Undoubtedly, cybersecurity must be one of the main aspects companies must look after. It is important in any company, big or small, because the damage caused internally can be huge, especially in companies with limited resources, since malicious attacks could mean the end of the business. Therefore, today we take a look at the situation of Spanish SMEs to see how they can improve in this regard.
A company of any size must protect themselves from rising cyberattacks. This will require them to take a number of important steps and to make changes in the way they work, which can be cumbersome but is also strictly necessary.
Within this current scenario, companies do not stand alone in their fight against cybercrime, since they are increasingly supported by national agencies and also at continental level, by adopting new measures like new laws or creating specialized agencies.
From now on, we will dive into the current situation of Spanish SMEs in terms of cybersecurity. To do so, we will rely on the study conducted by Google, Current overview of Cybersecurity in Spain. Challenges and opportunities for the public and private sector.
The Spanish Administration and cybersecurity
Governments and European entities are implementing measures to curb the rise in cybercrime, both through laws and by creating organizations specifically dedicated to this purpose.
According to Google, Spanish political parties are increasingly considering the issue of cybersecurity during their election campaigns, with most making clear proposals on the subject.
Beyond election promises, there is a clear European and Spanish legal framework on cybersecurity, based on of the following laws and directives:
- Regulation (EU) 2019/881: takes the first steps towards the creation of the European Union Agency for Cybersecurity (ENISA) and the certification standard for ICT cybersecurity within the European Union.
- Royal Decree-Law 12/2018, on network and information systems security.
- The National Cyber Security Strategy from 2019.
One of the main challenges that experts face when regulating cybersecurity is the fact that cyberattacks can come from anywhere in the world, a major obstacle in terms of legal jurisdiction. Furthermore, identifying the origin of most attacks is still extremely complex.
Concerning the main specialized cybersecurity bodies, we have:
The National Cryptologic Center of the National Intelligence Center (CNI), in charge of the Public Sector.
Spain’s National Institute of Cybersecurity, focusing on individuals and companies
National Center for Infrastructure Protection and Cybersecurity, focused on utility companies (e.g., electricity, water, gas, etc.)
The Joint Cyber Defense Command, aimed at the Spanish army systems.
Although each agency has certain defined competencies, their coordination is key towards achieving an adequate level of cybersecurity in the country.
Most common cyberattacks to Spanish SMEs
Changing trends in cyberattacks
There is a shift in the tendency of cyber-attacks, from targeting large companies and multinationals to targeting SMEs. This means that the nature of these attacks are also changing. These are now carried out on a mass scale and have less technical complexity, since SMEs tend to have lower levels of readiness to face them.
Besides, fewer and fewer hackers are launching cyberattacks just for fun, as most of them are looking for a way to make money out of it. Another important aspect to highlight is that most cyberattacks require user interaction, so criminals take advantage of their limited knowledge or lack of skills in cybersecurity.
Significant figures
Regarding SMEs, most attacks are related to:
- Ransomware.
- System hijacking.
- Information leakage and cyber-scams.
What economic impacts do cyberattacks have on small businesses?
A cyberattack can cost around 75,000 euros on average. Nationwide, these amounted to 14 billion euros in losses, including big companies and SMEs.
For SMEs, the average cost of a cyberattack is 35,000 euros, which means that 60% of these businesses are shut down within 6 months. Nevertheless, cyberattacks are not just financial losses, they also lead to a decline in the company’s prestige, becoming more vulnerable in the eyes of customers and in the business environment.
Level of cybersecurity in Spanish SMEs
Throughout this report, some studies are used to find out the level of cybersecurity in Spanish SMEs, for example the American technology consultant Bit Sight, which states that Spanish companies are below the European average level in terms of cybersecurity measures. Information is also collected from “The Vodafone Cyber Ready Barometer 2018“, which describes Spain as “reactive” in cybersecurity, although there is much room for improvement.
Although these conclusions are useful for getting an overview of the level of digital security in Spanish society, they were not helpful for studying the SMEs, so a survey was carried out with 720 companies.
From these companies, the main protection measures they took against cyberattacks were
- Two-factor authentication.
- https protocol.
- Device update.
- Password change.
- SSL certificate (e-commerce).
- Two-factor authentication system for payments (e-commerce).
- Cloud storage.
A major area for improvement is the need for concrete rules on cybersecurity, as well as a specific policy, with well-defined protocols for action.
How do workers behave when it comes to cybersecurity
We have previously talked about the need for involuntary collaboration by employees for a cyberattack to be successful. Therefore, we will need to analyze how they act against possible threats or determine their level of readiness.
The Google SME survey mentioned above draws the following conclusions:
- 30% of IT managers believe that workers are well aware.
- 60% of SMEs restrict access to sensitive information
- In the case of teleworking, in 48% use remote desktops and 44% use cloud technology.
- There is a clear lack of cybersecurity training for workers.
- As a result of these training gaps, many people would not know how to deal with an incident.
Digital signature and cybersecurity in SMEs
Once analyzed the panorama of Spanish SMEs in terms of cybersecurity, it is clearly necessary to adopt measures to strengthen their protection level against digital threats.
Digital signatures are one of those cybersecurity solutions, it’s a tool that will hold back cyberattacks that affect identification and document management.
It also helps to prevent fraudulent documents, since it’s extremely difficult to forge given its complex cryptographic procedure. Besides preventing identity theft, digital signatures protect users from any document alteration after being signed, providing undeniable evidence that will allow revoking them if necessary. In this way, for example, changing the terms of a contract or agreement will be impossible once electronic signed, so we will never be affected if someone tries to do so.
Furthermore, it allows the use of cloud technology for its safekeeping, including digital certificates which are sometimes required. This will allow strong authentication measures for access, the so-called strong authentication.
In short, we are facing a situation in which small and medium-sized Spanish companies must be careful with regard to their own cybersecurity. This is an area in which they still have a lot of room for improvement. We hope that this development will speed up as a result of the current health crisis, which has led to an increase in cyber-attacks to levels that are still hard to quantify.
At Viafirma we offer 100% secure e-signature and authentication solutions for SMEs, covering most of their cybersecurity needs while fully adapting to their requirements and processes.