Better safe than sorry. This wise advice from the popular proverb also applies to cybersecurity. Nothing like being aware that everyone, individuals, large companies, SMEs or the self-employed, can be the target of an attack so take precautions, because any security hole, no matter how small, is an open door for cybercriminals.

The figures for online crime do not stop growing, especially since the pandemic, which accelerated digitization, to the point that cybercrime is already considered one of the largest economies in the world. In Spain, with an increase of 38% last year, one in five crimes is already committed on the Internet. Some data to worry about and, above all, to take care of. The first measure is to become aware that, depending on our activity on the Internet, we leave more or less traces and more or less exposed our data. Hence, extreme precautions should be taken.

This was precisely one of the conclusions reached by the experts gathered by La Vanguardia and BBVA at an event, held this past Friday via streaming, which, under the title Cyber-prevented, sought to raise public awareness of the importance of training and prevention in cybersecurity. The meeting, moderated by the journalist Patricia Coll, included the participation of Tomàs Roy, director of the Cybersecurity Agency of Catalonia; Helena Rifà, Director of the UOC’s Master’s Program in Cybersecurity and Privacy; Xavier Ferré, partner responsible for EY Cybersecurity in Catalonia; and Jennifer Sesmero, co-host of the event and global head of Training and Talent in Cybersecurity at BBVA.

Technology is a fundamental value in our lives and cybercriminals know it; they too are transforming and moving their criminal activity from the physical world to the digital world. “What used to be stealing a wallet is now fraud with a credit card,” said Sesmero, who recalled that security begins with oneself. “It depends on how we behave in the face of new technologies,” he stressed. It is important, she said, to have safe habits and she was convinced that, thanks to training and awareness, safety is an achievable goal.

However, at the moment in which we find ourselves, “a far west where everything is possible and there is no law”, in the words of Roy, it is time to be cautious. For the director of the Cybersecurity Agency, we have a transition period ahead of us in which attacks will take place, but the digital transformation will end up providing “more security and will generate greater trust”. He recalled that the healthcare system has been the target of numerous attacks, especially since the pandemic, but as its resilience has improved and it is more difficult to collect ransoms, cybercriminals are being more aggressive with their threats, at the same time that target more vulnerable victims. The EY representative stressed that these attacks are “a very profitable business” for cyber criminals and, in this sense, cryptocurrencies have added complexity, since they make it difficult to trace money.

For Rifà, we have not hit rock bottom in this kind of far west and “everyone is susceptible to being attacked; and the smaller, the easier to attack.” In addition, thanks to the Internet of Things, we are connecting more and more devices to our networks, from a TV to a fridge, and these small devices enjoy less security than, for example, a computer and are, therefore, a great gateway entrance to our personal network.

So if it is certain that we will be attacked, but the only question is when, what can we do? After assuring that 90% of the attacks come from known vulnerabilities, Rifà gave some advice: use long and unpredictable passwords; use, where possible, two-factor authentication; Backups; use a different user for the administration and installation of programs than the one we use regularly; when browsing try not to give information or give the minimum; not accept all cookies or accept the minimum, especially on pages that are not known to us; of course, have an antivirus; be careful with the extensions that we put in the browser; use your own networks and do not send sensitive data if you use an open Wi-Fi; and, when we buy online, do not record the payment card and use, whenever possible, a virtual wallet card.

The global head of Training and Talent in Cybersecurity at BBVA agreed with all these tips, but she added some more, such as paying attention to the recommendations of device manufacturers, avoiding sharing devices as much as possible, not browsing the unreliable sites, etc., since all of this contributes to increasing the level of risk.

Young people, although better prepared and capable of discerning content, are not exempt from risk. In fact, Roy highlighted cryptocurrency fraud, which has attracted many young people, to the point that some of them are being used as mules, through TikTok and for a small income, to launder these crypto assets.

BBVA was applauded by the speakers for the training and awareness work they do with their customers, warning them, for example, that they will never call them or send them an SMS to ask for their credentials or an access code. “If you get a call like that, don’t answer; it’s a fraud,” Roy warned. Sesmero assured that BBVA is a financial entity that, as such, protects the assets and resources of its clients and, therefore, security is embedded in the processes themselves. But, in addition, the bank has spent many years doing “very hard” work on issues of awareness and training. “We have started GSEC (Google Safety Engineering Center), a tour led by Google throughout Spain, with the aim of training SMEs so that they can finally strengthen their security”, he stressed.

In addition, BBVA was the first financial institution to share cybersecurity training content on Coursera.org, the virtual education platform developed by Stanford University. There, it has generated three training modules: one aimed at managers from different companies; another aimed at security experts and a third dedicated to the world of data. “We offer it free of charge and with this we push and promote that awareness of security in society,” argued Sesmero. Likewise, on the web, the different online banking applications and the entity’s social networks, advice is continuously given and the culture of cybersecurity is advocated.

If individuals must take extreme precautions, companies must do more. It is important, in Ferré’s opinion, to carefully assess the risk and impact that an attack can have, since it is not the same to talk about large companies or institutions, which have their own cybersecurity teams, than about SMEs and freelancers. The measures, he added, have to be proportionate to the value of the information that can be stolen or hijacked. In this sense, and thinking especially of SMEs, he considered that, once again, awareness is essential, since more than half of the attacks are due to some human error. Hence, it is important, for example, not to download certain files, to look carefully before opening a link or not to connect from any site. He also recommended purchasing cyber insurance and seeking professional advice. Roy and Rifá elaborated on this aspect, ensuring that the SME must assume that it will not be able to respond to the threat with its own forces and, therefore, it has to look for a digital service provider that is co-responsible for the response. At this point, Roy added that companies must pay special attention to people of advanced working age, since, given their economic solvency, they give very lucrative returns to criminals. We must emphasize the awareness of this group, he said.

The Spanish business fabric has not yet approved in terms of cybersecurity. However, they all highlighted the efforts that are being made. A greater concern that is associated, according to Ferré, to a greater endowment of resources, but there is still a lot to do and a lot to invest. But, since cybersecurity “is everyone’s business”, Roy advocated demanding more responsibility from governments and large companies because in most cases it deals with transnational crimes. Convinced that we will be able to build a secure digital environment for everyone, the EY manager welcomed the fact that police forces are increasingly better equipped to fight cybercrime and that this will help correct and minimize risks.

According to the director of the UOC’s Master’s Program in Cybersecurity and Privacy, companies are focusing on current attacks, and even then there are very severe attacks, but with current technology it will not be possible to reverse or prevent future attacks . Artificial intelligence becomes a double-edged sword in this scenario: on the one hand, it gives rise to evolutions in attacks, because, thanks to tools such as ChatGPT, cybercriminals know us perfectly, but at the same time artificial intelligence In the future, it will be able to detect and neutralize attacks carried out with the same technology. For this reason, Rifà said, “we must invest” and promote training. “We need more vocations in the field of cybersecurity; it is a profession of the present and of the future, ”she emphasized.

The BBVA representative highlighted, as a climax, the efforts that are being made. “In everyone’s hands is the need to create awareness of cybersecurity and try to reach the whole of society and, with this, improve our habits so that they are safer,” she concluded.