Basque Cyber Security Centre - Centro Vasco de Ciberseguridad

Basque Cybersecurity Day accomplishes its aim of dynamising the Cybersecurity sector in the Basque Country, gathering together over 1,000 participants

BCSday18, BCSC
06/11/2018

From its outset in September 2017, one of the Basque Cybersecurity Centre's main aims has been to promote cybersecurity measures in Industry, in order to raise the level of protection in Basque companies, and to promote cybersecurity as a tool to gain a competitive edge. To this end, our first year has seen us focus part of our efforts on connecting supply and demand, with reference to cybersecurity, as this is not a route which should be travelled alone.

With the celebration of this first Basque Cybersecurity Day, we have taken an important step in the right direction. The day offered over 25 speakers from 8 different countries, and welcomed an extremely successful total of over one thousand participants, cementing the BCSC as the Basque Cybersecurity meeting point.

The opening ceremony was presided over by Javier Diéguez, Director of the Basque Cybersecurity Centre. Diéguez announced that, thanks to the important impact of this first edition, the Basque Cybersecurity Day has taken its place among the top three cybersecurity events in the country; demonstrating that the Basque sector is mature, capable and growing.

Arantxa Tapia, the Basque Government Minister for Economic Development and Infrastructures, spoke next, to emphasize the work of the BCSC in its first year, culminating in its being approved as a fully-fledged member of FIRST, the most internationally important forum for incident response and security teams. Tapia went on to explain how the BCSC fits into the Basque Government's strategy for promoting new technologies, and its relevant role in Industry 4.0.

The Minister also announced that there are now 60 companies benefiting from the subsidies promoted by the BCSC, via SPRI, directed towards fomenting the implantation of Cybersecurity measures in the industrial sector, and the fact that the budgeted 600,000 euros had been allotted even before the call for projects was closed. On seeing the important response from Basque companies to this aid programme, and in order to continue fomenting the application of cybersecurity measures in Industry, Tapia announced that the 2019 budget would include around one and a half million euros, earmarked solely for cybersecurity support in businesses.

Cyberthreats and opportunities open the day's sessions

After the introductory session from the Centre and government, Mahir Nayfeh (a partner at McKinsey) took the stage, with a keynote speech which took the form of an interview, led by Samuel Linares (Accenture). Nayfeh shared his privileged view of the current state of the global problem of cyberthreats, both at a business and a geo-political level. He underlined the importance of a quick, efficient response, to reduce exposure-time and risk. Nayfeh did not miss the opportunity to discuss the cybersecurity situation here in the Basque Country, highlighting the important collaboration between public and private bodies here, and the value of holding events such as the Basque Cybersecurity Day.

This was followed by the first panel session, entitled "Supply chains: Targeting Small and Medium-sized Businesses", chaired by Susana Asensio (CCI) and peopled by representatives from important companies including Iberdrola Distribución, Aernnova Aerospace, Irizar eMobility and Siemens-Gamesa. The panel discussed how small and medium-sized businesses are targeted by cybercriminals in order to use them to attack bigger companies. In addition, they emphasized how these big businesses are demanding more and more cybersecurity measures from their suppliers, in the light of the fact that one of their major worries is data protection, and their analyses focused not only on their own internal processes, but also on those of their suppliers.

Public and Private collaboration and the opportunities this offers, was also discussed in the second panel of the day. Representatives from INCIBE, Finnish Information Security Cluster, Fundación ZIUR, ECSO and the BCSC itself, stressed the need for everyone within the sector to collaborate and push Europe's role in the world of cybersecurity, based on the fact that 70% of the 500 biggest cybersecurity companies have their headquarters in the United States. To this end, the speakers reiterated the need for a single European market and the importance of training in cybersecurity, given the market's great demand for professionals in the coming years.

The panel chaired by Urko Zurutuza (Mondragon Unibertsitatea) set the challenge for digital entrepreneurship, as a global goal. Now that the Basque Country enjoys international recognition for its capacity for innovation, it is key to find a means to reduce our dependency on technical eco-systems, such as those existent in the USA or Israel. Representatives from the Basque Government, Sonae Investment Management, Clúster IT Security Bayern and Cylon highlighted the strong eco-system of start-ups in cybersecurity present here in the Basque Country, and the need to support them from all sides: investment, generating markets and mentoring.

The afternoon sessions centred on role of the CEO , tendencies and digital citizenship

After the lunch break, participants at the Basque Cybersecurity Day were treated to the first-hand perspective of a CEO in business risk management, thanks to the keynote session offered by Rosa García (President of Siemens Spain). García spoke very positively about the digitalisation of businesses, but with the caveat that this should always be accompanied by plans to protect information and business continuity, since digitalisation and risk go hand-in-hand. Rosa García illustrated this with some very revealing data, namely that 80% of successful cyberattacks target employees, and that these people must be made fully aware and be properly trained.

The Tendencies panel, chaired by Pablo García-Bringas (Universidad de Deusto), confirmed one of the points discussed in the previous session: the vital push to raise awareness at every level. The speakers reiterated the point that company employees are the favourite target of cybercriminals because of their growing knowledge relating to the use of personal electronic devices in the workplace. The phrase of the day which resulted from this panel session and was echoed by all, was that we must not contemplate the money spent on cybersecurity as an expense, but as an investment.

The session entitled Digital Citizens: Towards a more cybersecure society? and chaired by José de la Peña (SIC Magazine), tackled the effects on society of misusing technology. Representatives from the Basque Government's Department of Education, the Ertzaintza, the Public Prosecutor and Psimebi once again underlined the importance of investing in training and awareness-raising at all levels of society, including parents who are a vital link in the learning chain referring to users of technology who are getting younger and younger.

The closing session of the event saw Estefanía Beltrán de Heredia, the Basque Government Minister for Security, who began by congratulating the members of the Basque Cybersecurity Centre for organising the event, and went on to emphasise the fact that cybersecurity is at once a worry, an obligation and a great development opportunity for our country.

The beginning of a journey to put the Basque Country on the world map of Cybersecurity

In the Basque Country, both the business sector and the general public are becoming more aware of the need to tackle cybersecurity. Currently, it is a question which worries many and occupies some. In this sense, and in accordance with the Industrial Cybersecurity Study, carried out between the BCSC and the CCI, 85% of Basque industrial companies are to increase their economic and human resources destined to fighting cybercrime in 2019..

Here at the Basque Cybersecurity Centre we will continue to work on initiatives to make the Basque Country a safer place and a benchmark for mature cybersecurity.