Cybersecurity in Spain

As one of the largest and wealthiest countries in Europe, Spain has made deliberate efforts to lead the charge and invest time, money, and resources into its systems and organizations designed to fight back against cybercrime [1].

More than 70% of the Spanish population use the internet every day. But these individuals, as well as businesses and groups of all sizes, are all putting themselves at risk of some form of cyberattack each time they go online.

After the many high-profile cases of cyber-attacks all around the world in the last years, Spain and its people are more aware of the importance of cybersecurity than ever before.

Cybersecurity institutions in Spain

Spain, like most other European countries, adopted its own National Cyber Security Strategy several years ago. The plan was introduced in 2013 and accompanied by the strengthening of Spain’s pre-existing cybersecurity institutions and networks.

Spain has two different cybersecurity emergency response teams under the names INCIBE-CERT [2] and CCN-CERT [3].

INCIBE-CERT was established in 2008 and has jurisdiction in all Spain, meaning that this is the emergency team responsible for the general public, businesses, and other Spanish groups, while CCN-CERT is focused solely on governmental institutions.

The primary cybersecurity institution in Spain is the Centro Nacional de Protección de las Infraestructuras Críticas (CNPIC) [4]. It’s aimed at strengthening Spain’s cybersecurity by raising awareness of the relevant issues and responding to cyber-attacks. INCIBE-CERT is under the control of the CNPIC and can be used to respond to cyber-attacks.

Spain is also part of the Fourteen Eyes network, which is an intelligence alliance between major countries around the world, including the United States, the United Kingdom, France, and Australia. This alliance allows the intelligence agencies from these countries to make use of various techniques to monitor cyber data and then exchange it with one another, with the aim being to prevent terrorist attacks and to protect the people.

The term “cyberwar” isn’t often used in Spain, but the county’s security experts have warned that Spain could be under threat of a major cyberterrorist attack [5]. This could trigger a larger focus on offensive and defensive cyberwar efforts in the future.

Cyber-attacks in Spain

Spain’s cyber-attack stats are quite troubling, showing a gradual increase in the number of attacks yearly [6]. According to multiple studies, Spain seems to be among the biggest victims of cybercrime out of the major European nations [7].

In 2011, Spain endured its biggest cyber-attack yet. Telefonica, a huge telecom company and several others around the country and neighboring countries, were affected by ransomware [8]. Ransomware is a type of malware that locks users out of their own data, promising to unblock it for a price, which usually has to be paid with cryptocurrency to an anonymous account.

While this was one example of a major Spanish corporation targeted by hackers, most attacks occur at a smaller scale.

Statistics from Spain’s National Cryptology Center revealed that up to 90% of the nation’s most severe cyber-attacks were from foreign sources, including foreign governments [9].

Unfortunately, only a small percentage of cybercriminals end up in Spain’s court. In 2017, about 3,700 cases of fraud using information and communication technologies reached the courts, with several hundred more cases where cybercriminals faced small prison terms and fines. The majority of cybercriminals manage to escape unpunished [10].

Educating society on cybersecurity

Spain is still in progress towards providing stronger cybersecurity measures, with several new organizations and research centers opening in recent years, i.e., the “Cybercat” center in Catalonia. The country and its government have an open-minded and proactive approach to cybersecurity, gladly welcoming new ideas and initiatives.

A big focus of Spain’s National Cyber Security Strategy is to educate the general public on cybersecurity and raise awareness regarding cyber-attacks and what can be done to protect against them. The authorities understand that to see the stats on cybercrime in Spain dropping, the Spanish people need to know what they’re dealing with and the best ways to protect themselves.

When it comes to cybersecurity education and training options, Spain excels compared to some other European countries. A significant part of Spain’s National Cyber Security Strategy is “raising the awareness of citizens, professionals, and companies about the importance of cybersecurity.” [11]

Spain country has introduced a variety of new educational tools and courses to teach people about cybersecurity and the importance of online. It wants to help prepare a generation that is “cybersecurity savvy” and in such way, reduce the number and likelihood of cyber-attacks.

Top cybersecurity tools in Spain

While stats show that most Spanish people use the internet on various devices each day, a worrying amount of them don’t use encrypted connections or any protection to stay safe online. Some studies even indicate that three in four of Spain’s internet users have zero protection. This is particularly worrying as one weak link puts others at greater risk.

Thanks to Spain’s cybersecurity initiatives, more and more people are adopting cybersecurity solutions. Anti-malware tools are the most popular choice, but a growing contingent of Spaniards are using VPNs to stay safe online. Compared to the UK or Germany, the progress in Spain has been slow, but individuals and businesses are beginning to understand the importance of cybersecurity.

Resources used: