Menu

NEW TECHNOLOGIES, LEGALITY AND HUMANS: KEYS TO CYBERSECURITY

The advent of the internet in our daily lives and in organisations has meant that our data and certain sensitive or confidential information is at risk. Mass data theft is the order of the day and no one is safe: not businesses, governments or ordinary citizens. To give an example: while Germany suffered the biggest cyber-attack in its history earlier this year with the leak of politicians' personal data, Telefónica was still considering options to prevent a cyber-attack like the one in 2017... or at least minimise the risks.

More and more companies are looking for alternatives to safeguard their data. However, we are not aware that the attacks we continue to receive today are "inherited" from 2018, which is why we need to find a solution for them in 2019.

The arrival of new technologies

The development and implementation of connected devices, the Internet of Things and Artificial Intelligence (AI) are marking a before and after in our history and in the field of cybersecurity and, from the union of AI and cybersecurity, two types of schemes have emerged. The first, defined by analysts, apply protocols and rules created based on the experience of humans in the field, but which can fail when confronted with vulnerabilities in the field. day 0. The latter, on the other hand, have been defined by machines according to machine and deep learning. These, in the end, also require some human interaction and monitoring.

However, just as new technologies can help us to avoid a cyber-attack, they can also be the point of attack. The security measures of these devices are quite deficient, compromising any WiFi network to which they connect. In addition, IoT devices are routinely attacked as part of botnets to attack supply chains. The same is true for the expansion of 5G coverage: the wider the coverage, the greater the opportunity for a cyber-attack.

However, telephony experts such as Andy Purdy, CSO of Huawei, explain that "the benefits of 5G far outweigh the risks". Purdy adds that "it is critically important that the private sector, in collaboration with government, strengthen efforts to define and implement a security framework for 5G and IoT that leverages internationally recognised standards and best practices".

The need for regulation

To protect our data, governments strive to create laws to help users and businesses keep their information safe. These include the Law on Information Society Services and Electronic Commerce, which aims to regulate Internet-related services and electronic contracting, and the Law on Data Protection and the Guarantee of Digital Rights, in addition to the General Data Protection Regulation. The latter two ensure the protection and privacy of personal data, which is used and stored by all kinds of companies.

The employee in the spotlight

Although at the software level companies are increasingly prepared to prevent cyber attacks, companies still have a weak point: the employee, the new target of hackers, as experts explained at the last Mobile World Congress in Barcelona. Thus, Fernando Anaya, from Proofpoint, explained during the telephone fair that the trend has changed and, nowadays, "cybercriminals no longer focus on company servers, but choose to target people, specifically the so-called VAP (very attacked people)".

To shed a little more light on this term, a VAP is an employee who has access to sensitive information and exhibits certain risky cybersecurity behaviours such as doing click in malicious content, open any kind of mail or make unsecured connections.

It is therefore very important to provide the employee with training, knowledge and tools to avoid "falling" into such traps and to try to reduce vulnerabilities as much as possible. It is also very important to have advice and the figure of the cybersecurity expertThis professional profile is in great demand in companies and can help employees in their day-to-day work.