“You have received an income of 635.80 euros in your **** account. If you do not recognize this payment, follow the steps in the following link to cancel it. “Your package * has been shipped, track -vz5- live at the link below.” It is strange that in recent months you have not received a WhatsApp or an SMS with a message similar to these two with which we started this article. In recent times our mobile phones frequently receive texts of this type with a single objective: to swindle money directly or get hold of our data to do so later. The last two years have been marked by the Covid-19 pandemic. One of the consequences has been the increased use of technology by citizens to stay connected, a fact that has been exploited by cybercriminals to try to get a slice of it.
Every day in Catalonia about 300 scams are reported, of which between 85% and 90% are cyber dependent scams. That is, they need the Internet to materialize. Of all crimes committed online that are reported, also about 90% are scams. The province of Tarragona is not exempt from this type of crime, seeing how complaints about cyber-states have increased by 15% between 2019 and 2021, coinciding with the pandemic and confinement. Of the 6,494 complaints in 2019, they went to 7,483 last year.
Although it is logical to think that the pandemic has contributed to this increase in complaints of cyber scams, sources from the Mossos d’Esquadra clarify that “this increase is exponential and not explosive. In other words, year after year there is an increase in these complaints of between 3% and 5%. The increase is constant and during the pandemic it has remained at these figures.
The profile of the cyber scammer is that of a man between 30 and 50 years old and with computer skills. The main nationality is Spanish, although the Mossos d’Esquadra also find many authors who operate from abroad in their investigations.
Another idea that is held regarding this type of crime is that most of its victims are older people; The reality is not exactly this, since there is no pattern that allows defining a victim of cyber scams.
From the Mossos d’Esquadra they recommend, although it seems very obvious, “never give out our personal data, neither online nor by phone.” And also that “if any information that reaches us over the internet upsets us emotionally and asks us to do something urgently, it is almost certain that we are dealing with a fraud.”
70% of the cyber scams that are reported to the Mossos d’Esquadra in Catalonia occur through mobile phones. The duplication of the SIM card, the appropriation of the Whatsapp account or the demand for a ransom are some of the most common scams that occur through mobile phones.
Companies, also victims
The growing importance that digitization has also achieved in the business world has had a direct impact on the cybersecurity needs of organizations, according to the study ‘The current state of cybersecurity in Spain. Post pandemic: an unexplored path’, prepared by Deloitte, which offers an overview of cybersecurity in organizations in our country through the responses of those responsible for information security from more than 100 companies.
It highlights that there is a notable increase in the number of cyberattacks suffered, since the annual average of incidents has increased by 26% compared to 2020, going from 1.69 incidents on average in 2020, to 2.13 incidents in 2021. In addition, the sophistication of known threats has increased.
For César Martín Lara, partner at Risk Advisory responsible for Deloitte’s Cybersecurity practice, “at the present time, cybersecurity is more than ever a necessity for organizations. This can be seen in the increased awareness of companies regarding the importance of digital risks, which has resulted in organizations allocating a larger budget to cybersecurity and raising awareness among their employees. Despite this progress, however, there is still a long way to go.”
On the other hand, only 66% of the companies consulted review at least half of the business applications that are considered critical and, on the other hand, only 21% of the critical applications are reviewed in their entirety.
This review reinforces the protection of the organization and its data, which is why it is worrying that 15% of the companies consulted do not review even a quarter of their applications. However, fewer and fewer companies fail to review the applications that support their business.
There are several sectors that are above two incidents on average per year. These include the insurance sector, TMT (telecommunications, media and technology), manufacturing, banking and public administration.
Certain sectors such as banking and insurance are heavily regulated and have a reasonably high level of cybersecurity maturity.
The Deloitte report reveals that there is a relationship between the average number of incidents received by companies and their cybersecurity budget. In general, the organizations that bill the most are the ones that invest the most in their cybersecurity departments. They are also usually the most attacked, due to the greater potential impact that the cyber attacker can cause. Despite this, the effectiveness of the looser budgets in cybersecurity can be verified, in relation to the lower number of incidents suffered.