Individuals and companies are increasingly aware of these dangers and are preparing to face them, training and creating more layers of security, but are public institutions doing the same?
Recently, the hijacking of the computer systems of the Seville City Council became known, perpetrated by a well-known hacker group called Lockbit.
The truth is that the key to cybersecurity, apart from training employees in this aspect, is directly having human resources specifically prepared to defend data security. This is where the first problem is, since the salaries and services that public institutions have are far below what private institutions have.
It is true that last year, the Government approved the National Cybersecurity Plan, which aims to establish a uniform action process among all institutions and entities in the country. And while the objective is good, this law was approved just over a year ago, so Spain is far behind with respect to the capabilities and systems that cybercriminals have.
At the same time, due to a lack of experience and resources, public institutions are not managing the vulnerabilities they have correctly, and that is why it is normal for attackers to take advantage and repeat objectives, as has been the case in Seville. Preventive security should be one of the pillars of city councils and other public organizations, and its implementation should be immediate.
The truth is that at least in Spain, the lack of protection is not punished with sanctions, and therefore companies are only fined when user data is leaked. Perhaps the approach should be different, and the government and other organizations that represent citizens should be the first to set an example and equip themselves as they should in cybersecurity matters.