Digitalisation multiplies the risk of cybercrimes
The pandemic has accelerated digital transformation and has suddenly integrated it into many of our work, entertainment and consumer habits, but it has also multiplied the risks. Experts with AES and Baker McKenzie analyse the prevention steps to fight against the new cybercrime formulas
The digital transformation began years ago, but it has now experienced a higher acceleration due to the Covid-19 crisis. According to Manuel Rodríguez Reguero, Director of Technology with Prosegur Security and Vocal of the Board of Directors of the Spanish Association of Security Companies (AES), digitalisation may lead to structural changes in our lifestyle, therefore it also requires considering a series of prevention measures.
For Rodríguez, who is also the Coordinator of the cybersecurity area of the AES, one of these measures is “the real and efficient boosting of awareness-raising policies, and the need to implement media and digital literacy, both in school and in business, largely due to the progress of teleworking”. But it is also “necessary to be familiar not only with the use of new technologies, but also with the risks that they entail, and to have basic OPSEC and digital hygiene rules, especially when work life and personal life tend to meld in all areas”.
More sophisticated cyberattacks
Patricia Pérez, Senior Lawyer with the Baker McKenzie offices in Madrid, points out that “currently, with the increasing digitalisation of society and higher rates of teleworking, it is key for companies to strengthen, design and effectively implement proper protocols that include an early-response plan to efficiently take care of cyberattacks, which are more and more frequent and sophisticated, and their consequences”.
According to Pérez, “the prevention plan against cyberattacks should be implemented in the company to verify its efficiency, and simulations can play an important part in this”. These actions “should also include training and awareness-raising for employees to protect the main access paths to the company's systems”. Lastly, she says that “the investment in technology that companies can make with the aim to avoid at least some of these intrusions and cyberattacks, can be achieved either by internal development or by choosing service providers who specialise in cybersecurity in the various activity sectors”.
Hybrid threats
Digitalisation should not make us forget that there are still risks in the physical world, and there is a growing convergence, almost hybridisation, of physical and logical threats, as pointed out by the director of the Spanish Association of Security Companies. “For example, a company action can generate a media campaign in cyberspace that leads to a boycott of the brand or physical protests outside of its offices. But it could also lead to a hacktivism campaign. On the other hand, from cyberspace back to the physical world, a cyberattack against the electricity network, causing a blackout, could be combined with a terrorist attack as modus operandi. Or a person could be murdered by someone hacking into their medical device”.
For Manuel Rodríguez, it is necessary “to implement cybersecurity plans, in order to manage risks and potential crises”. And “to have the capacity, own or outsourced, to detect, analyse and evaluate risks, proposing steps to eliminate or minimise them, and reaching the best response to incidents and the highest possible resilience”.
This expert also highlights the importance of cyberintelligence as a cohesion factor for cybersecurity. “It contributes towards uniting the external (global context, actors, trends) and internal (networks, systems) vision of organisations, as well as to promote an approach based on risks and opportunities, both strategically as well as tactically and operationally”. As he points out, “analysis, studying the cases, extracting lessons learned and detecting good practises are no longer optional in the current context”.