Cyberattacks Pose Increasing Threat to Spanish SMEs in 2024
A report highlights a dramatic rise in cyberattacks against small and medium-sized enterprises in Spain, with financial implications potentially reaching €50,000 on average per incident.
In 2024, cyberattacks on small and medium-sized enterprises (SMEs) in Spain have become increasingly prevalent, positioning these businesses among the most vulnerable sectors.
According to Hiscox's Cyber Preparedness Report 2024, 96% of Spanish companies, including SMEs, experienced some form of cyberattack in the past 12 months, with 66% reporting an increase in the frequency of these incidents.
The average financial loss from cyberattacks is estimated at €50,000 for smaller businesses, and it can escalate to €5 million for larger corporations.
As the digital landscape grows more complex and threatening, cybersecurity has emerged as a crucial component for the survival and success of companies.
Despite existing as a strategic investment rather than merely a cost, only 20% of businesses are reported to have a good level of cybersecurity maturity, according to Deloitte's State of Cybersecurity in Spain report.
Experts like Laura del Pino, head of Information Security at BBVA Spain, emphasize the importance of treating cybersecurity as an investment.
She highlights that organizations well-prepared to manage security risks are more likely to thrive in the digital world.
Del Pino points out that a common misconception among businesses is the belief that they are not potential targets for cyberattacks.
This false sense of security is a significant barrier that companies must overcome.
Any device connected to the internet, from computers to security cameras and climate control systems, is susceptible to attack, especially those retaining default passwords, making them easy targets for cybercriminals.
While SMEs may randomly be selected by cybercriminals, it's observed that attackers often target the most vulnerable companies.
Common methods include identity theft and massive scanning of internet-exposed systems, which can provide entry points such as remote working systems, email servers, and websites.
Furthermore, some companies may be indirectly affected through their smaller, less secured suppliers, known as supply chain attacks.
Del Pino advises that it is essential for organizations to hold their suppliers to the same security standards they uphold.
Common cybersecurity threats targeting businesses include identity theft, ransomware, and corporate email compromise, often referred to as ‘CEO fraud’, which disproportionately affects SMEs.
Phishing attacks, where cybercriminals impersonate businesses or trusted individuals to deceive victims into disclosing personal information or downloading malicious files, are particularly prevalent.
Ransomware has proven especially damaging, as it renders company files inaccessible until a ransom is paid for their release.
According to S21sec's Threat Landscape Report, Spain has moved up three positions to fifth in the global ranking of countries most affected by ransomware, with 58 recorded incidents, representing a 23% increase compared to the same period in 2023.
The report indicates that internal threats can also arise, whether through accidental mistakes or malicious actions by employees.
Companies are urged to focus on employee training and awareness, applying the principle of least privilege, where individuals only have access to information necessary for their work.
The deployment of artificial intelligence by cybercriminals has further complicated detection, making attacks more precise and harder to identify.
These statistics underscore the urgent need for SMEs to invest in cybersecurity to ensure operational continuity.
In response to these threats, businesses are advised to take preventive measures, including conducting risk assessments, implementing basic security packages with employee training, utilizing up-to-date antivirus software, and ensuring legal software use, along with establishing backup systems.
Del Pino stresses the importance of secure VPNs for remote work and two-factor authentication to safeguard system access.
Cybersecurity is particularly paramount in the banking sector, crucial for maintaining customer trust.
BBVA employs various security measures, including two-step authentication and 24/7 monitoring using artificial intelligence to detect and stop suspicious online activities.
Beyond online banking security, BBVA has also made cybersecurity courses accessible via coursera.org and offers cyber insurance for businesses to mitigate potential damages resulting from cyberattacks.
According to Hiscox's Cyber Preparedness Report 2024, 96% of Spanish companies, including SMEs, experienced some form of cyberattack in the past 12 months, with 66% reporting an increase in the frequency of these incidents.
The average financial loss from cyberattacks is estimated at €50,000 for smaller businesses, and it can escalate to €5 million for larger corporations.
As the digital landscape grows more complex and threatening, cybersecurity has emerged as a crucial component for the survival and success of companies.
Despite existing as a strategic investment rather than merely a cost, only 20% of businesses are reported to have a good level of cybersecurity maturity, according to Deloitte's State of Cybersecurity in Spain report.
Experts like Laura del Pino, head of Information Security at BBVA Spain, emphasize the importance of treating cybersecurity as an investment.
She highlights that organizations well-prepared to manage security risks are more likely to thrive in the digital world.
Del Pino points out that a common misconception among businesses is the belief that they are not potential targets for cyberattacks.
This false sense of security is a significant barrier that companies must overcome.
Any device connected to the internet, from computers to security cameras and climate control systems, is susceptible to attack, especially those retaining default passwords, making them easy targets for cybercriminals.
While SMEs may randomly be selected by cybercriminals, it's observed that attackers often target the most vulnerable companies.
Common methods include identity theft and massive scanning of internet-exposed systems, which can provide entry points such as remote working systems, email servers, and websites.
Furthermore, some companies may be indirectly affected through their smaller, less secured suppliers, known as supply chain attacks.
Del Pino advises that it is essential for organizations to hold their suppliers to the same security standards they uphold.
Common cybersecurity threats targeting businesses include identity theft, ransomware, and corporate email compromise, often referred to as ‘CEO fraud’, which disproportionately affects SMEs.
Phishing attacks, where cybercriminals impersonate businesses or trusted individuals to deceive victims into disclosing personal information or downloading malicious files, are particularly prevalent.
Ransomware has proven especially damaging, as it renders company files inaccessible until a ransom is paid for their release.
According to S21sec's Threat Landscape Report, Spain has moved up three positions to fifth in the global ranking of countries most affected by ransomware, with 58 recorded incidents, representing a 23% increase compared to the same period in 2023.
The report indicates that internal threats can also arise, whether through accidental mistakes or malicious actions by employees.
Companies are urged to focus on employee training and awareness, applying the principle of least privilege, where individuals only have access to information necessary for their work.
The deployment of artificial intelligence by cybercriminals has further complicated detection, making attacks more precise and harder to identify.
These statistics underscore the urgent need for SMEs to invest in cybersecurity to ensure operational continuity.
In response to these threats, businesses are advised to take preventive measures, including conducting risk assessments, implementing basic security packages with employee training, utilizing up-to-date antivirus software, and ensuring legal software use, along with establishing backup systems.
Del Pino stresses the importance of secure VPNs for remote work and two-factor authentication to safeguard system access.
Cybersecurity is particularly paramount in the banking sector, crucial for maintaining customer trust.
BBVA employs various security measures, including two-step authentication and 24/7 monitoring using artificial intelligence to detect and stop suspicious online activities.
Beyond online banking security, BBVA has also made cybersecurity courses accessible via coursera.org and offers cyber insurance for businesses to mitigate potential damages resulting from cyberattacks.
Translation:
Translated by AI
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
