Catalonia, on the path to the first division of cybersecurity

BarcelonaIn March 2023, the RansomHouse cybercriminal group attacked the Hospital Clínic in Barcelona through ransomware (ransomware) which paralyzed part of the healthcare activity, especially vital emergencies such as strokes and heart attacks, which had to be referred to other centers. It was a highly publicized cyberattack that lasted for days, but there have been many more in recent years. The Moisès Broggi, Dos de Mayo, and General de Hospitalet de Llobregat hospitals, or the Autonomous University of Barcelona (UAB), among others, are just a few examples.

According to data from the Catalan Data Protection Authority (ACPD), in the last five years, up to 5.8 million people have been affected by the theft of personal information through cyberattacks in Catalonia, only considering attacks on public bodies and companies belonging to the Generalitat (Catalan Government). However, while the black market for buying and selling data is becoming an increasingly lucrative business, the cybersecurity sector is also booming in Catalonia, both in the public and private sectors.

The Generalitat (Catalan Government) has launched a new comprehensive cybersecurity strategy for Catalonia and its public services; a plan worth 18.6 million euros. "The largest investment ever made in cybersecurity by the Catalan government," in the words of the Minister for the Presidency, Albert Dalmau. Through the Cybersecurity Agency and with the support of INCIBE, the government's plan is financed through the European Union's Next Generation Funds and seeks to be "an unprecedented boost to the country's cybersecurity." The plan, through 27 specific actions, aims to promote social and professional awareness, help companies protect themselves, and encourage innovation in the sector, among other things.

The Clínic incident also marked a turning point in awareness for both companies and citizens: cyberattacks are also the new way of generating geopolitical wars. "Zero risk doesn't exist, but what we must achieve is that if attacks do occur, they have the least possible impact," explains Laura Caballero, director of the Cybersecurity Agency. "Ninety-nine percent of attacks fail to penetrate our systems; this shows that in Catalonia we have a robust system," she asserts.

In fact, last year, the Agency handled 3,372 incidents, 26% more than the previous year, and identified more than 6.9 billion in attacks targeting people and information systems in the areas managed by this agency. Of these 6.9 billion, 1.275 billion were in the healthcare sector, one of the sectors with the highest-paid data on the black market.

A growing sector

According to Caballero, there are more than 550 cybersecurity companies in Catalonia employing 10,600 professionals, demonstrating a sector of "increasing importance." According to a study According to a report prepared by the organization, the sector already has an annual turnover of 1.473 billion euros, 18.4% more than the previous year, and global cybersecurity revenue is expected to grow by 8% annually over the next five years, reaching 272 billion dollars. The work in this area is crucial. Cristina Pitarch, general manager EMEA at Google Cloud Security, describes it in figures: "The cybercrime sector moves 3.5 trillion dollars; if it were compared to the GDP of a country, it would be the third largest in the world." She also states that "in Catalonia it is a growing sector, hub technological, more professionals in the sector are needed to defend companies." Cybersecurity is also "an economic opportunity for any country and company," the executive points out. "There is great importance in the trust that a company generates when it suffers a cyberattack," she recalls.

cybersecurity through Minsait. The head of the Northeast Zone of Minsait Cyber, Manel Garcia, explains that cybersecurity is an issue that appeals to our sovereignty. hackers normal, but from large criminal groups and also from geopolitical wars," Garcia points out, while agreeing with Pitarch that "being digitally protected adds a great competitive advantage to a company."

A world of start-ups

Beyond the big companies, there are more and more start-ups dedicated to the sector. Google for Startups, through the Growth Academy program, is a group of emerging companies in this field. The head of Google for Startups, Sofía Benjumea, points out that "we must help those companies that are innovating in the sector, because there are many areas where there may be threats and the start-ups can be a tool. We must join forces because there is a common evil to fight," says Benjumea.

On the one hand, Qalea, one of the start-ups Selected by Google, Qalea has created a cybersecurity platform for medium-sized companies that simplifies security management by unifying various protection technologies into a single interface. Leveraging AI and large language models, Qalea automates security processes. Its founder, Olmo Rayón, explains that his mission is to "democratize cybersecurity" through AI: "Attackers allocate resources proportionally to what they can extract; I say a system is well protected when it's going to cost more to break in than what you can remove," he explains.

"Qalea was born in Barcelona with the vision that companies must spend a lot of money to be well protected, and I wanted to democratize this. There are many elements of corporate cybersecurity that can be repeated and automated. You have to protect yourself well enough so that you are no longer attractive to attackers, while also complying with regulations." For her part, Maria Taberna, founder of Steryon, also Catalan and selected by Google, focuses on the world of industrial cybersecurity: it is a cyber resilience and risk management platform for industrial companies, mainly critical infrastructures such as energy, hospitals, etc.

"In industry, the number one objective is to keep activity going," explains Taberna. "With our platform, we connect to all the elements they have in their plants and all the intelligence outside, and we give them active monitoring and risk vision. This way, if one enters malware, we have the ability to be the all-seeing eye. Our motto is that there is not only cyber risk, but it is a business risk," explains Taberna. He says that industries are often easier to attack because they have outdated machinery, and points out that "90% of attacks on critical infrastructure go through a ransomware that sneaks into an industrial infrastructure."

Human error and health data

All the experts consulted agree that most cyberattacks stem from human error. "The most vulnerable link is always the person, through what is known." phishing", points out Manel Garcia. Rayón (Qalea), explains that, generally, "the first entry point for a cyberattack is through employees," and then with AI, "which has made it much cheaper to generate automated systems to break in through the cracks," he points out.

We have managed to prevent a good part of the fraud from materializing - says the Indra executive - because they have a temporality, the card can be canceled or something can be done. However, medical data is always valid, even beyond life, and can be used to make medicines, studies... They are very juicy," he says.

All in all, the future offers us new threats. Quantum technologies - also planned in the Government's plan - are one of them, due to the fact that they can mean for the cipher. to "ensure that communications have a quantum level of encryption," while "we are beginning to work with government and financial entities to increase the number of keys for encrypting information," Garcia explains. Cybersecurity "is the professional field with the greatest shortage by far." In 2023, there were 962. As for the number of job offers, we have gone from 420 in 2018 to 1,095 in 2023. As a national challenge, Arrufí believes that "we must ensure that cybersecurity is familiar from school onwards."

Awareness

Despite the progress in awareness, "there is still a long way to go," experts explain. "The industry is much more aware than a few years ago, but company leaders still need to prioritize this issue; industrial companies continue to place more emphasis on protecting the IT sector (computers, media) than on industrial plants," says Taberna.

Furthermore, "people are often unconscious and careless when it comes to accepting certain conditions, such as cookies", notes Garcia, who recalls the case of the people queuing to have their irises scanned in exchange for cryptocurrency"Misuse of these biometric data is very dangerous," he says. However, all the professionals consulted agree on one conclusion: "You can never be prepared enough. We're on the right track, but there's still a lot of work to do."