INCIBE-CERT is the public response center for cybersecurity incidents that affect citizens and private companies in Spain. It is run by the Spanish National Cybersecurity Institute (INCIBE) which depends on the Secretary of State for Digitalization and Artificial Intelligence attached to the Ministry of Economic Affairs and Digital Transformation.

In order to handle incidents targeted at organizations with critical infrastructures or strategic elements for National Security, the INCIBE-CERT works closely with the National Center for Infrastructure Protection and Cybersecurity (CNPIC), attached to the Ministry of the Interior.

The documents and content this leading incident response team produces are of great value to the cybersecurity community in Spain, as they often provide essential information and data. For instance, on March 23 of this year, this Center released the Cybersecurity Balance 2020, providing key figures on cybercriminal activity over the last year in Spain.

Thousands targeted_

This report indicates that the INCIBE-CERT has dealt with 133,155 cybersecurity incidents during 2020, out of which 106,466 targeted citizens and companies and 25,499 the Spanish Academic and Research Network. The center also highlighted that 79,059 cases of computers controlled by botnets were recorded (although it points out that the disinfection rate is growing year on year) and 19,221 vulnerabilities, a figure that has increased exponentially during the pandemic due to factors such as the rise of working from home, as we mentioned in the previous blog post.



However, the stand-out figure is the number of strategic operators (with critical infrastructures) that they helped with cybersecurity incidents: 1,190. This high number coincides with the trend already observed by the CCN-CERT in September last year, when it mentioned in its report “Cyberthreats and Trendsthat this figure leapt from 17 incidents in 2013 to thousands of incidents from 2018 onwards.  In addition, the center specified that the financial, tax, energy and transport sectors jointly accounted for 50% of incidents handled.

While these incidents didn’t get to the point of causing serious harm or interrupt system operations, there’s no doubt that they could pose a very dangerous threat. In fact, they could even put the population’s health at risk, as the cyberattack on the water supply plant in Florida demonstrated.  For all these reasons, it’s essential that SOCs have a highly developed and pro-active cybersecurity strategy and solutions for their advanced cybersecurity operations.

Anticipation and visibility in real time_

Given the rise in cyberattacks against critical infrastructures, now, more than ever, cybersecurity professionals from these organizations need to get a step ahead of their adversaries, through analytics and visibility in real time. Carlos Manchado, CISO of the big electricity and gas company Naturgy confirmed this in an interview: “We need to use a Threat Hunting service. This service must offer technology that has the right detection and mitigation capabilities. [Moreover] the Threat Hunter isn’t just associated with the EDR and must work with SIEM, the firewalls and with all the technologies that we have within our reach to identify behaviors. Generally speaking, the quicker the threat is detected, the faster we move forward and the response and mitigation will probably be more effective, thereby reducing the impact.”

Cytomic Covalent delivers all these features. On the one hand, it includes Cytomic Orion, which speeds up Threat Hunting and, therefore, incident response and search for malwareless threats, always based on scaled behavior analytics from the cloud. On the other, it incorporates all the functionalities of the Cytomic EPDR, integrating in a single solution a comprehensive suite of preventative and endpoint protection technologies. This means that infrastructure operators will be equipped with the appropriate capabilities to face the existing and future threats highlighted in reports like the INCIBE survey.