The pandemic has led to the implementation of teleworking and a greater demand for online services, which have been a great challenge for the digitalization of companies. The increasing automation of processes has increased awareness of the need to protect data stored in electronic systems, but at the same time it has increased the appetite of hackers to capture user information and use it for their benefit. Thus, 94% of companies have suffered at least one serious cybersecurity incident throughout 2021, according to the study The current state of cybersecurity in Spain. Post pandemic: an unexplored path, made by Deloitte.
César Martín Lara, partner in charge of the consulting firm’s Cybersecurity area, assures that this field is, more than ever, a necessity for organizations. The annual average of cyberattacks suffered in 2021 has risen 26% compared to the previous year, according to Deloitte. “The increased awareness of companies about the importance of digital risks has resulted in them allocating a larger budget to cybersecurity and raising awareness among their employees. Despite this progress, however, there is still a long way to go”, says the expert.
The report maintains that 66% of the companies consulted review at least half of the applications in their business that they consider to be the most vulnerable. And of these, 21% are fully examined. The analysis of cyberattacks by area reflects a heterogeneous reality: insurance, telecommunications and banking are the sectors that register more than two incidents on average per year.
Deloitte shows that there is a relationship between the average number of incidents received by companies and the budget they dedicate to cybersecurity. In general, the organizations that bill the most are the ones that invest the most in these departments, but they also tend to be the most attacked, due to the greater potential impact that a breach can cause.
Companies are aware of the need to be prepared to deal with incidents, which is why they increasingly carry out simulation exercises, in addition to training all employees in this area. A practice that has grown in recent years and is carried out by 61% of companies. For Miguel Olías de Lima, a cybersecurity specialist at Deloitte, the training of employees in the identification and reporting of phishing it’s crucial. This fraud technique, which is based on sending emails that appear to come from trusted sources but are actually intended to manipulate the user, is the entry vector for a large number of cyberattackers. “Companies that provide more than 20 hours of training to their employees have received only 15% of the incidents suffered in the last year, which shows the importance of raising awareness among workers on this matter,” he says.
He knows in depth all the sides of the coin.
The cloud, a way of storing data in virtual spaces, is already a reality for a large number of companies, while for others it continues to be a challenge within their digital transformation plan. However, 19% of the companies surveyed that have these services still do not have a defined minimum strategy. Due to the pandemic, many companies have been forced to look for quick and easily accessible solutions to be able to carry out their activity remotely. “This transition has been made abruptly and, in most cases, without being able to plan a cybersecurity strategy in advance. In any case, many of them are immersed in this definition or will do so in the short term”, explains the report.
George Holan is chief editor at Plainsmen Post and has articles published in many notable publications in the last decade.