The key to preventing a cyberattack is to think that you can be cyberattacked. It seems an obvious postulate, but, unfortunately, it is not taken into account on more occasions than one might imagine. Today, with truly global criminal organizations engaged in data trading, no company or entity, regardless of size or activity is exempt from becoming a target, as cybercriminals attack, examine the information they may have accessed and decide whether or not it has value for blackmail, but the damage has already been done.

Cybercrime concerns us all, even more so if we take into account that the percentage of Spanish SMEs with at least a basic level of digital intensity currently stands at 67.50%, according to the European Commission’s DESI 2023 index, and this figure is tending to grow. In fact, the objective of the European Digital Decade Policy 2030 program is to raise this percentage to 90%.

As we said before, whether or not you end up being a victim of extortion due to the quality of the data you handle, the impact of a cyberattack on an organization often involves the paralysis of the activity and consequently its reflection in the income statement, apart from the reputational damage of the brand in the eyes of customers, which is difficult to calculate. Therefore, it is essential to have a good recovery and continuity strategy that will enable you to quickly restore your service to normal with the highest quality.

And we speak from experience since an aggity subsidiary in Spain suffered an attack just a few weeks ago and thanks to having a robust action protocol and response plan, in less than 24 hours we were able to have the service up and running again for our customers. Thus, after detecting the attack, our subsidiary communicated the risk situation to the potentially affected organizations immediately and coordinated the relevant communications from customers to the authorities, as required by regulations. Likewise, and in spite of not having certainty of the possible theft of information, it reported the incident to the relevant data protection authority before proceeding to activate the established Recovery and Continuity Plan.

This plan, structured in layers, contemplates a server infrastructure in a backup center hosted in a different location from the working server and equipped with different protection measures, including good backup planning. As a result, once the attacked server was isolated, aggity’s subsidiary set up a new server from the most recent backup prior to the cyber-attack (recovery point) in just six hours. And as mentioned before, within a few hours the service was back up and running.

Following the incident, and pending the results of the forensic analysis, the company has also evolved the SIEM (Security Information and Event Management) monitoring system that covers its entire infrastructure and works in conjunction with an XDR (Extended Detection and Response) solution, which will make it possible to detect and investigate threats, as well as respond to and defend against them.

The company, which has thus prevented the theft of customer data that could potentially have been affected, has also decided to set up a double authentication system in view of the evidence, yet to be confirmed, that the system breach may have originated from end-user access.

In conclusion, we have to think that we will never be 100% secure, but we have demonstrated that, when we have an advanced recovery and continuity plan, it is possible to minimize the impact of cyber-attacks to the maximum and ensure continuity of service. This incident reaffirms the importance of focusing on the weakest link, the end user, and motivates us to maintain our commitment to excellence in customer service with the teamwork of qualified people and a perfectly coordinated action plan that is always essential, especially in critical situations such as the one experienced.