When it comes to cyberattacks, it's not so much matter a question of if an organization will be targeted, but when.

Early in December 2021, the Catalan government suffered its worst distributed denial of service (DDoS) cyberattack ever. In the space of a few hours, attackers routed 350Gbps of data to the Generalitat's information systems, representing 100 times more traffic than it would typically receive within the same timeframe. The incident was contained within three hours.

Special Report

Cybersecurity: Let's get tactical

As the sophistication, frequency, and consequences of cyberattacks continue to evolve and grow, so private companies and public agencies alike must adapt.

A couple of months prior to the DDoS attack on the Generalitat, the Autonomous University of Barcelona (UAB) was forced to revert to pen, paper and chalkboards when it was hit by a ransomware attack. The connection to the network was reset at the end of December, with most email accounts having been recovered -and a double authentication system applied -which allowed virtual classes to resume. While most systems have since been restored, others aren't expected to be fully functional until the end of January.

SEE:A winning strategy for cybersecurity(ZDNet special report)

These incidents are, unfortunately, not outliers. According to the Spanish National Institute of Cybersecurity (INCIBE), Spain has seen more than 150,000 cyberattacks since the beginning of the COVID-19 pandemic. Other high-profile cases include: an attack in April last year on the Spanish government agency that manages unemployment benefits; Catalan hospital Mois