Having updated intervention and response protocols is essential to ensure protection against a cyber attack. However, only between 15% and 19% of Spanish Chief Information Security Officers (CISO) regularly test their recovery and response plans.
Do you remember the wave of cyberattacks that shook the Spanish business landscape in the first half of this year? Iberdrola, Banco Santander, Telefónica… Even we at Ciclogreen were victims. These cybercrimes reminded us of an uncomfortable truth: even companies with the most robust security protocols are vulnerable. But they also revealed another reality: the damage was minimal. The reason? Security plans that go beyond mere prevention.
How many companies are truly prepared to respond to a cyber attack with guaranteed success? This is the key question. Prevention is crucial, no doubt, but what happens when it fails? At that moment, intervention and response protocols have to come into play.
Surprisingly, few companies are really ready to respond to a cyber attack successfully. An IDC study reveals that only between 15% and 19% of Spanish Chief Information Security Officers (CISO) regularly test their recovery and response plans.
And if this is not enough to make us reflect, consider another fact: according to Telefónica Cyber Security Tech, 60% of European SMEs are forced to close within six months after suffering a cyber attack. How many of these companies that closed their doors could have been saved if they had had an adequate response plan? As the saying goes, the question is no longer if we will be attacked, but when. And when that moment comes, will we be able to respond effectively?
A worrisome context
The National Cryptologic Center offers us a worrying statistic that keeps us up at night: Spain recorded a total of 940,776 cybercrimes in the first nine months of 2023, an increase of 21.5% compared to the previous year. But quantity is not the only worrisome thing. The sophistication of these attacks is increasing, as is their success rate.
Cybercriminals are no longer just trying to “assault the main fortress,” but now they target the weakest links. Supply chains and business partners have become their primary targets. Why? Because they are often the perfect entry point to infiltrate other more robust systems.
Your company may have an impenetrable firewall, but what if the provider handling your customer data has a security breach? It’s like having a reinforced door at home but leaving the basement window open.
The most common cyberattacks
Phishing, ransomware, software vulnerabilities, or denial of service (DDoS) are some of the most common cyberattacks. Imagine arriving at the office on a Monday morning to find that all your files are encrypted. And on the screen, a message: “Pay up or kiss your information goodbye.” Welcome to the world of ransomware.
Or think of that message that a coworker (or yourself) has surely received: “Dear user, your account is at risk. Click here to verify your identity.” Does it sound familiar? If you have ever received it, you have been the target of a phishing attack. And if you have fallen for it, like thousands of people worldwide do every day, you are a victim who can put your company’s security and that of its business partners at risk.
At this point, the most urgent thing is not to look for culprits. The top priority must be to contain the damage and restore the systems as soon as possible.
How can companies improve their response capability?
At Ciclogreen, when we suffered the attack, we faced it with the confidence of having a detailed and tested incident response plan. This plan, which every company should consider today, is based on seven points:
Identification and quick containment: Detect the threat and isolate it fast.
Strategic disconnection: Unplug affected devices from the network. It’s like quarantining a contagious patient.
Backups: Remember when your mother told you always to have a plan B? Well, this is the B, C, and D plan for information.
Additional technical actions: From blocking suspicious accesses to updating firewalls.
Notification to the affected: Transparency is essential, and the law requires it. You must inform the affected parties and the relevant authorities.
Deep investigation: We put on our Sherlock Holmes hat to understand how, when, and where we were attacked.
Future prevention: We learn from the experience and strengthen our defenses.
Does it seem like a lot of work? It is. But in today’s digital world, it is a necessity. The question is: Is your company ready to respond to a cyber attack as quickly and effectively?
The future of cybersecurity: Prepared, united, and resilient
While, as we have already pointed out, prevention is fundamental, it is not always possible to avoid attacks completely. Cybercrime has become the world’s third-largest economy, a criminal activity that will grow between 25% and 30% this year.
So, what do we do? Do we give up? It’s time to change our mindset and prepare for the inevitable. Every company, from multinational corporations to small businesses with fewer than 50 employees, needs a detailed, tested, and regularly updated response plan. The upcoming NIS2 regulation scheduled for October expands the profile of companies affected by it and also includes smaller ones with the aim of creating a higher level of cybersecurity and adapting to the growing cyber threats.
In this hyperconnected world, our security is only as strong as the weakest link in our chain of business partners. Collaboration is more necessary than ever. Sharing knowledge, best practices, and new technologies not only makes us stronger individually but also elevates the entire cybersecurity landscape.
The real victory is not in avoiding every attack but in being so resilient that no cybercriminal can bring us down. We cannot afford to be part of that 60% of companies that close after suffering a cyber attack. It’s time to prepare, unite, and come out stronger from every challenge. The future of cybersecurity is in our hands. Is our business fabric ready to face it?
Opinion article by Gregorio Magno, CEO of Ciclogreen.