News

Luis Barreda: Cyber-attack, the worst enemy of companies

Experts say that there are currently two types of companies: those that have already suffered a cyber-attack, and those that will suffer one soon. The impact will depend on their ability to prevent and respond.

Do you have a company? Congratulations on the daily effort it takes to run it. Now, let's play a game. Imagine for a moment what a bad day would be like. I don't mean a tough day. Let's think about a really tough one: an important customer cancels a contract, a key employee announces he's leaving for a competitor, or a machine failure stops production for hours. Tough, right? Now, multiply that bad day by 100 and try to imagine the following: your company is the victim of a massive cyber-attack. Systems are paralysed, the supply chain comes to a halt, your customers' confidential data is compromised, the media starts publishing negative headlines about your company and your consumers lose confidence in your ability to protect their information and report their discomfort on social media. In addition, if your company is listed, be prepared to watch, in slow motion, as the stock plummets down the mountain. To make up the perfect storm, your legal department presents you with a preliminary report and informs you that they face millions in penalties if it is confirmed that they did not have the necessary data protection measures in place. And everything points to this being the case. On a scale of one to ten, how worried are you about that scenario? I hope very much.

This is the kind of disaster a cyber-attack can unleash, one that affects the entire structure of your company and demonstrates the devastating power of this silent enemy. It is not science fiction. It is an all too real scenario. Until a few years ago, the traditional risks faced by businesses rarely affected all of their core economic, reputational and human assets simultaneously. Now, a single digital security incident can expose their weaknesses in a comprehensive and ripple effect that impacts multiple critical areas simultaneously.

Experts say that there are currently two types of companies: those that have already suffered a cyber-attack, and those that will suffer one soon. The impact will depend on their ability to prevent and respond. In a hyper-connected world where one in five crimes is now committed online, one of the most insidious risks is the lack of cyber security.

The scale of damage caused by a cyber-attack can be devastating. A company's cyber security is only as strong as its weakest link, and often that link is the employee. In 2023, the cost of cybercrime worldwide accounted for nearly 1.5 % of global Gross Domestic Product, surpassing even arms trafficking, human trafficking and drug trafficking. And it has only just begun. Experts predict that by 2025 cybercrime will cost $10.5 billion annually. But what do the bad guys look like? Cybercriminals are becoming increasingly sophisticated. They often operate in organised groups that function like criminal enterprises, with clearly defined roles and structures.

In addition, they use advanced tools and social engineering techniques to exploit human and technological weaknesses, and use AI to refine their attacks, taking them to unprecedented levels of complexity and effectiveness. One of the most disturbing uses of AI is in the creation of deepfakes y deep voicetechniques that allow extremely realistic video and audio spoofing. These can be used to impersonate trusted individuals within an organisation, such as executives, by tricking employees into performing harmful actions, such as bank transfers or disclosing confidential information.

In addition, cybercriminals have been pushing their own boundaries for years. Healthcare facilities used to be a red line that many criminal organisations were reluctant to cross. In the last year, however, attacks on hospitals have risen sharply.

Despite advanced security technologies, the human factor remains the most common gateway for cyber attacks. Cybercriminals exploit the lack of training and naivety of some employees through social engineering tactics such as phishing. These attacks involve tricking employees into revealing confidential information or clicking on malicious links, thus opening the doors of corporate systems to attackers.

One of the most popular cyber-attacks faced by companies is Ransomware. This type of malicious software encrypts and hijacks all company data and demands a ransom to release it, usually in cryptocurrencies. Many companies end up paying, but the vast majority never recover the information. That's the devil's bargain. Another classic is the denial-of-service attack, which overloads the company's servers with massive traffic, causing service interruptions and consequent economic and reputational damage.

But let's move on to something that has made many CEOs start to value the role of their Chief Information Security Officers and include cyber security in their crisis communication management plans. In addition to reputational damage, companies also face severe financial penalties for failing to protect their customers' data. The EU's General Data Protection Regulation imposes fines of up to €20 million. You'd lose sleep over that too, wouldn't you?

That is why cyber security should be a strategic priority for all companies, regardless of their size. They should also include cyber risks among the most challenging scenarios in their crisis communication management and invest in advanced security technologies, train their employees on best practices and keep up to date with the latest threats. Cyber-attacks represent the biggest threat to a company's operations and reputation. Ignoring this silent enemy is a recipe for disaster. It is time to realise that digital security is not just a technical necessity, but a business responsibility critical to your success and survival.

Luis Barreda Gago is the director of Proa Comunicación and an expert in cybersecurity from the UNED.

Valvanuz Serna Ruiz -- Corporate Reputation, an Imperative in the Age of Transparency

Our managing partner Valvanuz Serna Ruiz discusses in Directivos y Empresas the importance of corporate reputation and why it serves as an essential shield in times of crisis. In addition, it is also a factor in attracting talent, in a context in which there are around 250,000 vacancies that are still...

PROA Comunicación reinforces its digital identity with a new, more accessible and innovative website

The strategic communication and public affairs consultancy takes a step forward in its evolution and offers a digital experience that reflects its personality and facilitates access to its services PROA Comunicación, a consultancy specialising in strategic communication and corporate reputation and public affairs, presents its new website as a...

A new reputation management model based on the expectations that really matter to stakeholders

PROA Comunicación advisor Juan Cardona presented a new corporate reputation management model at the AEMARK 2023 International Marketing Congress, held at ESIC University (Madrid). The model is the result of the work carried out by the "Intelligence & Society" Research Group at the University of...

PROA wins the Ana Baschwitz award for best Communication Agency

PROA Comunicación has been recognised as Best Communication Agency by the Ana Baschwitz Awards, which were held in Madrid for the first time, and which aim to promote the work of professionals in this sector. "It is an honour that in the first edition of these awards, to which PROA...

PROA Comunicación reinforces its team with the incorporation of Claudio Capdeville as account director.

PROA Comunicación, a communications and reputation management consultancy, announces the expansion of its team with the arrival of Claudio Capdeville as account director. In this way, PROA Comunicación confirms its commitment to the incorporation of senior professionals, with the clear objective of offering its clients...

The ACS trusts PROA Comunicación to strengthen its communication strategy.

The Spanish Association of Consultancy Firms (AEC), an umbrella organisation for the main national and international technology consultancy firms, has contracted PROA Comunicación to develop and execute its communication strategy. The consultancy firm, a benchmark in managing the communication of business associations, will work to enhance the public image and the...

More conversations, more ideas, more PROA.
Follow us on our networks.

Receive ideas with criteria

Every week we share reflections, trends and the key aspects of about reputation, strategic communication, public affairs and innovation. Content designed for professionals who value information with diligence and perspective.