More than 90% of cyberattacks are enabled by human error, according to K-cryptography and Information Security for Open Networks.
The data is clear, it says, with cyber-attacks increasing in recent years and the cybersecurity situation becoming increasingly complex.
According to the latest report from ENISA, the European Union Agency for Cybersecurity, attacks increased in 2020 and 2021 in terms of vectors and number and their impact. And according to McAfee, ransomware-type attacks (attacks that demand ransom in exchange for stopping or releasing the hijacked information) are the most common.
“Over the past two years, we have had not only a health pandemic but also a real pandemic of cyberattacks and cybercrime,” said David Megas, leader of the K-cryptography and Information Security for Open Networks (KISON) research group. †
“Cybercriminals have benefited from the pandemic in many ways. In addition, with the increase in telecommuting, cybercriminals have had easier access to computers that were not as well protected as corporate ones,” he says.
“And arguably the most common form of attack in these two years has been ransomware, affecting all kinds of institutions: banks, energy suppliers, telecommunications companies, universities, and public services.”
Helena Rif, the researcher in the KISON group, says: “Cybersecurity is not just a technical discipline; it spans many areas of knowledge and affects many different departments and practices in companies.
“If this is the case, the major cybersecurity challenges are not just technical but transcend the boundaries of technology,” she says.
1. Awareness, the first line of defense
According to IBM data, over 90% of cyber-attacks are fueled more or less by human error. Therefore, despite technological advances to minimize threats, the first major line of defense is user awareness and good practices.
“Many of the cybersecurity challenges businesses to face stem from known vulnerabilities. If we all did our homework, it would be easier to mitigate online threats. We all use electronic devices and should all have minimum cybersecurity in place.”, says Rif.
2. A New Generation of Hybrid Threats
Cyber-physical systems are increasingly present daily, from industrial control systems and energy infrastructure to home automation. The technological revolution they are promoting, which has generated multiple business opportunities, brings its threats, combining both complex technical and human aspects.
3. And more advanced defense tools
With the increasing complexity of threats, artificial intelligence (AI) and machine learning are becoming increasingly important security tools.
“The greatest scientific challenge today is trying to stay ahead of increasingly sophisticated threats,” added Rif.
“AI is increasingly used to quickly identify and resolve attacks and vulnerabilities.”
4. Towards sustainable cybersecurity
Megas says we are all responsible for managing and protecting the resources in our environment for future generations. The basic definition of sustainability is also relevant in the field of cybersecurity.
“In this sense, sustainability is understood as the mechanisms that ensure that stakeholder interactions (users, service providers, and device manufacturers) with the technology ecosystem are well-considered and with a full understanding of their implications for the security and stability of the system,” he says.
The Internet of Things is driving an unprecedented increase in devices sharing users’ sensitive data and information. In addition, 5G and other telecommunications technologies enable broadband connectivity for an almost unlimited number of devices, multiplying the Internet infrastructure.
“Consequently, the technology infrastructure becomes unsustainable due to various malicious threats and unintended errors. It is imperative to realize a more sustainable ICT infrastructure by providingsecure solutions and ensuringe privacy,” he says.
5. The Great Privacy Battle
Cyber attacks are not the only way users’ data can be compromised. In many cases, data is exposed by the platforms’ architecture themselves or by netizens’ ignorance.
“Technology still needs to solve many issues to protect better data, such as being able to send only the precise information for any purpose, better anonymizing databases, and ensuring privacy for all data stored on the Internet,” says Rif. †
“On a social level, we also need to provide usability methodologies so that people know how to act on social media and the internet in general, what can be shared and what can’t,” she says.
“Ultimately, the big challenge is making data security and privacy compatible so that technology is usable and we can work comfortably with it while protecting our systems and data.”
