.
However, the public is demanding education and training on cybersecurity, as seen in the latest Microsoft Online Civility Index, where nearly 9 out of 10 respondents, across all genders and age groups, said that better education and training on how to make the digital world more secure would be needed.
Perception of security
The public’s perceptions of online security vary according to gender. Thus, adolescent boys and men surveyed are the ones who, in general, reported being less exposed to online risks than girls.
Teenage boys reported encountering 5% less unwanted trolling and sexting, and 3% less hate speech, compared to the previous year’s results (2020).
In contrast, adolescent girls and women respondents reported being more exposed to online risks, the consequences of which they say also have a greater impact. Thus, women experienced almost 60% of all reported risks in 2021.
Cybersecurity of the future
The battle between hackers and cybersecurity will continue to rage in the coming years. Hackers are constantly looking for loopholes to exploit their malicious techniques, using more sophisticated systems and forcing security to constantly evolve.
For this reason, cybersecurity must try to stay ahead of the curve, for which it has a decisive instrument in the form of Artificial Intelligence. This is a technology that can provide great solutions to cybersecurity breaches, but it can also become a weapon for cybercriminals.
Whether it is Artificial Intelligence or Machine Learning software, they have the ability to ‘learn’ from the consequences of past events, and thus identify cybersecurity threats.
In fact, more and more companies are incorporating Artificial Intelligence into their defence systems in search of AI-based methods to facilitate real-time analysis and decision-making for rapid detection and reaction to cyber-attacks.
In addition, Artificial Intelligence is being used to develop systems that adapt automatically in order to respond to cyber-threats.
