In the 11th Congress of the Valencia Chapter of the Information Systems Audit and Control Association (ISACA Valencia) Mariano Benito, CISO of GMV Secure e-Solutions, moderated the panel discussion on “Types of Cybercrime: Which crimes are actually being perpetrated?”, with participation by cybercrime specialists from the Police, Guardia Civil and National Cryptologic Center (Centro Criptológico Nacional).

One of the findings that came out of the debate was that 80-85% of cybercrime could be avoided if, among other measures, organizations pursued systematic security-hardening policies (hardening a system by reducing its vulnerabilities, eliminating unnecessary system-software, -services, -users, etc, as well as closing unused ports). Other useful measures would be to segment networks and drive awareness-raising campaigns among the organization’s teams.

Likewise, the Guardia Civil pointed out that “the number of incidents being reported is growing exponentially”. Cybercrime-combatting investigation, in the words of the police, is tricky, mainly because “the cybercriminals are becoming increasingly effective”. Both police forces therefore stressed that “a special prevention and awareness-raising effort” is being made. The National Police are notably playing an active role in social media, running a twitter account (https://twitter.com/policia) with three million followers.

The panel discussion’s recommendation for dealing with any fifth-dimension criminal act was, firstly, to block the systems and then report it. Because, apparently “companies tend to report few of these crimes, preferring not to risk any dent in their reputation”. Before reporting it, however, “all information has to be collated” as well as the evidence to be attested by experts. The panel also urged organizations to “encourage their clients to take security measures capable of safeguarding their corporate information”.

To wind up, the Centro Criptológico Nacional confirmed that Spain’s National Security Scheme (Esquema Nacional de Seguridad) is helping companies to drive crime-deterring cybersecurity policies. To this picture must be added the work being carried out by the state security forces and corps, which, between them, help to win Spain fourth place behind only Germany, France and Italy in the cybercrime-detection ranking.