Nine out of ten Spaniards recognize that they need training in cybersecurity, according to the Study on perception and level of trust in Spain: how citizens are protected against cyber risks, prepared by the public observatory specialized in cybersecurity ObservaCiber, coordinated by the National Observatory of Technology and Society (Ontsi) and the National Institute of Cybersecurity (Incibe), dependent on the Ministry of Economic Affairs and Digital Transformation through the Secretary of State for Digitization and Artificial Intelligence.
With the aim of analyzing the cybersecurity situation as well as recommending the best habits and behaviors to avoid being attacked in the virtual field, Diálogos en La Vanguardia, with the collaboration of BBVA, brought together cybersecurity experts online last week Alejandro Figueroa, Director of Cybersecurity and Fraud at BBVA Spain; Manel Medina, professor and director of the Master's Degree in Cybersecurity Management at the UPC-School of the Polytechnic University of Catalonia (UPC), and Maria Ponce, collaborating professor at the Open University of Catalonia (UOC).
The participants at the dialogue table agreed that the pandemic precipitated the technological transformation of most of the activities carried out by citizens, exponentially increasing teleworking, administrative procedures, online training or electronic commerce, without in many cases the population, companies and institutions were sufficiently prepared to face the risks involved in protecting their digital security.
“During the pandemic, different functionalities of the physical world were migrating at an accelerated pace to the digital channel, increasing the attack surface for cybercriminals, while the speed of digital adaptation did not advance homogeneously at the same speed around security measures. necessary cybersecurity for an adequate delivery to customers in terms of cybersecurity”, explained Alejandro Figueroa.
"Many doors were left open without taking into account the risk involved, for example, connecting to systems remotely," explained Professor Maria Ponce. Professor Manel Medina also added another issue to take into account: "Home networks today still do not have the same protection mechanisms as corporate networks." According to Incibe data, last year 109,126 related incidents were recorded in Spain with cybersecurity, 29% of which through malware –malicious software– followed by various variants of fraud, such as phishing –through email–, smishing –by SMS– or vishing –from a phone call–, which are the main frauds carried out in the digital field, according to experts. "Phishing attacks have increased and cyberattacks are the main entry point," Medina confirmed.
UPC professor Manel Medina pointed out that "ransomware -which prevents users from accessing their system or their files if a ransom is not paid to gain access to them again- is becoming widespread" in recent months. Attacks involving “massive data theft” and “denial of service attacks” are also becoming more frequent. Among the latter, the expert recalled "the one suffered by the Instagram, WhatsApp and Facebook applications in October 2021, which they could not solve until after two hours because the technicians could not access the calculation centers where some of their DNS servers to be able to repair the damaged system”.
Digital scams proliferate, since "behind these crimes is the social engineering component, which focuses on establishing a relationship of trust with the victim, supplanting well-known organizations and companies," said the director of cybersecurity and fraud for BBVA Spain. For this reason, his first recommendations when it came to preventing this type of deception were those related to behavior, among them, "never provide confidential information through a link, call or SMS, since they are the main sources of risk. ; check the sender of the communications well and suspect those that convey urgency or fear or contain spelling errors.
Regarding the security of the devices, Alejandro Figueroa advised, among other basic measures, "always have an antivirus installed and properly updated, not only on the computer, but also on the mobile or tablet, with specific antivirus, as well as maintain updated the operating system which also fixes security bugs. Professor Maria Ponce also recalled that “the same password should not be used for all accounts”, to which Professor Manel Medina added that “there are Have I Been Pwned tools that reveal to you if someone has stolen a password associated with an identifier of user". The expert also suggested “be careful with shortened messages, and before visiting applications such as total virus that allow you to check if someone has reported it as fraudulent. Finally, he insisted on the need to "have the help of experts to know who to turn to and what we should do to recover our devices or our information if that is the case."
Regarding the protection of digital identity, the director of cybersecurity and fraud at BBVA Spain warned that "care must be taken with the information that we expose publicly". To check what data is exposed, the expert recommended periodically carrying out what is called egosurfing, which consists of "searching for your own name in the web browser to review it." Connecting to free wireless networks can also pose a risk, which is why Figueroa advocated "protecting yourself by installing a VPN virtual private network to establish a secure connection between the device and the network." One way to suspect that we are being spied on, according to Maria Ponce, is "perceiving that our telephone conversations have audio feedback."
Another indication is "check if the battery or the data of our devices are running out quickly", in the opinion of Manel Medina. Despite all these concerns, Figueroa stressed that, due to the increasing sophistication of espionage software, "it may not be easy to notice that someone is the victim of a cyberattack of this type."
The cybersecurity sector advances to protect digital activities, thanks to the development of technologies of the Fourth Industrial Revolution, among which experts highlight artificial intelligence (AI). "AI can be used to detect abnormal behavior," says Manel Medina. “There are applications with artificial intelligence that make use of big data to protect the person, carrying out an exhaustive analysis of the behavior of the user and the terminal”, agreed Professor Maria Ponce. “Good monitoring, using biometric patterns, allows us to detect if someone, be it a person or a robot, is trying to impersonate our clients”, Alejandro Figueroa gave as an example.
At BBVA, "cybersecurity is a strategic priority, one of the main elements of digital transformation", highlighted the director of cybersecurity and fraud for BBVA Spain, Alejandro Figueroa, at the end of the debate. From the financial entity, they transmit "information regarding the risks to which they are exposed in the virtual environment" and offer "advice through the different points of contact with customers, including the website and the app, communications by email, webinars, face-to-face sessions of specific training in cybersecurity”.
