By Alessia Boi, Project Manager for the Center for Cyber Security and International Relations Studies in Florence.
“Digitising Europe” is the new ELF Blogposts series that engage with policymakers, industry experts, and academics in order to contribute to a better understanding of how technological change is also driving social, political, and regulatory affairs. Understanding ongoing processes in Cyberspace, regulatory framework of digital market, digital platforms, space, Artificial Intelligence and how those new technological advancements impact our societies is essential to gauging and mitigating the impact of new technologies on our societies.
Cyber-security is an issue that is becoming increasingly relevant in today’s environment, especially in light of the contemporary political-economic landscape and the growing influence of technologies in our society and modus vivendi.
Although the fourth industrial revolution has been ongoing for a long time, the outbreak of the COVID-19 pandemic has triggered an intense process of digital transformation of companies. The exponential growth of remote work, an increase in e-commerce sales, and the digitisation of essential processes are increasingly highlighting cyber-security issues.
To emphasise the importance of this strategic sector, it is suffice to say that, according to a forecast signed by the research company Canalys, the total value of the cyber-security market is expected to reach $60.2 billion in 2021. Moreover, the upcoming Digital Europe Programme issued by the European Commission for the period 2021-2027 envisages an investment of €1.9 billion into cyber-security capacity and broad deployment of cyber-security infrastructures across the EU for public administrations businesses, and individuals, confirming the high priority of securing cyber-space.
To understand the intrinsic dynamics of this topic, it is first necessary to understand what cyber-security is.
What is cyber-security?
“Cybersecurity” refers to the condition by which organisations and individuals reduce the risk of being affected by voluntary criminal actions, consisting of the improper acquisition and transfer of data, their unlawful modification or destruction (cyber-crime).
Cybersecurity’s main aim is to protect the devices we all use (computers, laptops, smartphones, and tablets) and the services we access online, both at home and at work, from theft or damage.
The term is actually applied in a variety of contexts, from business to mobile computing, and can be divided into a few categories. The most common are:
- Network security is the practice of securing a computer network from intruders, by applying a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of data and computer networks through software and hardware technologies.
- Information security refers to the processes and methodologies which are designed and implemented to protect any form of confidential, private, and sensitive information or data from unauthorised access, use, misuse, disclosure, destruction, modification or disruption.
- End-user protection is one of the most crucial aspects of cyber-security because it addresses the most unpredictable cyber-security factor: the human factor.
Many accidents occur because people (end users), due to their lack of awareness, accidentally upload malware or other types of computer threats to their desktops, laptops or mobile devices as a consequence of an incorrect – yet not ill-intentioned – behaviour.
To protect the end-user, there are end-point security software, cryptographic protocols to encrypt e-mail messages, files and other critical data. Nevertheless, above all, the fundamental aspect is to educate the final users on the most crucial aspects concerning cybersecurity as to increase their personal cyber-awareness.
Cyber-security most common threats
As specified above, cyber-security is a set of practices to prevent attacks that aim to disable or disrupt a system’s or device’s operations. To protect information and other assets from cyberthreats, it is necessary to understand the various, complex, and multiform types of threats.
The most common threats in cyber-space are definitely “malware”, or “malicious software”, software created by cybercriminals or hackers with the aim of damaging or causing a legitimate user’s computer to malfunction, often spread via unsolicited e-mail attachments or seemingly legitimate downloads. Malware can be used by cybercriminals to obtain financial gain or to carry out cyberattacks for political purposes.
There are numerous types of malware, including Virus, Trojan, Spyware and Ransomware.
Another widespread category of cyber-security threats is Social Engineering, a term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
The most widespread form of social engineering is Phishing, an attack that leverages on the user’s lack of awareness, where fraudulent e-mail or text messages – resembling those from reputable or known sources – are sent with the intent to steal sensitive data, such as credit card or login information.
How can thus we protect ourselves from this?
Basic cyber-security recommendations
- Update your software and the operating system in order to take advantage of the latest security patches. This includes your apps, web browsers, and operating systems.
- Secure your files, back up important files offline, on an external hard drive, or in the cloud.
- Use antivirus software that can detect and remove threats that must be updated regularly to ensure the highest level of protection.
- Make sure you are using strong passwords that are hard to guess.
- Use multi-factor authentication that requires additional steps beyond logging in with a password — like a temporary code on a smartphone or a key that is inserted into a computer.
- Do not open e-mail attachments from unknown senders – they may be infected with malware.
- Avoid using unsecured Wi-Fi networks in public spaces.
This is a brief overview of the most common types of attacks in cyber-space. However, the threat landscape is constantly evolving with cyber-security remaining a challenge for all users and organisations.
Traditional reactive approaches, in which resources were put towards protecting systems against the most significant known threats while lesser-known threats were undefended, is no longer a sufficient tactic.
To keep up with the constantly changing security risks, a more proactive and adaptive approach is necessary.
Security programs continue to evolve new defences as cyber-security professionals identify new threats and new ways to combat them. Still, at the base of comprehensive protection, there is the need to develop an awareness for users on how to protect and defend themselves in the hostile domain of cyber-space as well as to ensure user protection against the latest cyber threats by keeping it running and updating.
Alessia Boi is a young Italian Project Manager for the Center for Cyber Security and International Relations Studies in Florence. With the thesis “Cyber Intelligence: operational framework and new threats in the Italian context”, she graduated in Strategic Security Sciences at the Italian Military Academy (University of Turin). During her studies she had the opportunity to participate in the Military Erasmus Program, thus carrying out six months of study at the Tadeusz Kościuszko Land Forces Military Academy in Poland and work as International Project Assistant in a Polish departmental organisation.
Published by the European Liberal Forum. The opinions expressed in this publication are those of the author(s) and do not necessarily represent those of the European Liberal Forum.