TEXT PABLO FUENTES | IMAGES MAPFRE
For this reason, MAPFRE has launched an internal cybersecurity awareness campaign to improve prevention and awareness of this type of risk.
Cybersecurity is a basic pillar of digital transformation, because living in the world today of new technologies and the digital era, we are increasingly exposed to cybercrime. This situation has been aggravated by the COVID-19 pandemic, which has accelerated the digitalization and connectivity of people and companies. This has created an environment conducive to cyber-attacks, like the one that MAPFRE successfully faced in 2020 in Spain, one of the most challenging times in the company’s history.
In a report called Cyber Threats and Trends: 2021 Edition, the CCN-CERT (Information Security of the National Cryptology Centre, CCN, attached to the National Intelligence Centre) discusses the rising number of incidents and their severity, which have come about due to the forced digitalization of society.
The Spanish National Cybersecurity Institute (INCIBE) handled 133,155 incidents in 2020, 80% of which involved citizens and companies. These numbers were twice as high as those from the previous year, prompting the experts to start calling the phenomenon a “cyber pandemic.”
In this context, individual responsibility is an important concept. In other words, any of our actions can cause a major threat to our security. In fact, 95% of cyber-attacks or incidents are due to human error, according to the IBM Security X-Force Threat Intelligence Index study, so prevention through employee awareness should be a priority for all corporations.
This is why MAPFRE has launched a cybersecurity awareness campaign called Firewall Mindset MAPFRE, #CybersecureCulture, which seeks to promote MAPFRE’s security culture within the framework of the Cyber Resilience Plan (CRP).
The initiative is also part of the Digital Workplace Information Protection project that encourages the company’s employees to work in a more agile, collaborative, and secure way by using digital collaboration tools.
It is a 100% digital campaign aimed at teaching users to prevent and act against the most common attacks. Through storytelling and a fun, entertaining methodology based on gamification, cyber-agents learn from real cases and build their OPDA (Observe, Think, Decide, and Act) skills, the “mantra” of the project, which will allow us to be prepared for future cyber-attacks.
MAPFRE wants all its professionals to be aware of the importance of our commitment to online security in professional settings and in our personal and family lives. It also provides a wonderful opportunity for us to enhance and build on our knowledge of cybersecurity.
Through gamification, users solve real cases of different types of cyber-attacks.
The numbers: Spanish National Cybersecurity Institute (INCIBE) handled 133,155 incidents in 2020, 80% of which involved both citizens and companies. These numbers are twice as high as the year-earlier figures, prompting experts to start calling the phenomenon a “cyber pandemic.”
MAPFRE incorporates its first 7,300 cyber-agents
More than 7,300 people have already participated in the campaign, which began at the end of 2021 in Spain, and 3,800 of these participants have already received their diplomas as cyber-agents for the company. All of them have passed different challenges, ranging from viewing a webisode, a report by an expert with an explanation of a case, some tips or keys to the case, an exam or open case, and finally the solution and closure of the case. In total, the platform received more than 159,594 video views, around 1,781 likes, and 2,013 comments.
As of this year, the campaign’s launch in Spain is almost finished, and it’s starting to be launched in MAPFRE’s other regions and countries.
This campaign is one of the initiatives of the MAPFRE Cybersecurity Awareness Working Group, which consists of the Corporate Security Department, the Corporate People and Organization Area, and the Corporate External Relations and Communication Area, which also promotes other actions aimed at creating a culture of security in the company.
These include activities such as courses on comprehensive security training for 22,000 employees and data privacy for 19,000; distributing protective cover for credit cards to more than 11,000 professionals in Spain; the quarterly publication on the Global Intranet and the People App of videos and infographics with cybersecurity tips; and the performance of simulations and cyber exercises in different countries to measure the effectiveness of training and awareness actions.
Thetypes of cyber-attacks that increased the most during the pandemic
According to the Spanish National Cybersecurity Institute (INCIBE), the kinds of cyber-attacks that increased the most in 2020 were the following:
Corporate Phishing or BEC (Business Email Compromise)
That take advantage of the increase in remote work. This category of attacks includes CEO fraud, which is up 15%.
Taking advantage of the health crisis, cyber criminals launch massive phishing campaigns. They’ve also modified the type of malware they use to achieve wider-scale attacks.
This is a new cyber-attack trend, a consequence of the lack of maturity and effectiveness of process safety at many organizations One of the biggest incidents was the breach of Microsoft’s source code.
Which has become more targeted and dangerous, allowing cyber criminals to demand a higher ransom payment.