In our ever changing world we are faced with a new scenario in which information is accessible in real-time from any device, anywhere. This has led to a rise in the number of powerful cyberattacks. New words such as cyberthreats and cyberincidents are also increasingly common. World Cybersecurity Day is held on November 30 and, today, we wish to review the current situation and the importance of working together to protect ourselves.
In recent years, we have got used to hearing news about the number of cybersecurity incidents. No institution, company or even state is risk-free , and proof of this are the cases of possible external influences in a number of political events (USA elections, Brexit, Catalonia); massive leaks of personal data and confidential information (Equifax, Yahoo, Deloitte, Uber); or the hijacking of devices and information on a global scale (the wannacry case that affected companies like Telefónica). These are only the most recent and the most widely known cases, but figures provided by organizations that are committed to responding to security incidents such as Enisa, US-CERT, CCN-CERT, Incibe or AndalucíaCERT speak of thousands of cyberincidents occurring each year. For example, in their last activity report, CCN-CERT (National Cryptology Center) saw the number of annual incidents that were managed rise by 14.5 %.
“Word Cybersecurity Day reminds us of the importance of working together to protect ourselves from cyberthreats and take care of the information we handle.
We must be aware that following each cyberincident, ultimately the victims are the people. Citizens, clients or employees suffer the consequences after cyberthreats occur. Therefore, we all have to take responsibility to protect the information and the services that are provided. Basically, it comes down to preserving the wellbeing and the economic development of countries and people.
On September 13, the President of the European Commission (EC), Jean-Claude Juncker, stated that “[…]Europe is not yet adequately equipped to defend itself from cyberattacks […]” and, as a result of this, cybersecurity remains one of the strategic pillars of the development of the Union in the years ahead (the ‘Digital Agenda’ for Europe), which is on the same level as the creation of jobs and the energy and trade policies of the EU.
A number of initiatives have also been developed in the corporate environment with a view to improving security. More and more companies have cybersecurity departments and integrate initiatives into their corporate strategies to improve the protection of their data.In this regard, Abengoa is no exception. We are aware of the cyberthreats and new risks to which we are exposed on a day-to-day basis. Innovation has always been a key pillar in Abengoa, and the same can be said of Information Technology (IT), enabling employees to have agile technological solutions that allow greater mobility and better productivity. This new scenario that we are faced with is one in which information must be accessible in real-time from any device, anywhere and this brings with it a greater exposure to new and powerful threats.
From a purely IT viewpoint, we maintain a wide range of protective measures for our systems which has allowed us to prevent incidents from occurring (for instance, there are some 49,000 threats detected each year and 54,000 malicious emails blocked each day), as well as the early detection of sophisticated cyberattacks.
“ An active participation entails being extremely alert to the slightest suspicion and then reporting it through the appropriate channels.
Nevertheless, we must all be aware that technical measures do not offer us 100 % protection, which goes to prove that the best effectiveness is achieved from:
- The human factor, whereby there is an active participation on the part of employees in the protection of information. We all must be extremely alert to the slightest suspicion and then report it through the appropriate channels. To this end, training and awareness programs are developed to provide employees with as much knowledge as possible in this area.
- Collaboration between all the parties involved; institutions, companies and the internal areas of a company. In this way the sharing of information, knowledge and resources is achieved much more effectively and has more far-reaching global effects to improve the protection and response to cyberattacks.
In summary, the key to keeping our organizations safe, preventing cyberincidents and quickly resolving those that occur is to understand that Information Security is a responsibility shared by all.
We will continue working to make improvements!
Patricio Muñoz García. Director of User Services, Systems and Cybersecurity at Abengoa
