Cybersecurity in industrial companies in Spain: analysis, challenges and solutions.

However, there are still many companies that have to face the challenge of software obsolescence. Most of the industrial companies have in their processes technologies that can be more than 20 years old and, therefore, are not prepared or designed to solve any type of cyber threat. In other words, they are a "piece of cake" for any criminal organization or even for inexperienced hackers. 

In a world in which everything is digital, from personal relationships to money management, including, of course, all the internal and external operations of organizations (customer management, sales, training and human resources, quality control and, sometimes, even the product itself), threats can arrive invisibly from anywhere and cause enormous damage: data theft, 'hijacking' of computer systems, viruses that render them useless, security breaches that destroy reputation... 

The truth is that cybersecurity incidents are only increasing for many and varied reasons. The access routes for attackers are multiplying with more and more devices connected to corporate networks, the access of all types of profiles to digital channels, constant updates and innovations, 5G and its very high speed! 

In industrial companies, which often work with machines connected to the Internet, but which were designed before anyone was concerned about cybersecurity, this problem is even more serious. And if we add to this the fact that remote working, popularized by the pandemic, has been another turning point (in this case for the worse) in the increase in cyber attacks, we can speak of a "perfect storm" in terms of cybersecurity.

State and context of cybersecurity in Spain

Almost all Spanish companies (94% according to the report The State of Cybersecurity in Spain, by Deloitte) suffered at least one serious cybersecurity incident in 2021. Attacks that are not only becoming more frequent, but also more complex and advanced. Some studies claim that the numbers have dropped slightly this past year. But that doesn't mean that we should lower our guard, as 'almost' no one is free of them -Telefónica, Uber, Iberdrola or even public administrations such as the SEPE have been targeted by cybercriminals recently-. And, although a large organization can cope with this type of threat and recover, according to Telefónica Cyber Security Tech, more than half of the SMEs that suffer an attack of this type will disappear a few months after the incident. 

It is worrying, of course. And that is why so far in 2022 this cybersecurity market has already grown by 7.7% in Spain. The total figure is expected to reach 1,749 million euros by the end of the year and by 2025 we could already exceed the figure of 2,200 million euros. A very tasty slice for cybercriminals.

Among the most affected sectors in our country are those related to technology (telecommunications, media, etc.), the manufacturing industry, banking and public administration itself. Some of them, although already mature in terms of digitization and, therefore, well equipped with cybersecurity strategies and protocols, continue to be the target of these attacks due to their attractiveness to cybercriminals, either because of the large amount of sensitive data they handle or because of the media coverage associated with them. 

It is true that general awareness has increased, and more and more budget is being allocated to cybersecurity in medium-sized and large organizations. At the same time, professional users are better trained and have more tools to protect themselves and their companies. However, there is still a long way to go at the lower layers and, as a society, we remain vulnerable to phishing or malware, which in turn puts the companies we deal with at risk.

Cybersecurity challenges for the Spanish industry

The main challenges of cybersecurity in Spain have to do with the digital transformation itself. Companies are forced to keep up with the pace and carry it out in a hurried manner and not always with adequate guarantees, so they often do not have the means or resources to keep their equipment and solutions updated.  

Digitization is nothing more than the logical step in the evolution of companies and therefore, and especially with regard to companies in the industrial sector, edge computing can become a strategic ally. Firstly, because data governance brings intelligence to the business and, also, to solve cybersecurity problems when performing tasks such as data and process analytics.

In this sense, we could say that edge computing is the solution to the limitations of cloud-hosted technologies: lower latency, savings in bandwidth costs (for large volumes of data and highly distributed assets) and greater cybersecurity.

Therefore, edge computing is a fast technology that enables the management and deployment of updates, whether security patches or business improvement applications. In addition, it offers significant time and cost savings, while allowing remote programming of all the routines of a process to minimize any risk.

For all these reasons, distributed computing at the edge is the best response we currently have to the need to safeguard the integrity of data and machines. By incorporating cybersecurity into the production processes themselves, the cloud's own latency is reduced, real-time solutions are achieved in the face of possible failures and, therefore, higher levels of privacy and productivity.

The role of digital talent in the Spanish digital industry

It is, therefore, a question of investment. On the one hand, in the renewal and maintenance of equipment and cybersecurity systems, and on the other, in talent. Leaving aside the extra cost of hiring a professional profile that, in many cases, did not exist - according to the ObservaCiber report, only 2 out of every 10 internal positions receive training or have the knowledge to be able to perform the functions required in this field - it is not easy to find them either. It is estimated that more than 80,000 cybersecurity professionals will be needed by 2024, roughly double the number of those seeking employment in this area. 

On the other hand, the attractiveness of the profitability of these attacks means that cybercriminals are working less and less as lone wolves, and more and more from organized networks. These are highly trained and composed of experts who always seem to be one step ahead of corporate cybersecurity managers. They are also well versed in legitimate technology applications and therefore their vulnerabilities.

‍

Cybersecurity solutions for industrial companies

We must equip ourselves. The type of cyber-attacks that can be suffered is very varied and imaginative: from ransomware, which 'kidnaps' a company's computer equipment, preventing access to it and blocking the information it contains in exchange for a ransom (very 'profitable' for criminals), to mass spamming, malware, phishing (fake emails with the intention of obtaining passwords and personal or corporate data) or attacks using the remote desktop function. Therefore, cybersecurity solutions must also be prepared for any possible scenario, known or unknown.

The first and most successful cybersecurity strategy is precisely to have a serious, informed and well-thought-out cybersecurity policy. Thus, it is necessary to have the means and technological solutions sized and appropriate to first detect, then stop and, finally, recover from possible cyber-attacks, both in your own facilities, in the cloud, and in the Edge technology network. Let's take a look at some of these possible measures and solutions that companies should consider:

Barbara can help you

Barrier Media

The evolution of the traditional firewall, which are now adapted not only for the protection of on-premise infrastructures, but also in the cloud or in external locations of the company.

Protection of access points

Protection systems for access points, whether cell phones, ATMs or self-service terminals (in the case of banks or stores), as well as any online portal, that verify and protect against blocking attempts or unauthorized access to private parties. 

As a Service Models

Of the large number of systems and solutions that a company handles in its daily operations, many can already be contracted as a service, so it is the solution provider who is responsible for keeping them up to date and replacing them when necessary, as well as ensuring cybersecurity.

Data encryption

Both those stored on the device and those entering or leaving through any network connected to the company's systems. There are cybersecurity platforms that use quantum technology for this purpose, which makes unwanted decryption more difficult.

Unique certificates and access control

Each user must be recognized by the system and protected by a key system and a unique cryptographic certificate. Since not all users will have access to the same level of security, it is essential to define roles and permissions, and to do so in an unambiguous and guaranteed manner.

Zero-trust

More than a solution, it is an action model that many organizations are already applying. It consists of 'trusting nothing and no one', or rather, reducing the core of trust of an entity to the maximum, exhaustively controlling all access, protecting the essential ones through secure and unique passwords and monitoring each entry to the system, to avoid any unwanted access or unauthorized manipulation.

More and more utilities and factories are implementing edge computing to digitize their operational processes, which can completely change the dimension and criticality of the use of this technology. In fact, Gartner indicates that Edge AI, i.e. the ability to run artificial intelligence algorithms on distributed, resource-constrained machines, will be the technology trend with the greatest impact on companies' bottom lines since the launch of the cloud.

These are just a few ideas and cybersecurity solutions that, of course, should be adapted to the needs and particularities of each company and be part of the business strategy from the very base. 

Contact us so we can review your specific case.