With the arrival of COVID-19, companies have suddenly had to adopt teleworking, and adapt to the use of digital media in order to function normally.
This boom in online activity has taken place from one day to the next and has led to gaps in security. Generally speaking, companies are not prepared to deal with possible cyber attacks. At the start of the pandemic, the National Institute of Cybersecurity (INCIBE) was already giving warnings about malicious emails that supplanted companies, taking advantage of the sudden technological changes that were and are still taking place in organisations.
The media have highlighted various cyberattacks that have occurred in companies such as Easyjet, where the details of nine million customers were leaked. What does this mean? The information obtained has enabled cybercriminals to carry out phishing attacks on the company’s customers. They know details about travellers and bank details are also accessible, with the risks this implies.
Why are companies targeted by cybercriminals?
For many reasons, from economic interest to political or social motives. In many cases these attacks are directly associated with extortion and the subsequent demand for a ransom in exchange for not damaging the data taken from the organisation.
Did cyberattacks begin with the arrival of the pandemic?
Cyberattacks did not appear with the onset of the pandemic. In Spain, more than 81,000 complaints related to cyberattacks were recorded in 2018, according to INCIBE. According to McAfee, this means that Spanish companies are the target of 400 attacks on average per day. According to INCIBE, they involve an average cost of €50,000 per case.
Observing these figures, we can see that cybersecurity is one of the major challenges that companies currently face, especially taking into account that the number of cyberattacks is expected to increase in the years to come.
Which companies are attacked by cybercriminals?
We tend to think that cybercriminals have a specific company profile in mind but this is not the case. Although we believe that large companies are the main targets, 70% of cyberattacks are aimed at SMEs, 60% of them being forced to close after suffering an attack, according to Kaspersky Lab. It is vital for all organisations that do not have the financial resources to deal with such attacks to understand the risk to which they are exposed, with the company’s continuity being endangered.
How can they protect themselves from this type of attack?
Companies must take preventive measures and seek a solution that covers the damage that can be caused by cybercriminals: business may be interrupted or ceased altogether, customers may be lost and data breached. It is also essential to cover the sanctions envisaged in the Data Protection Act (GDPR), as well as compensation for damage to third parties, such as possible harm caused by viruses, malware, etc. It is essential to be able to respond to the financial damage caused by an incident involving information systems or computer resources, regardless of whether the event originated internally or externally, or whether it was deliberate or accidental.
To deal with these risks the solution is cyber-protection insurance, which offers an effective response to a cyberattack or uncontrolled negligence, enabling you to analyse and mitigate its effects and activate appropriate communication or contingency protocols. In other words, it is an essential data protection tool for any organisation, regardless of its size and sector, a comprehensive policy to address the new challenges inherent in the current digital age, which has been unexpectedly driven by the current healthcare crisis.