For some years now, the use of technologies has become a matter of total relevance for most business organizational systems. Just as technological solutions to make our lives more comfortable are advancing exponentially, so are the risks and threats to these devices and applications.
If we add to this the rapid – and at times fearful – digital transformation that organizations have undergone in order to address the social distancing and hygiene regulations projected by the
In many cases, it has become a real online battle between organizations and cybercriminals, generating complications that we did not contemplate before the health crisis or that we saw in the very long term.
Cybersecurity has become, today more than ever, a fundamental pillar for any company.
organization, having to implement measures and actions to prevent cybercriminals from being able to
perpetrate their crimes. Therefore, it is imperative that all security risks are managed, entering into a continuous and constantly changing race to improve all your systems and devices.
One of the sectors most susceptible to cyber-attacks is the financial sector, with 21% of global cyber-attacks, according to the Marsh report. This is because the information they handle is much more substantial for cybercriminals: financial information, customer data, consumption, transfers, payments, etc.
On the other hand, mobile devices have become our new day-to-day ally, an issue that cybercriminals are also aware of and use to take advantage: according to the INE’s Survey on Equipment and Use of Information and Communication Technologies in Households (2020), almost 70% of people already use online banking, positioning us in the European average.
…cybersecurity has become, today more than ever, a fundamental pillar for any organization…
As the use of online banking increases, so do users’ concerns about the cybersecurity of their data. It is necessary to rethink the security of the entity as a value that the company has and as a method to differentiate it from its competitors. Thus, the greatest risk for the financial sector is to suffer a cybersecurity incident that could mean a critical service interruption, unthinkable economic losses or a loss of confidence on the part of its customers due to poor security management.
Most companies are prioritizing their cybersecurity not only for their duty, but for a
intrinsic necessity of the business model.
How can companies prepare themselves to be less vulnerable to these problems?
- It is necessary to have a comprehensive cybersecurity management for the entire organization, taking as
based on international standards and practices for this purpose.
- Principle of least privilege, well-defined access controls and real-time monitoring to know the status of the entity’s communications at all times.
- The information must be well classified and with the pertinent security barriers for each type of information. Access to hard disks must be encrypted, confidential information sent by e-mail must be encrypted and all employees must be made aware of the company’s confidentiality policy.
- Create daily backups with their respective barriers. Now more than ever, that the
companies are uploading everything to the cloud, you have to be very careful about what information you put in the cloud.
- Implementing measures to secure the corporate network and wifi can help us to ensure that our
company is more cybersecure.
- The software must always be up to date on each device. Since a failure in one of them can cause the other devices in the network to be attacked.
- Mobile device monitoring and management systems, with specific controls that limit access and/or help the user prevent cyber-attacks or potentially risky activities.
- Special mention should be made of the fact that, in any company, the weakest links are people. 95% of cyber-attacks are perpetrated due to human error, which could have been avoided if people had known how to react appropriately. For this reason, it is essential to develop a specific strategy so that personnel not only take an active part in the execution of the security measures implemented, but also become an agent of security in their daily work.
What can be the consequences of not having a good cybersecurity strategy?
In terms of direct economic consequence, according to IBM’s “Cost of a Data Breach Report” 2020, the average cost of cyber-attacks aimed at stealing information or data at financial institutions was $5.85 million. Other costs derived from a cyber-attack must also be taken into account, such as business interruption, loss of productivity, time to restore information, detention and notification of the attack, possible lawsuits from those affected, deterioration of the brand image and, in short, the loss of confidence of our customers.
For all these reasons, now more than ever, we must be aware of the importance of carrying out a good
cybersecurity plan in the company, sponsored by the CEO, with sufficient investment, since the consequences of not having it could be irreparable in our organization. We must bet on cybersecurity in our company, our customers perceive it as a differential value.
Petri Alonso, Director of Banking and Insurance of the Oesía Group.