7th e-Crime & Cybersecurity Spain
Online, 24th November 2021
Ransomware changes the risk calculus – for government and CISOs
With all sectors hit hard by disruption and data loss, can governments and CISOs work together to beat the criminals?
The past year has seen Spanish organisations hit hard by cyberattacks – and as is the case globally, ransomware is the number one threat.
Every sector, including crucial elements of CNI such as government, finance and healthcare, has been affected. In March 2020, just as the pandemic began to hit, a hospital in Madrid was taken offline by ransomware. Since then, regional giants such as Mapfre, SegurCaixa Adeslas, Adif and many others have fallen victim.
The State Public Employment Service, which manages unemployment benefits and has been critical during the pandemic, was “paralyzed” by ransomware earlier this year, shortly followed by the Ministry of Labor and Social Economy.
Not so long ago, the consequences of a cyberattack for most organisations were a hassle and not much more. Bad press, a fine (relatively small even under GDPR), some additional damages, but nothing they couldn’t handle. With a good lawyer, breaches could continue to be swept under the carpet.
Evidently, that is no longer the case.
In the US, the scale of the threat posed by attacks on CNI means President Joe Biden has got involved, introducing new regulation for some sectors and emphasising to business leaders that especially in the hyperconnected “new normal”, cybersecurity is key to operational resilience.
The fact that some level of state tolerance (if not actual support) for ransomware criminals is clearly involved, is also, finally, beginning to be recognised. US intelligence agencies were directed to investigate the Kaseya attack and talk of cyberespionage is becoming common. Governments realise that leaving cybersecurity to the private sector may not be enough.
Research by security providers shows that Spanish cyber experts are highly aware of the threat, with 85% either having already suffered at least one ransomware attack in the past year, or expecting to. AKJ’s own research indicates that the CISO’s profile within the business – and the resources allocated to cybersecurity – have increased to match the risk.
But with teams still understaffed and under pressure, the question on everyone’s minds is: will it be enough?
The 7th e-Crime & Cybersecurity Congress Spain will take place online and will look at how cybersecurity teams are tackling the new normal. Join our real-life case studies and in-depth technical sessions from the security and privacy teams behind some of the world’s most admired brands.