Offensive techniques have become more sophisticated, the attack surface has expanded, and the growing revenues of cybercriminals have strengthened their financial capacity.
In Anglo-Saxon technology jargon, the term cyber trust is used to designate the digital trust that companies generate in their customers. Business schools will probably end up embracing the concept, elevating it to the status of an intangible business asset, as was the case in the past with trademarks, patents or copyrights. After all, the idea that digital trust may contribute to sustained revenue generation and customer loyalty does not seem far-fetched. Only time will tell, but what can indeed be asserted today is that in a world where cybercrime is a growing threat, the public's ability to trust their companies and institutions when interacting digitally is an issue that transcends ethical requirements and has become an indispensable condition of modern life.
It is apparent that in the fight against cybercrime we have made significant progress by deploying a sophisticated protective shield of increasingly sophisticated technological solutions backed by growing investments. According to Gartner, by 2024, global investment in cybersecurity will reach €251 billion, the equivalent of Portugal's GDP.
However, if cybersecurity has advanced in parallel with digitalisation, so has cybercrime. Offensive techniques have become more sophisticated, the attack surface has expanded, and the growing revenues of cybercriminals have strengthened their financial capacity. And while our defensive resources outmatch the intrusiveness of attackers - we are able to repel the vast majority of attacks and have scaled technological solutions appropriately - cybercrime continues to grow year-on-year. In 2022 the increase was 22%, according to the Ministry of the Interior.
This trend is primarily explained by the surge in cyberattacks using social engineering techniques.That is, those who use deception to abuse the victim's trust and convince and pressure them, with credible excuses, to engage in activity for the benefit of the cybercriminal; for example, downloading a malicious file, making a payment, disclosing personal credentials, or making a purchase. The deception occurs when the cybercriminal usurps the identity of a legitimate organisation, such as a public body, a well-known company or a bank, to contact the victim on its behalf and execute their malicious plan.
CECA and its associated credit institutions are devoting a great deal of attention and resources to this new type of cyberattacks. On the one hand, because they are easy to disseminate due to the capillarity of digital communication channels, which have become the main entry point for fraud. According to the latest cybersecurity survey conducted by Sigma Dos for CECA, 73% of Spaniards admit to having received fraudulent emails, SMS or WhatsApp messages in the past year, 43% a deceitful phone call and 35% a suspicious contact via social media. In other words, we are facing a very high intensity offensive.
On the other hand, the surge in social engineering is also worrying because it takes place in a context of low public awareness of cybersecurity issues. 6 out of 10 Spanish recognises know little or nothing in the matter, and also, according to is inferred of the above-mentioned survey, the citizens that they say have great knowledge suffer from a turn of over confidence, since are precisely they who exhibit, in practice, riskier digital behaviours.
Lastly, social engineering attacks also represent a disconcerting threat to conventional cybersecurity, as their goal is not so much to exploit a computer security breach as to exploit a breach rooted in human error. Faced with this new reality, technological prevention measures have clear limitations because, although they are effective against computer attacks, they are not effective against psychological deception.
In response to this new cybercrime scenario, the banking sector has been implementing ongoing campaigns to raise customer awareness of cyber risks and measures to prevent them. The cornerstone of such initiatives is the collaboration between key representatives of the banking sector and the public sector. Last April, CECA, in conjunction with the Spanish Banking Association, Unacc, ASNEF, INCIBE, the Civil Guard and the National Police, launched the campaign 'Protect yourself, avoiding fraud is in your hands', an initiative geared towards preventing cyber scams and promoting the digital security of citizens through outreach and training programmes. Through the use of audiovisual content disseminated through social networks, the media and bank branches, the public and private sectors are joining forces to promote cybersecurity training and help citizens operate safely in digital environments.
6 out of 10 Spanish recognises know little or nothing in cybersecurity and those which say have knowledge suffer from over confidence
Awareness campaigns such as this one certainly demonstrate the banking sector's commitment to the cybersecurity of all its customers, but the responsibility is a shared enterprise. Thus, although the vast majority of Spaniards, 85% according to the CECA survey, recognise that they receive informative communications from their financial institution and value their usefulness very positively, only half say that they put them into practice. This finding should serve to reflect on the role that citizens have to play in the prevention of digital fraud.
Perhaps the concept of cyber trust should in the future be seen from the perspective of reciprocity. After all, although banks are the institutions that Spaniards trust the most when it comes to protecting them against cyber fraud (and, according to the Sigma Dos survey, are ranked ahead of the State Security Forces, public administrations and technology companies), it is now more necessary than ever for citizens to act with co-responsibility, reinforcing their diligence and exercising extreme caution when it comes to interacting digitally. This is a collective necessity. We only need to look at those around us. Who doesn't know more than one person in their family, social and professional circle who has been a victim of cyber fraud in the past year?
