- Cybersecurity
Safer Internet Day 2024: the Government puts the focus on hypercalling
The Cybersecurity Agency of Catalonia (ACC) has published its 2025 Outlook Report, an in-depth analysis of the risks, trends and challenges that will mark the immediate future of cybersecurity. This document warns of the increase and sophistication of cyberattacks, especially in a context of growing digitalization, geopolitical conflicts and the popularization of technologies such as artificial intelligence (AI).
Personalized and massive scams
During the year 2024, massive personal data leaks have put millions of sensitive pieces of information into circulation, which will be used by cybercriminals to execute much more credible scams. The Phishing, the smishing and the vishing they evolve towards hybrid forms that combine elements of the physical world (such as QR codes on posters or fake fines) with digital strategies.
The use of AI will also allow these deceptions to be automated and personalized, increasing their effectiveness. Deepfakes, voice and image impersonation, and multiplatform attacks will become commonplace, putting the digital security of many citizens at risk, especially the most vulnerable.
AI, new challenges
The report highlights that artificial intelligence is also a key tool for protecting networks. AI systems will help detect suspicious behavior in real time and automate incident response. However, this same technology will be used by attackers to create more sophisticated deceptions or even to directly attack AI models (such as LLMs) through techniques such as prompt injection.
Ransomware and geopolitical risks
Another focus is ransomware, which will continue to evolve with increasingly sophisticated extortion techniques, such as triple extortion (threatens the company, its customers and regulators). SMEs, often with fewer resources, will be a preferred target.
Likewise, geopolitical tensions favor the proliferation of destructive cyberattacks, such as DDoS attacks or the use of wipersThe consolidation of alliances between cybercriminal groups with political or economic interests is also expected, increasing the risk to critical infrastructures.
Towards collective cybersecurity
The ACC emphasizes the need to adopt security models based on "zero trust" (zero trust), especially in a world where supply chains are increasingly interconnected and vulnerable. It also recalls that 2025 will be a key year to adapt to new regulations such as the NIS 2 Directive, the Cyber Resilience Regulation or the DORA Regulation.
National Security Scheme, a first step
To advance in improving cybersecurity, a good first step is to start walking and addressing the most basic levels of certification in the National Security Scheme. In this sense, the ENS for Local Administrations based on the Specific Compliance Profile of Essential Security Requirements is the initial framework that must be addressed to guarantee a first level of protection in the current scenario.
The Cybersecurity Agency of Catalonia, recognized as a Technical Audit Body (OAT) by the National Cryptologic Center (CCN)
El recognition of the Cybersecurity Agency of Catalonia as a technical audit body It allows you to address all audit functions in accordance with the ENS, from evaluation and verification, to certification, complying with current regulations to guarantee that they are carried out with the appropriate technical and organizational capacity and with complete impartiality and absence of conflicts of interest.