Cyber attacks plague small and medium-sized businesses (SMEs). The technological acceleration of the last year has highlighted the lack of tools and education to face threats on the Internet. And cybercriminals are taking advantage of this situation. This is what Marco Lozano, head of security services at the National Cybersecurity Institute (Incibe) believes. In 2020, this body handled 133,155 incidents, 24% more than in the previous year. Among the most affected, Lozano points out, are small companies and the self-employed. To protect themselves against threats that can cost thousands of euros, an entrepreneur must dedicate between 500 and 800 euros per month to the management of these services.
“Many companies have had to adapt quickly to the digital age without having made a previous improvement [en la privacidad de sus equipos]”, Says Rubén Vega, an expert at Excem Technologies, a specialist cybersecurity firm. Before the outbreak of the pandemic, 67% of Spanish SMEs lacked specific security protocols, training or clear policies on internet security, according to Google’s analysis Current panorama of cybersecurity in Spain.
However, after a year of health crisis, the situation has not improved either. More than 75% of cyberattacks target this segment because it is not committed to the security of its systems, highlights Luis Pérez, from the consulting firm Nuvix Consulting. “It is estimated that the losses suffered by an attack are between 3,000 and 75,000 euros,” he adds. The health of companies and their future are therefore linked to the strength of their IT systems.
Lozano makes it clear that there are no excuses for companies not being up to date. On the one hand, technology has been democratized: “The prices of access to security solutions have been reduced.” For example, a company with five computers and one server may hire a software of advanced protection for 170 euros per month, explains this specialist. “Before it was much more expensive, now with all solutions in the cloud [espacio para el almacenamiento de datos y otras operaciones digitales conocido como cloud], everything is much more accessible ”, he adds. On the other hand, highlights the expert, there is free online training on cybersecurity, such as the one offered by Incibe, which can help small businesses identify the risks that exist on the Internet.
Xavier Gracia, cybersecurity advisor at Deloitte believes that awareness and training of users and companies is increasingly important. In the Banco Sabadell Podcast, he underlines that the risks are increasingly complex due to the development and implementation of 5G and the Internet of Things (IoT), the technology that allows objects to be interconnected.
A solution for each business and a minimum for all
The volume of investment in cybersecurity will depend on the type of business. “Different measures will be adopted for each SME, since an electronic commerce portal is not the same as a legal and legal services company”, describes Pérez. At the very least, everyone must purchase an antivirus to start protection, explains this expert. Then the market offers more sophisticated solutions, among which two stand out:
– The firewall. Known in the sector by its name in English, firewall, it is a combination of computer tools that allow to authorize or block any intrusion in the equipment.
– The server proxy. A technology that serves as a bridge between the computer equipment and the server to which it is connected, and that filters the information exchanged between them.
How much does it cost to digitally shield the company?
Pérez specifies that the minimum item to protect himself correctly ranges between 500 euros and 800 euros per month. “It depends on the size of the SME, the number of employees and the volume of data with which it works, among other aspects,” he specifies.
One of the most economical and reliable protection measures is backup (backup). It consists of storing a duplicate of all the information generated by the company to save it from incidents such as loss, destruction or kidnapping. “The average investment of a company in a plan backup it ranges between 30 euros and 90 euros per month ”, explains Juan Llamazares, CEO of Datos101, an expert firm in this market.
“All companies in all sectors can find an option that suits their needs, since the solutions are scalable,” he adds. Sometimes, the loss of information (bank credentials, supplier data, financial information, among others), one of the usual consequences of cyberattacks, can cost small businesses between 2,000 and 50,000 euros, according to this expert.
“Sending an invoice”: the simplest deception is the most effective
Cybercriminals take advantage of user trust and carelessness to contaminate computers. Criminals write an email with a text in the subject section that does not raise any suspicions, such as: “Sending invoice”. They then pick a few random recipients and send the message with an attachment. For a small business owner, used to dealing with suppliers, receiving this type of email is common. So download the file without thinking and open it. Surprise, it’s empty. Does not care. The bad news comes days later, when you realize your financial credentials, usernames, and passwords have been stolen. By clicking on the file, you opened the door to a virus that has put your business at risk. This attack, described by Incibe, has been one of the most used by cybercriminals in 2020.
Of the total incidents managed by this organization last year, three modalities stood out: 35.2% of the offensives were caused by malware, a malicious program that extracts information from systems; 32.02% was related to some type of fraud where the identity of a company or person was impersonated; 17.39% corresponded to a failure or deficiency in the security of a system that allowed access to offenders, and the rest were mishaps that involved other less common types of intrusions.
Resources to fight cybercrime
Cyberattacks have reached such magnitude among SMEs that the Government is preparing a battery of measures to deal with this problem. The process to make SMEs more digital and competitive, through the Pymes Digitization Plan, will have 4,066 million euros, from the European Recovery Fund, also known as Next Generation EU.
The roadmap is not yet defined. The Ministry is in the middle of an analysis process of the concrete measures that it will take to alleviate the advance of the crimes. In addition, the Executive plans to give a boost to the cybersecurity industry and the recruitment of talent, for which it will allocate 450 million euros, also from European funds, in the next three years.