“Cyberattacks in businesses have surged by 150 percent, and human mistake is the main vector of virus introduction.” 

Cyber attack

Cyberattacks increased by 150 percent in 2021. 

The world is experiencing the highest number of cyberattacks, with organisations incurring economic, reputational, and operational implications. Any business must have a good protection system, which necessitates competent assistance in order to implement prevention procedures. 

The fundamental goal of cyberattacks is to gain access to a company’s sensitive data in order to harm its reputation and customer confidence. Factum’s CEO, Iosu Arrizabalaga, pointed out that “In recent years, the number of cyberattacks has surpassed the percentages we previously estimated. They climbed by 150 percent in 2021 alone, and there are becoming more ways to take advantage of any security “Break.” 

Because the expenses of such cyber attacks are exorbitant, corporate activity may be halted; additionally, a breach of the duty of protection might result in sanctions. 

Are we vulnerable to cyber-threats? 

EnGenius’ Director of Business Development, Jess Yanes, says that “We are, to some part, reliant on the technology and WiFi equipment we employ. It would be a delusion to deny it, especially at this historical time, when ‘the data’ has acquired present relevance. Without getting into the many repercussions of data theft, we know that the level of personal or business security that we have filed affects our information.” 

A company’s security responsibilities 

The data controller must take the appropriate precautions to avoid any vulnerability; otherwise, the organisation will be forced to justify the precautions adopted. 

To ensure the confidentiality, availability, and integrity of its resources, any organisation must be able to manage information systems through physical and technical methods. They must also conduct risk assessments and ensure that staff and customers’ information is secure. 

Despite significant technological advancements, Hervé Lambert (Panda Security’s Global Consumer Operations Manager) claims that “Despite the fact that there are organisations that certify security measures, we see companies that lack systems and professionals and continue to protect their assets in the most ineffective way possible. We have a lot of work to do at the level of awareness. We are better off now than we were ten years ago, but there is still much to be desired.” 

In the meantime, Mario Garca (general director of Check Point Software for Spain and Portugal) adds: “The requirements of some operators in terms of protecting their networks and information systems were specified by the Official State Gazette in 2021. The new standard stipulates that the Information Security Officer must have the required resources and trained employees to successfully carry out his duties.” 

For a business to function correctly, it’s critical to safeguard oneself. 

Without a cybersecurity programme, a corporation cannot defend itself against data breach campaigns, and workplaces must incorporate cybersecurity awareness initiatives to educate employees. 

Carlos Borrego, Bidaidea’s Cybersecurity Service Delivery Manager, points out that “All businesses should take precautions to defend themselves from a cyberattack. Protection must be based on a collection of measures that are tailored to the context of each business, rather than a set of generic controls. Cybersecurity is not a one-time expense; rather, it is a long-term investment that will allow for the deployment of measures and the training of staff.” 

Who should be held accountable for the cyber-threat? 

IberBox’s CEO, Jess F. Rodrguez, confirms this “The data controller, or the person who collects the data, is defined under the General Data Protection Regulation. As a result, if a cyberattack happens, the Spanish Data Protection Agency will first target the treatment provider.” 

On the other hand, the person who performs the action and does not act with the appropriate thoroughness has responsibility. “The victim is the corporation,” Iosu Arrizabalaga continues, “and the primary duty is always that of the perpetrator.” “The fact is that decision-making and palliative measures must be carried out by the same afflicted organisation,” he says. 

“Every company must have a cybersecurity officer (CISO) who sets in place all the required procedures to mitigate a cyberattack as soon as feasible and coordinates all the necessary actions to return to work as soon as possible,” says Javier Huergo, director of Watch&Act Protection Services. 

The client’s risks in the event of a prospective cyberattack by the corporation 

A cyberattack can result in a temporary halt or a complete halting of operations. Cybercriminals gain access to networks and steal confidential data from third parties, exposing ways to attack third parties such as suppliers, collaborators, and customers. 


Cyberattacks can shut down internet businesses in seconds and take weeks to recover from. OpenWebinars’ Education Manager, José Carlos Márquez, points out that “Theft of information is the most serious threat. The stolen information could be used to disclose it to the public, to blackmail or extort money, or to sell to competitors.” 

Customers who have given their personal data to the company must be informed so that they can take the required precautions to avoid current or future problems. 


The hazards, according to Francisco Valencia (general manager of Secure&IT), “Depending on the sort of assault and the firm in question. There are attacks that can paralyse activities for a longer or shorter amount of time, which means that the client may be unable to receive more or less vital services or supplies.” 

Is it the company’s or the employee’s responsibility to be vulnerable? 

“The main vector of entry of computer viruses is caused by human errors,” according to Javier Huergo, “therefore proper cybersecurity training for employees and management can avoid many difficulties.” 

Valentn Cortés, Ironhack’s Campus Manager for Madrid and Barcelona, adds that “The greatest vulnerability in a company’s computer security is its people. It will be impossible to safeguard systems against the range of dangers used by cybercriminals to steal data if personnel are not taught.” 

According to José Carlos Márquez, the problem “is partly due to the company, which must take steps to facilitate the adoption of this ‘Safety Culture’ by employees, but it is also due to a large extent to the worker, who has access to data with varying levels of sensitivity and must always act responsibly.” 

What flaws do you have? 

As a result of teleworking, the number of cyberattacks has increased, as firms’ security barriers have been challenged and the task of monitoring activities has become more complex. 

Since the beginning of the pandemic, ransomware assaults have been highlighted. The information is encrypted, and the company’s operations are halted as a result of this vulnerability. In most circumstances, paying a ransom is also the quickest method to get the firm back up and running. 

Other dangers include: 

* Phishing fraud: A legitimate email is imitated in order to trick the user and get sensitive personal information, such as login credentials for online banking. 

* Malware: A harmful file that runs on the device and infects it. 

* Scam: An email is sent with the intent of committing a scam based on alleged financial gain. 

How to Safeguard Yourself 

First and foremost, any business must be entrusted to professionals who will safeguard data in a secure manner. As a result, having a high degree of training is recommended to eliminate possible human errors. 

Users can safeguard themselves by doing the following: 

* Create a strong password policy with at least eight characters, including uppercase, lowercase, numerals, and special characters; * Do not click on email links. 

* Be wary of public WiFi hotspots. 

* Use an antivirus with extra security measures like a password vault and a link or connection checker to protect all devices. 

* Create user accounts with limited rights that only allow access to information that is absolutely necessary for professional performance, and keep computers password-protected. 

Preventative measures to avoid a cyberattack 

* Establish processes and policies to defend the organisation against intrusions and establish instructions for problem solving, according to Valentn Cortés. 

* Educate employees on their responsibility in the security and protection of their coworkers’, customers’, and company’s information. 

* Educate personnel so that they can spot bogus antivirus warning messages and issue an alert as soon as they see something suspicious. 

Businesses must conduct extensive assessments of their current status in order to identify potential failures, build a protocol, evaluate activities, create backups, create a customised Cybersecurity Plan, and have good protection software. 

Antivirus, software updates, two-factor authentication, and a strong password policy are also required.