The year 2018 began, from the point of view of cybersecurity, with two major issues: the Meltdown and Specter vulnerabilities, whose impact will be felt even in the coming months; and the security incidents related to cryptocurrency, which started to be news at the end of last year. In the first case, it is a problem of security in the architecture of processors of massive use of manufacturers such as Intel, which form the core of our personal computers, smartphones and other devices. In the second case, the threat comes from the fact that the criminals have seen in the cryptocurrencies a good opportunity to obtain benefits easily and quickly, devoting many efforts to these attacks. But it is not necessary to go into detail, or be experts in computer science or cybersecurity, to notice the growing threat.
The fact is that, according to the Ministry of the Interior, in the first two months of 2018 there have been more incidents of cybersecurity in critical infrastructure than in all of 2014, detecting 125 cases until March, compared to 63 four years. Most of the incidents have been attempts to scan network or attacks with malicious programs to damage computer equipment. In addition to attacks with what is called malware, the most numerous typology in the detected events has been spam or the theft of information, according to the data provided.
However, the world of security is very broad. We should not only think about intentional cyber attacks. Computer systems and the valuable data they contain may also be affected by a manufacturing defect. Other factors that threaten security are natural disasters, supply failures or attacks. The point is to understand that security is never guaranteed 100% and that, increasingly, our lives and our businesses depend on the information stored in the different computer systems.
Therefore, it is essential to have the methodology and the preparation to face the threats, whatever type they may be. Popular wisdom tells us that “prevention is better than cure”. Certainly, it is much better to be prepared to prevent something bad from happening, than to have to look for a solution once it has happened. And this is applicable in both the physical and the digital world. The main thing is to be prepared when something happens. In the case of companies that are dedicated to managing the computer systems of other companies or organizations, have an action plan that guarantees the continuity of the business of the clients.
Seen as the year has begun, it is clear that Spanish companies need a greater investment in security. Cyber attacks are not a passing fad, nor are security problems punctual. The incidents occur every day, affecting numerous companies, and they will continue to happen. For many companies there is still a great improvement path in this area, and it is not recommended that they neglect it. The companies do not have to fall into the alarmism, but much worse would be that they remained idle, waiting, fortunately, not to be affected.
How much does an organization value the peace of mind of having its systems protected? Having a simple, automated and safe procedure that allows us to be calm that no cyber attack can easily destroy it is within reach of any company. Investing in protecting information is the best investment a company can make. The first recommendation in this sense is basic, and it happens that customers have their infrastructures in cloud companies that offer them guarantees. The information has to be, for security, in different infrastructures and in different geographies. Duplicating the platforms where our critical data is stored means minimizing the risks. Anyone whose mobile phone has been stolen at any time, or who has lost it or broken it, will understand this perfectly. The difference between having a backup copy of all the information stored in the mobile phone or not having it is the difference between tranquility and despair. What’s the price of this? Moving this example to the information stored by a company is simple. The conclusion, as we have seen, is that prevention is better than regret.
Once the first step is taken, it is important to have an action plan, which will depend on the characteristics and needs of each organization. With a very small investment it is possible to propose the most appropriate cybersecurity measures, so that companies can focus on their business, avoiding scares and greater evils.