Cybersecurity: why your business should be up to speed

What is cybersecurity?

Cybersecurity consists of the set of actions that allow users and servers to guarantee the confidentiality of their information and processes against external interference.

Attacks on cybersecurity can take many different forms, from downloading malicious software, to espionage, to computer control. In any case, they endanger the data and processes of any company and are increasingly numerous: the number of daily cyber-attacks globally is estimated at 2,200 or, in other words, one cyber-attack every 39 seconds. So much so that even the Spanish government has launched a cybersecurity crash plan to protect the public administration itself.

Against this backdrop, robust cybersecurity is essential for companies of all sizes, particularly those with IoT deployments .

The importance of cybersecurity in industrial companies

Cybersecurity is the set of actions that allow users and servers to guarantee the confidentiality of their information and processes against external interference.

Nowadays, the digitization of companies requires automation for data and process management. However, without adequate cybersecurity, the IT equipment that manages this can be hacked with the following consequences:

• Access to sensitive information that can be used for malicious purposes, such as data trafficking or blackmail.
• Control or sabotage of technological equipment.
• Economic costs to the organization due to downtime caused by sabotage and other problems.
• Userdistrust , particularly if the cybersecurity problem becomes a media issue.

Some sectors are particularly vulnerable to cybersecurity issues. This is the case in IoT environments, where connectivity can become a vulnerability if specific recommendations for securing Industrial IoT or IIoTare not followed.

In this sense, cybersecurity problems are already one of the most urgent challenges to be solved in companies of all sizes, something that is reflected in US legislation with the IoT Cybersecurity Improvement Act, passed in 2020.

IoT is extremely useful but its proper implementation is not without its liabilities. In fact, 3 out of 4 companies end up failing to implement IoT correctly. The 3 challenges are clear: how to capture data from heterogeneous sources, how to bring that data into existing plant systems, and finally how to preserve the security and integrity of the systems in which that data is hosted.

Types of cyber-attacks you can avoid if your company is up to date on cybersecurity

1. Ransomware attacks

Also known as data hijacking, this practice consists of infiltrating a computer with malicious software that prevents access to system files. In exchange for freeing the computer, the hacker asks for financial or other compensation.

2. Spyware attacks

This spyware manages to gather information from a computer without the infected user being aware of it.

3. Phishing Attacks

In this type of cyber-attack, the hacker impersonates the digital identity of a trusted person of the victim and asks for vulnerable information, such as bank details or other sensitive data.

4. DDoS attacks

There is the possibility that attacks are aimed at sabotaging processes through DDoS attacks. In this case, cyber criminals take control of devices and , through network requests, crash the system.

Reasons why you can't forget about cybersecurity for your business

1. Increase in number and types of cybercrime

As mentioned in this article, there are a wide variety of cyber attacks, and they are on the rise. Cybersecurity is the only antidote to the constant threats from hackers.

Cybercriminals are taking advantage of the increasing digitization of data and processes in companies for malicious purposes, targeting vulnerable companies without cybersecurity protocols.

2. Vulnerability of cloud and IoT systems

While IoT and cloud environments bring undeniable advances in efficiency and operability for businesses, the high connectivity of both systems is also a gateway for malicious attacks.

Fortunately, through cyber security protocols, especially in device security, it is possible to deal effectively with these threats.

3. Avoid economic losses

A recent study by the Ponemon Institute puts the average cost to organisations of a cybersecurity incident at USD 3.86 million. While not all cyberattacks are as costly, they always result in significant financial losses that can be avoided through security protocols.

4. Improved credibility

Cyber-attacks undermine the credibility of companies in the eyes of users, who may no longer trust companies to manage their data and other information assets. Cybersecurity is the only sure way to ensure that this does not happen.

5. Damage to the business in general

The damage caused by cyber security problems spreads on many levels: it is easy for them to spread from one computer to another, eventually bringing a company's network to a complete standstill and corrupting its files and systems. Avoiding such mishaps is only possible through cyber security protocols by design.

Examples of cyber-attacks on companies

1. The Facebook data leak

In March 2021, data on a total of 533 million users, including phone numbers, full names, locations and dates of birth, were shared and exposed within Surface Web . Findable with a normal search engine. In Spain alone, eleven million accounts were affected by this security breach, according to an analysis conducted by Business Insider by collating information on websites and Telegram.

2. Cyber-attacks on the SEPE

Also in March, the SEPE 's computer service was infected with a ransomware that had the capacity to leak files and block computers. The attack paralyzed more than 700 offices of the State Public Employment Service . It also paralyzed 200,000 appointments and jeopardized the unemployment benefit payment system because state employees were unable to use their computers.

3. Cyber-attacks on the Ministry of Labor and the Economy

In June, just three months after the attack on the SEPE, Spain was once again on the ropes, putting its cybersecurity systems under the spotlight. A total of 5,500 civil servants were unable to work for more than 15 days due to the lack of their own resources and the difficulty in resolving the problem.

4. Media Markt Black Friday

At the beginning of November, the German multinational suffered a cyber-attack that affected the company's stores in Holland, Germany, Belgium and Spain. It also coincided with the preparations for Black Friday. According to an internal email that has been leaked, this attack would have affected more than 30,000 Windows servers and it is estimated that the ransom demanded exceeds 213 million euros.

How companies can protect themselves from cyber-attacks

1. Identify

Let's assume that all the information that a business handles has a high value, both internally and externally (competition, cybercriminals). We cannot protect what we do not know, so we must start by identifying the digital capital of our company. What are the most important data stored in our business? Where do we store all this data? How many computers does the company have? Do we have a first security barrier on the Internet? Do we have a firewall? Are the users trained in cybersecurity?

2. Protect

To avoid risks, you must first be aware of them. Therefore, it is necessary for employees to understand the safety rules and thus be able to comply with them. We should follow these basic tips:

• Do not give out your passwords or access data.
• Protect your computer and personal devices with passwords. Remember to use two-factor authentication whenever possible.
• Encrypts all devices where you store company information.
• Stores the information in corporate servers.
• Always keep your systems up to date, both those you use professionally and at user level, and never forget to have an antivirus.
• Perform regular backups.
• Instead of remote desktop applications, connect to your company securely through a virtual private network or VPN.
• If you use mobile devices and do not have a VPN, avoid connecting to public Wi-Fi. Use 4G and 5G connections.

3. Reply

What happens if our company has a possible attack? The first thing to do is to identify and isolate the infected device from the network or, if necessary, shut down all corporate equipment. After this we will have to have at hand the contact of the professional services that can advise us in situations like these.

4. External collaborators

Cybersecurity providers must be more than mere suppliers, they must be strategic partners with whom a certain continuity over time is guaranteed. In other words, it is no longer enough to buy an antivirus license; it is necessary to have a partner to ensure the security of the company. At Barbara, we have a team of experts who advise companies on potential threats. We help to increase the level of security in an innovative way and with full advice.

5. Retrieve

If nothing has worked or it is too late to recover the systems, there is only one thing left to do, recover the backups and reinstall the systems to the date before the attack. There is a wide range of solutions that can be used, depending on how quickly disaster recovery needs to be done, i.e. the criticality required; from reinstalling systems to recovering entire virtual machines.

Barbara OS, cybersecurity by design

‍

In the face of these threats, it is essential to have teams and platforms with cyber security at the forefront.

In other words, the right systems must incorporate the cybersecurity by design and in advance of any deployment. This is the only way to ensure that equipment is secure from the moment it starts operating.

In this sense, Barbara OS is the platform for Industrial IoT or IIoT environments that protects IoT deployments against potential cybersecurity threats.

Thus, this platform takes into account potential threats from the very beginning and, consequently, implements protocols from the very moment of installation, avoiding vulnerabilities that put systems at risk.

To this end, Barbara OS raises the security level of IoT deployments through various mechanisms. These include verified boot-up of equipment, communication via unique certificates, encryption of all data and non-exposure of network services, among other functionalities.

Want to learn more about the potential threats in industrial IoT environments Industrial IoT and how to combat them with the right cybersecurity protocols? Download our free guide on Industrial IoT Cybersecurity and find out how to protect your company against any contingency.

‍