A TOTAL of 28,936 devices with internet access are affected in Malaga by some kind of cybersecurity problem.
The data from the Institute of Cybersecurity places Malaga province second in Andalucía for the number of infections on internet capable devices.
To understand the extent of the computer risks of the country’s companies, we must turn to the latest Google report, ‘Panorama actual de la Ciberseguridad en España’. It is an extensive document resulting from a long investigation in which several conclusions stand out, among them, amazingly, that three out of every 10 IT managers in SME’s (small to medium enterprises) in Spain are unaware of the concept of cybersecurity.
The report says: “Almost 3 million companies in Spain have little or no protection against hackers.” In addition it says: “Two-thirds of Spanish companies lack enough employees to combat cyberspace threats.”
At the moment, one of the most innovative strategies for companies to defend themselves against cyberattacks is the IDS (intrusion detection system), which utilises learning based on artificial intelligence, explains Fernando Ramirez, director of Hispasec.
His colleague, the founder of VirusTotal and a member of Google’s cybersecurity team, Bernardo Quintero – considered one of the top experts in this field at a European level – said: “Although Malaga has a flourishing industry in the area of cybersecurity, the rest of the business fabric, individuals and organisations in Malaga are not distinguished by having a particular strategy in this field.
“In this sense, like the rest of the country, we are very traditional, we still follow an old approach based on ‘firewalls’ to separate the external network from the internal, authentication and access controls based on passwords and antivirus at work stations.
For this reason, Quintero asserts that a “paradigm shift” is needed in response to the new threats that arrive on a daily basis and mentions the new system called ‘Zero trust’, which he says is “a much more secure” working format in which the concepts of ‘non-secure external network’ and ‘secure internal network’ are eliminated.
Locally, a large percentage of companies are focused on the tourism and hospitality sector. In these areas the threats are the same as in the rest of industry, according to Quintero, including specific ones related to credit cards and online payment systems.
Malaga cybersecurity expert Sergio de los Santos, from Eleven Paths, adds that one of the biggest problems for companies is that they rarely think they are the target of attacks. “It is true that perhaps it is unlikely that an SME is the target of a specific attack, but the attacks occur, and most of the time do not seek a specific target. They are content with whoever becomes a victim and from there will extract all the benefit they can.”
Another of the failures in De los Santos’ opinion is not having a budget for cybersecurity: “Small businesses sometimes can’t afford it, they rely on the basic security that can be achieved without too much investment. In his opinion, however, it is not enough. “Great results can be achieved with minimal investment, but it is important to maintain a reasonable line of defence for the core of the business.”
The last critical point for SMEs is the loss of decentralised information, which is very difficult to recover. “Nowadays, information moves in many ways. From the local computer to the laptop, from the cloud to the mobile. Controlling this flow of information is very complicated, even for large companies.” He adds that work devices should be kept separate from domestic usage.