82 percent of data breaches are related to human error, according to the cybersecurity experts who participated in Sicur Cyber, part of the International Security Fair held from 27 February to 1 March at Ifema Madrid. The speakers also analysed the regulatory framework related to private security and highlighted, among other issues, the importance of controlled access for any cybersecurity plan.

In her speech on cyber manipulation, Elisa Yamaguchi of Sosafe gave warnings about and explained how a cyber-attack unfolds among a company's employees and how to "minimise the damage by being ready to identify such attacks". She stated that “82% of data breaches are related to human error” and added that “we are facing a landscape of digital threats which are more complex than ever, in which fields such as artificial intelligence, phishing, supply chain attacks, ransomware, geopolitical crises and MFA attacks among others come into play”.

Yamaguchi warned that “hackers manipulate us using behavioural science and psychology”: She added that “global events continue to be the perfect bait for phishing campaigns, including geopolitics, global health emergencies, economic crises and other events”. In her opinion, “these types of attack work because they play on the victim’s sensitivities”.
 

Attack Channels: Email, Social Media, Text Messages etc

The most-used channels for attacking companies in 2022 were “email, with 61% of the total, social media (34%), text messages and calls (29%) and messenger apps (26%). What’s more, “artificial intelligence poses a new danger for cyber-manipulation”. This expert also highlighted that “organisations must strengthen their cultures of security and are already planning to do to”.
 

Not all Attacks Come from External Sources

Roberto de Los Santos, Sales Engineer at Axis Communications, made reference to cybersecurity in the life cycle of security devices, and stated that “no device connected to the internet is immune from cyberattacks”. He also warned that “not all attacks come from external sources, often they come from within the company itself”.

In terms of prevention, he stated that this issue is shared between “system integrators and the end clients, who are also responsible for the systems”. He confirmed that “we are committed to developing systems which are as cyber-secure as possible, and when a vulnerability is discovered, remedying it as soon as possible”. Finally, he reviewed the main methods and requirements for products to remain cyber-secure throughout their life cycle.
 

Europe's Endeavors of Cybersecurity, Cyber Resilinece, and Artificial Intelligence

Natxo Rojo, Business Director at Dorlet Security, contributed a series of recommendations to make a physical security solution cyber-secure. He also analysed the regulatory framework related to private security and highlighted, among other issues, the importance of “controlled access for any cybersecurity plan”. He explained that “Europe is working on a series of directives and also binding acts for all member states related to cybersecurity, cyber resilience and artificial intelligence”. In this regard, he also highlighted the importance of cybersecurity certifications, both those issued by national bodies and agencies, as well as those of mutual recognition between countries, and those issued by the European Union Agency for Cybersecurity (Enisa). He reiterated that “ certifications are the only means to assess whether a product complies with cybersecurity conditions”.
 

Speeches on Cybersecurity

The programme continued on Thursday 29 February at Sicur Cyber with speeches:

• ‘Cybersecurity applied to physical security systems’, with Jordi Alonso and Juan Carlos Fúnez, Corporate Directors of products and IT respectively at Casmar
• ‘Cybercrime strategies of law enforcement’ - spokesperson Guardia Civil, National Police and Mossos d’Esquadra and the scope of certification of cyber security engineers will be addressed.

On 1 March, the last day of the exhibition, Sicur Cyber closed with three speeches:

• ‘Social Engineering and Physical Security’
• ‘Biometric Data Processing for Security Purposes’
• ‘Cybersecurity Training and Pathways for Building Skills'