Cybersecurity is considered one of the 10 biggest risks in the world and as much as 95% of cyber-attacks are caused by human error
Although Serbia is not one of the countries that leads the trend of using IoT devices, it is certain that we will very quickly catch up to the rest of the world and start building smart cities, smart traffic, smart health system… Along with a smart environment, we must have smart people too – among users, industries and decision-makers.
Which are currently the most common cyber attacks in the world and our country and which business sectors are the most affected?
Cyberspace is essentially very vulnerable. The Internet itself emerged from the academic community and was never planned for mass use in critical domains of society, and therefore no serious abuses or security measures were initially considered. That is why vulnerabilities exist today in the very core of the Internet – i.e. in protocols – but also in almost all digital products such as software, online services, devices and systems. These vulnerabilities are the result of many factors: the lack of uniform and applicable standards, market pressure on producers to sell something new rather than something safer, and the lack of a regulatory framework regarding the responsibility of producers.
The vulnerability, however, primarily exists in us, the users. We still open various unreliable attachments and links that arrive in an e-mail, do not back up important data, install problematic applications, and do not update our systems. We don’t believe that somebody would cyber-attack us while failing to understand that, apart from being victims, we are increasingly used as a weapon of attack – our infected devices are used to break into the systems to which we are connected, i.e. companies, institutions, organizations. We have to learn to ‘drive’ in cyberspace because the consequences of attacks are increasingly spilling over into real space, and the gap between cyberspace and real life is disappearing.
Everyone is under attack or could be, without exception – us, as individuals, through various scams, small and large companies
Abusing vulnerability is one of the main grounds for cyber-attacks. Everyone is under attack or could be, without exception – us, as individuals, through various scams, small companies through blackmail viruses, large companies through industrial espionage, taking control of the critical infrastructure of society and disabling the system for political motives and using state and military institutions in hybrid warfare. The targets are no longer just devices or important data, but also critical infrastructures such as hospitals, energy grids, banks, and even elections and democratic values. We recently saw the first official victim of a cyber-attack: a woman from Germany who could not be admitted to the emergency room due to a cyber-attack and subsequently died en-route to another hospital.
With the development of IoT, cyber-attacks become more frequent. The assumption is that this trend will continue. Does our market understand the benefits of the application of digital technologies? How much do we differ in that from the rest of the world?
The Internet of Things (IoT) or “smart” and connected devices are a combination of different software code and hardware, produced by various manufacturers around the world. As the demand for IoT devices grows, so does the number of manufacturers and the complexity of the global supply chain. As in any chain, the chain is as strong as its weakest link. Without uniform security requirements for this industry and clear regulations, the devices are rife with vulnerabilities that attackers use for attacks.
The danger here is multifaceted. By using a vulnerable smart device, it is possible to break into a secure network of which that device is a part, as was the case with hacking a smart filter for an aquarium in a casino. IoT devices are playing an increasingly important role in industrial plants and their sensor and controller networks, making these plants vulnerable as well. Finally, the billions of IoT devices around us that should make up our smart and connected environment in the coming decades are easy to hack and use for coordinated mass attacks to disable key communications systems, as was the case with the famous Mirai network of bots who have significantly slowed down the global Internet for a brief moment.
The current epidemiological situation in the world caused by the COVID-19 virus has changed the priorities of almost all companies and saw us all unprepared. What are the problems we have faced in the past regarding cybersecurity, caused by a pandemic?
This pandemic has led us to “digitalization on steroids”, in which we thought the least about security. Overnight, the ‘security perimeter’ disappeared as employees moved from a (relatively) secure corporate environment to their homes where security was much harder to control. Some basic life functions such as government paperwork, education and even grocery shopping were transferred almost exclusively to digital form, and some peripheral services we didn’t even know existed, like Zoom, have become critical infrastructure.
At the same time, cybercriminals did waste a single moment and quickly adapted to the new situation. So-called phishing emails saw people opening infected documents or links, or people giving their usernames and online banking account number after they received false information from a relevant government ministry or the World Health Organization. Blackmail viruses, which lock data and systems and demand ransom to make them functional again have hit hospitals en masse. Attacks on tools such as VPNs that allow secure access to corporate systems from home have intensified. However, in all this, it seems that the users themselves have become more aware of the risks, and there is hope that we will emerge from the crisis more enlightened and ready to protect ourselves.
In today’s world of cybersecurity, both individuals and serious organizations, often states, are behind attacks. What strategies should the state implement, and we as individuals too, to properly protect ourselves? How organized is our state in dealing with this problem?
The threats are no longer limited to ‘neighbourhoods’. Today, an attacker can act from any part of the world. More importantly, the attackers are no longer just petty criminals – cyber-attacks are also used by organized crime and political groups, which are often hired by states as cyber mercenaries. States are massively arming, storing and abusing vulnerabilities in systems for hybrid warfare, and threatening the security of the entire digital global economy and society. The UN Secretary-General Antonio Guterres warned that it is realistic that the future wars will start with cyber-attacks, and his deputy Fabrizio Hochschild called on the states to make cyber truce during the pandemic.
Countries are dealing with this problem at the highest level. The United Nations has two groups for negotiating norms of state behaviour in cyberspace, the possibility of applying the existing war law to cyberspace, and a possible global agreement on cyberspace. Under the auspices of the OSCE and other regional organizations, states are developing confidence-building measures and avoiding cyber-conflicts that could flare up into a traditional war. Serbia, like many other developing countries, still does not have a strategy for international engagement and cooperation on cyberspace, including security, and this is one of the steps that must be expedited to make digital transformation safe. For example, almost all European countries have cyber ambassadors, and many have serious national centres that deal with cybersecurity issues, with large human and financial resources and influence in shaping national policies in this area. Also, the systemic cooperation between the state and the private and non-governmental sector in the field of design and implementation of digital policies is something that forms the basis in developed countries, and in which Serbia still lags far behind.
One thing is for sure: cybersecurity is becoming more and more just security
In your opinion, what are the new trends and what challenges will we face in the future when it comes to cybersecurity?
On the one hand, new technologies and possibilities are arriving – the Internet of Things and a smart environment consisting of devices that communicate with each other without us, artificial intelligence which will take over data processing and decision-making, virtual reality that will transport us into some non-existent spaces or combined realities, quantum computers that will radically raise the possibility of doing complex calculations and models, and the combination of technology and biology will, perhaps, mentally connect us to the cyber-world. On the other hand, political challenges are also present – splitting of the global supply chain, technological-trade wars, fragmentation of cyberspace, militarization of technology and especially artificial intelligence, tendency of autocracies to suppress freedoms and privacy in cyberspace, and the general loss of confidence in decision-makers, industry, and perhaps technology itself. One thing is for sure: cybersecurity is becoming more and more just security.