Sin categorizar18 December, 20207 min de lectura

2020 balance of cyber incidents in Spain and projection for 2021

Balance de la ciberseguridad en España y proyección para el 2021

This 2020 has been the year of the heyday of cybercrime in which COVID-19 has had a catalytic effect that has exposed the vulnerabilities of the vast majority of companies that were not prepared in terms of cybersecurity to have their workforce working remotely. In this scenario, the cybercrime industry has seen a great opportunity and has acted very harshly through increasingly sophisticated attacks with the aim not only of stealing money from companies or asking for a ransom for freeing up their resources, but also to spy, to gain property. intellectual or governmental purposes.


The data that the National Intelligence Center (CNI) has just reflected in the XIV cybersecurity conference of the National Cryptological Center (CCN) are overwhelming. According to the agency, as a result of the pandemic, a clear increase has been detected not only in the number of cyberattacks, but also in their severity. In figures, during 2019 the CNI detected 3,172 highly dangerous cyber incidents, while in the current year 2020 they have doubled to 6,690. For its part, the CCN has detected a total of 73,184 total cyber threats in 2020, an increase of 70% over the previous year .

Representatives of both agencies agreed that “we are experiencing an exceptional situation that is putting us all to the test.”


There are many high-profile cases of cyberattacks that have reached the media throughout the year.

  • Adeslas : Your computer systems, such as those that manage medical test authorizations and user policies, had 6 weeks paralyzed from one day to the next due to ransomware.
  • Mapfre : Also due to ransomware, it had to leave 90% of its staff unable to work for several days due to a stoppage of its servers.
  • Zendal : The Vigo-based pharmaceutical company was the victim of an attack known as the CEO Scam. With this method, a hacker, impersonating the CEO, ordered an employee of the financial department to make a bank transfer for the amount of 400,000 euros, within the framework of a confidential operation for the development of a vaccine for Covid-19 with an Asian partner. The department, trusting that it was obeying management orders, repeated the operation several times. The result: a 9 million euro scam against the pharmaceutical company.
  • Vueling : Together with the parcel delivery company Nacex, they suffered a computer vulnerability that allowed a group of cybercriminals to inject malicious code into computer programs that allowed them to modify the behavior of certain services to access databases and steal information from thousands of users.
  • Prosegur : You had your servers disabled due to ransomware. The incident forced them to close all accounts and eliminate any communication with their clients and caused a serious internal crisis in the company, where clients such as Inditex could not explain how the company they had outsourced for cybersecurity could have been hacked.
  • Acciona, Adif, Decathlon or Endesa are other examples of large companies that have been attacked in this fateful 2020 in terms of cybercrime.
  • Thousands of SMEs . Still, the above cases are just the tip of the iceberg. According to data provided by, the vast majority of cyber attacks in Spain are carried out against SMEs, which are the target of 70% of cybercrimes . This figure is also below reality, because not all companies that are victims of cyberattacks choose to report for fear that their company’s image will be deteriorated.


The ways of obtaining economic benefits from hackers are increasingly diverse and depending on the objectives and the level of sophistication, some tactics are used or others.


When a hacker manages to paralyze a service by blocking the servers, they may ask for a ransom to free it again. In addition, once it has reached this point, cybercriminals already have a lot of information about the company, so they measure the amount demanded based on their victim’s billing.

According to data from Incibe, the National Cybersecurity Institute, paying a ransom does not guarantee that the data will be recovered, and in many cases it serves cybercriminals to request more than the amount originally demanded and even attack again in the future, understanding which is a company that is willing to pay.

Sale of data

Another way to monetize your work is through the sale of data. Once inside the servers, cybercriminals have access to corporate information, which they can sell to competitors, and to the information of their clients – personal data such as email, telephone or passwords – which are usually sold on the Deep Web to other criminals who they will reuse those credentials.

Usually the data is sold without the company having knowledge of this situation. He only finds out when it is an extortion case.

Penalty for non-compliance

In addition, by compromising the sensitive data of their clients, companies are exposed to serious penalties for not having sufficiently protected this data and thus violating the European data protection regulation GDPR.

IT layoffs

One possible consequence of the company being attacked is the dismissal of those responsible for cybersecurity. This is the case of companies like Prosegur, which fired its cybersecurity leadership after hacking their accounts, or Innovatech, which laid off more than 300 employees due to a massive ransomware infection.


From Softeng, coinciding with other cybersecurity experts, we highlight how the changes produced in teleworking will continue to pose great challenges, mainly due to the inefficiencies of remote access and the vulnerabilities of VPNs.

Devices used in homes will be more at risk, and cybercriminals may try to access corporate computers through employees’ personal devices.

More ransomware attacks

Ransomware attacks are being one of the most effective tools of cybercriminals, and what we will see is an increase in 2021. We will see an increase in Ransomware as a Service attacks of ‘double blackmail’, in which the threat is both kidnapping of the data as the public release of the same.

New forms of phishing

Email will continue to be the main gateway for cybercriminals, but with increasingly sophisticated lures. Social isolation encourages people to share more personal information online, which hackers use to create more compelling lures that lead to fraud and compromise company emails.


Fortunately, companies have started to take it very seriously and take strong measures to protect their assets. This year our clients have taken an important leap in the protection of their companies: 87% of them have increased their protection, of which 92% have significantly reduced the number of threats and security breaches.

Basic measurements are no longer enough

According to data from Microsoft in its Microsoft – Digital Defense Report 2020 report , the vast majority of the compromised companies did not have even basic protection, such as the use of double authentication for user access to corporate resources or email protection and links . In these circumstances, the vulnerability is very wide and the effort of a hacker to access the data very little.

Adopt a Zero Trust strategy

Zero trust is the best defensive approach your organization can take. Conventional ways of securing access to the corporate network, applications and data are no longer adequate in this new context. With an increasingly dispersed workforce, critical business data now sits outside the corporate firewall. So instead of assuming that your organization is safe behind a firewall, you should assume that there will be a security breach either through malicious intent or carelessness.

You want to know more? Contact us!

Yes i want to know more