SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
More than 90% of cyber attacks made possible by human error
Tue, 14th Jun 2022
FYI, this story is more than a year old

More than 90% of cyberattacks made possible by human error, according to the K-riptography and Information Security for Open Networks.

The data are clear, it says, with cyberattacks on the rise in recent years and the cybersecurity situation increasingly complex.

According to the latest report from ENISA, the European Union Agency for Cybersecurity, attacks increased in 2020 and 2021, not only in terms of vectors and number but also in terms of their impact. And according to McAfee, ransomware-like attacks (attacks asking for a ransom in exchange for stopping or releasing the hijacked information) are the most common.

"Over the past two years, we haven't only had a health pandemic but there has been a genuine pandemic of cyberattacks and cybercrime", says David Megas, leader of the K-riptography and Information Security for Open Networks (KISON) research group.

"Cybercriminals have taken advantage of the pandemic in many ways. In addition, with the increase in teleworking, cybercriminals have had easier access to computers that weren't as well protected as those of companies," he says.

"And, undoubtedly, the most common form of attack during these two years was ransomware, affecting institutions of all kinds: banks, energy suppliers, telecommunications companies, universities and public services."

Helena Rif, researcher in the KISON group, says, "Cybersecurity is not just a technical discipline; it takes in many fields of knowledge and affects many different departments and practices in companies.

"This being the case, the great challenges in the field of cybersecurity are not only technical but transcend the frontiers of technology," she says.

According to UOC experts, the main challenges include:

1. Awareness-raising, the first line of defence

More than 90% of cyberattacks are made possible, to a greater or lesser extent, by human error, according to IBM data. Therefore, despite technological advances to minimise threats, the first major line of defence is the awareness and good practices of users.

"Many of the cybersecurity issues companies face come about as a result of well-known vulnerabilities. If we all did our homework better, it'd be easier to reduce online threats. We all use electronic devices, and we all have to put in place a minimum of cybersecurity," says Rif.

2. A new generation of hybrid threats

Cyber-physical systems are increasingly present in our daily lives, from industrial control systems and energy infrastructure to home automation. The technological revolution they are fostering, which has generated multiple business opportunities, carries its own threats, combining both complex technological and human aspects.

3. And more sophisticated defence tools

Faced with the increasing complexity of threats, artificial intelligence (AI) and machine learning are becoming increasingly important as protection tools.

"The greatest scientific challenge today is trying to stay ahead of the increasingly sophisticated threats," adds Rif.

"AI is increasingly being used both to quickly identify attacks and vulnerabilities and to resolve them."

4. Towards sustainable cybersecurity

Megas says we are all responsible for managing and protecting the resources in our environment for future generations. The basic definition of sustainability is also relevant in the field of cybersecurity.

"In this sense, sustainability is understood as the mechanisms that allow the interactions of stakeholders (users, service providers and device manufacturers) with the technological ecosystem to be deliberate and with full knowledge of their consequences on the security and stability of the system," he says.

The Internet of Things is generating an unprecedented increase in the number of devices sharing users' sensitive data and information. In addition, 5G and other telecommunications technologies allow broadband connectivity for an almost unlimited number of devices, multiplying the internet infrastructure.

"As a result, technological infrastructure is becoming unsustainable due to various malicious threats and unintentional mistakes. It's imperative to achieve a more sustainable ICT infrastructure by providing solutions that are secure and ensure privacy," he says.

5. The Great Privacy Battle

Cyberattacks are not the only way in which users' personal data can be compromised. On many occasions, data are exposed by the architecture of the platforms themselves or by the ignorance of netizens.

"There are still many problems for technology to solve in order to better protect data, such as being able to send only the precise information for each purpose, better anonymisation of databases and ensuring privacy for all the data stored on the web," says Rif.

"At the social level, we also have to provide usability methodologies so that people know how to act on social media and the internet in general, what can be shared and what can't," she says.

"In the end, the big challenge is to make data security and privacy compatible so that technology is usable, and we can work comfortably with it while protecting our systems and data."