According to experts, we are living through a real pandemic of cyberattacks. More than 90% of cyberattacks are made possible by human error.
An attack by a hijacking program (ransomware) locks up a company's computer systems and asks for a ransom in cryptocurrencies in return. A malicious program (malware) infects a network of objects connected to the Internet of Things to steal the personal data of its users. To talk about cybersecurity is to talk about technology. However, it is increasingly common to study cyber risk under an interdisciplinary perspective. After all, threats are technological, but they also have to do with behavioral, social or ethical factors.
The cybersecurity scenario in 2022
Wherever the data is sought, the conclusion is always the same: cyberattacks have been on the rise in recent years and the cybersecurity scenario is increasingly complex. According to the latest report by ENISA, the European cybersecurity agency, attacks have continued to increase during the years 2020 and 2021, not only in terms of vectors and number, but also in terms of impact. And, according to MacAfee, ransomware-type attacks (which ask for a ransom in exchange for stopping or releasing the hijacked information) are the most common.
"During these last two years, we have not only had a health pandemic, but there has been a real pandemic of cyberattacks and cybercrime," says David Megías, leader of the research group K-riptography and Information Security for Open Networks (KISON). "Cybercrime has specialized in taking advantage of the pandemic in many ways. In addition, with the increase in teleworking, cybercriminals have had more facilities to access computer resources that were not as well protected as those of companies. And, without a doubt, the star attack in these two years has been ransomware, which has affected institutions of all kinds: banks, energy providers, telecommunications companies, universities or public services, "he adds.
The great challenges of cybersecurity in 2022
"Cybersecurity is a very transversal discipline, not only technical, in which many fields of knowledge are involved and which, in turn, affects many different departments and practices in companies," says Helena Rifà, also a researcher at the KISON group. Thus, the great challenges in the field of cybersecurity are not only technical, but transcend the borders of technology. These are, according to UOC experts, the main challenges of cybersecurity.
1. Awareness, the first line of defense
More than 90% of cyberattacks are possible, to a greater or lesser extent, by human error, according to IBM data. Therefore, despite technological advances to minimize threats, the first major line of defense is formed by awareness and good practices of users. "Many of the cybersecurity problems that companies have occur through vulnerabilities that are well known. If we all did our homework better, it would be easier to reduce threats on the network. We all use electronic devices and we must all handle a minimum of cybersecurity, "explains Helena Rifà.
2. A new generation of hybrid threats
Cyber-physical systems are increasingly present in our daily lives, from industrial control systems or energy infrastructures to home automation. The technological revolution that they are promoting, and that has generated multiple business opportunities, entails their own threats, which combine both complex technological aspects and human aspects.
3. And more sophisticated defense tools
Faced with the increasing complexity of threats, artificial intelligence (AI) and machine learning are gaining weight as protection tools. "The biggest scientific challenge today is to be able to anticipate and foresee threats that are increasingly sophisticated," says Rifà. "AI is increasingly present both to quickly identify attacks and vulnerabilities and to solve them," adds the expert.
4. Towards sustainable cybersecurity
We are all responsible for managing and protecting the resources in our environment so that their availability is not compromised in the future. The basic definition of sustainability is also accommodated in the field of cybersecurity. "In this sense, sustainability is understood as the mechanisms that allow the interactions of stakeholders (users, service providers and device manufacturers) with the technological ecosystem to be deliberate and with full knowledge of the actions and their consequences on the security and stability of the system," says David Megías.
The Internet of Things is generating an unprecedented increase in the number of devices that share sensitive user data and information. In addition, 5G and other telecommunications technologies allow broadband connectivity of an almost unlimited number of devices, multiplying the internet infrastructure. "As a result, technology infrastructures are becoming unsustainable due to different malicious threats and unintentional errors. It is essential to achieve a more sustainable ICT infrastructure and provide secure and privacy-preserving solutions," adds Megías.
5. The Great Privacy Battle
Cyberattacks are not the only way by which users' personal data can be compromised. In many cases, these are exposed by the architecture of the platforms themselves or by the ignorance of Internet users. According to Helena Rifà, technology still has to solve many aspects to better protect data, such as being able to send only the precise information for each purpose, better anonymize databases or give privacy to all data stored on the web.
"In the social field, we also have to provide usability methodologies so that people know how to act in a social network and on the internet in general, what can be shared and what cannot be shared," says the researcher. "In the end, the big challenge is to make data security and privacy compatible so that the technology is usable and that we can work comfortably with it while the systems and our data are protected," he adds.
* UOC – Universitat Oberta de Catalunya. - news.uoc.edu