Human Factors in Cybersecurity: Protect Yourself

New Markets Team    10 November, 2022

The human factors in Cybersecurity refer to the situations when the human error results in a successful data or security breach; they are the weakest component for the security of any ICT infrastructure and imply the greatest risks and threats for a company or organization.

New Markets’ team at Telefónica Tech Cyber Security & Cloud has developed a report aimed at fighting disinformation and raising awareness.

In terms of cybersecurity, spreading these concepts and highlighting common mistakes and good practices can help keep families and businesses more protected daily.

Some key figures to know the extent of cyber threats

  • Human error is the leading cause of cybersecurity breaches. In 2021, found to be responsible for 95% of these breaches according to the “IBM Cyber Security Intelligence Index Report”. This means that, if the human factors were mitigated, only 1 out of 20 security breaches would take place.
  • This human error is usually caused by the misinformation of users and workers. People can endanger their company and their personal data because of a lack of awareness. In a company, this can lead to a large breach or security incident with an economic impact of millions of dollars. In the day-to-day, it can mean the theft of credit cards or compromise of users’ personal files and data.

During this time of the pandemic, cybercriminals have adapted to take advantage of this issue and launch massive attacks related to Covid-19.

  • A study conducted by Interpol showed that, during the first four-month period of 2021 (January to April), cyberattacks increased greatly: 907,000 spam messages, 737 incidents related to the malware and, 48,000 malicious URLs.
  • According to feedback from Interpol, 59% of the main Covid-19 related cyber threats involved phishing, scam and fraud; 36% of attacks included malware; 22% contained malicious domains; and 14% involved fake news. These figures are alarming: a phishing attack costs large companies nearly $15 million a year on average. The cost of phishing in 2021 is more than three times its cost in 2015 (Ponemon Cost of Phishing Study, 2021).  

Cyber attackers are taking advantage of lockdowns, working from home, and online studies to steal information by posing as companies, public entities, and universities. Cybercriminals know how to take advantage by attacking the lowest hanging fruit.

But… who poses a threat and why do they do it?

It is very important to know the attacker to protect yourself effectively. The motive behind these crimes is not the same for all types of attackers: money, information, theft, elimination of competition, or having fun, are among the most frequent reasons.

This report includes a list of the most common adversaries, including cybercriminals, hackers, hacktivists, organized crime, etc, and their reasons for posing threats.

Where is your company on the cybersecurity journey?

Key concepts we all should learn to avoid attacks

It is also crucial to fight disinformation to learn which are the most common attacks, the characteristics found throughout them that can help not to be deceived and, the best ways to recognize each one.

Data Exposure & Common Mistakes

Cybercriminals use user information to select their victims. They obtain such valuable information on the Internet through Digital footprint and social media. It is the responsibility of users to be aware of the information they publish and to be aware of the most common cybersecurity mistakes that users continue to make.

Good Practices & Recommendations

But it is not only necessary to know the cybersecurity risks, attacks and mistakes already mentioned, there are best Cybersecurity practices designed to help you prevent fraud and scams and surf the internet as safely as possible that should always be considered.

Cybersecurity awareness training, keeping software updated and, keeping good practices in mind are still the best solutions against misinformation.

🔵 Read the full report to keep your organization and yourself cyber safe: Download here

Digital Identity, Privacy and Blockchain —Can They All Be In The Same Equation?

María Teresa Nieto Galán    8 November, 2022

We are becoming increasingly aware of how our data is circulating on the net. In fact, we have all probably had that feeling that, after looking at a pair of trousers in an online clothing shop, seeing them advertised on other websites and coming to believe that someone is spying on us. This thought makes the concept of privacy begin to resound in our minds. 

Privacy is defined as everything related to an individual’s personal life that should be kept intimate and secret.

The right to privacy is enshrined in the declaration of human rights. For this reason, companies are already starting to take a stand on this issue, such as Apple and its slogan “what happens on your iPhone, stays on your iPhone”.

What Is Digital Identity?

According to the RAE (Royal Spanish Academy), identity is “a set of traits of an individual or a group that characterise them in relation to others”.  If we add the attribute “digital” to this definition, it would become “the set of traits that identify us in the digital world…”.

Therefore, Digital Identity can be our first and last name, our personal email address, our professional email address or even our bank account. In other words, all that set of data or digital attributes that we use to interact with websites, applications, etc.

Digital Identity is all that set of data or digital attributes that we use to interact with websites, applications, etc.

Our features, our image or our habits and customs are also part of the attributes that identify us and differentiate us from other people in the real world. It is natural to think that they also have an equivalent in the digital world. In this case, we could talk about our aesthetic tastes in fashion when, for example, we look at those trousers we wanted to buy in an online shop or even our habits and behaviours when surfing the internet.

In the end, as users, once we provide our data in the digital world, we practically lose control of it. We have previously discussed how Blockchain could be the perfect fit for managing our multiple identities simultaneously and the need to reinvent digital identity as we know it today.

Digital Identity Legislation

However, it is not all alarming. There are regulations that protect the processing of our personal data and its free movement within the European framework, such as the General Data Protection Regulation (GDPR).

In compliance with this regulation, we as citizens can force companies to remove our personal data from their systems. However, not everything is so simple. To exercise this right, as a user you have to remember which companies you provided your personal data to, a rather complex task in this world where everything (or almost everything) is digital and where we interact with companies unconsciously many times a day.

It is a fact that technology is advancing much faster than legislation, so from a technological point of view we also have to take care of the ethical aspects of users surfing the net.

In many cases the GDPR is now starting to be insufficient when it comes to dealing with digital personal data. As a result, work and legislation has begun on what is known as Sovereign Digital Identity.

Children as victims from a cybersecurity perspective

What is Self-Sovereign Digital Identity?

The main objective of this new conception of digital identity is that people can once again become the owners of their own data. This identity would consist of a set of traits that identify the individual, called verifiable credentials.

Verifiable credentials, in addition to representing information, make it impossible for data manipulation to take place because they are digitally signed by the issuing entities.

Moreover, they can be traced immutably, so it would be very easy to determine when our data is being used and under what circumstances. These two concepts, “immutability” and “traceability” are, without a doubt, synonymous with Blockchain technology.

The credentials with the raw data would never leave what is known as a wallet or user wallet, which could be a simple application installed on our smartphone. In this way, and returning to the objective of giving people back control of their data, it would be possible to create, own and control access to this type of data.

The Road to This New Identity Model

Recently, the European Commission announced the creation of a European digital identity that would allow any European citizen to use any attribute of his or her identity in any country of the member states. An example could be their financial information, in order to be able to buy a house in a country other than their country of residence.

This concept is conceived as a collection of compatible personal credentials interoperable between different public administrations, which is very close to the concept of Sovereign Digital Identity discussed above.

Among its benefits are:

  • The right of every person with a national identity card to have a recognised digital identity anywhere in the EU.
  • A simple and secure way to control how much information you want to distribute with services that require information sharing.
  • It works through digital wallets available on mobile applications and other devices for identifying yourself online and offline.
  • Store and exchange information provided by governments, e.g. name, surname, date of birth, nationality, etc.
  • Store and exchange information provided by trusted private sources.
  • Use the information as confirmation of the right to reside, work or study in a given Member State.

In the case of Spain, we are pioneers and leaders in the creation of mechanisms and solutions in this new identity model. A clear example is the application known as AlastriaID. (developed by the Spanish business consortium Alastria), in which Telefónica participates as a member.

In January of last year, inspired by the AlstriaID model, the first global standard on decentralised digital identity in Blockchain was approved in Spain, following the publication of the Spanish standard PNE 71307-1 in the Official State Bulletin (Boletín Oficial del Estado).

What is the digital footprint and the importance of knowing it to protect children using the Internet

We add Blockchain as an ingredient to the recipe

But are Blockchain and GDPR compatible terms? At first sight we might think that a technology where every participant has an identical copy of the information that makes it immutable and cannot be erased is not compatible with the rights to erasure or modification established by the General Data Protection Regulation (GDPR).

However, in the case of a sovereign digital identity that is built on Blockchain technology, user data is never stored in any way. In this case, what is stored is the traceability that allows us to determine whether a person’s data is still valid, but always maintaining their privacy.

In other words, thanks to Blockchain, we could verify that a credential has neither been revoked nor altered and is therefore still valid.

Potential applications of Sovereign Digital Identity

We cannot forget the business vision. This new way of managing identity will give way to new models and use cases. Some of them could be the following, although the range of possibilities could be immense.

  • Electronic medical records: Currently, in Spain, all the management of medical records is carried out by the public health system of the autonomous community in which the patient usually resides. When we leave the autonomous community and have to access other medical services, our records do not travel with us. Therefore, being able to use this digital identity model to carry our medical information in an interoperable way could be a possible solution.
  • Simplification of registration processes (on boarding): Many times, we have stopped registering on certain websites because of the amount of data to be filled in the forms. For this reason, another possible use case is the reuse of our credentials as input data in a form. Moreover, since the credentials would be traced thanks to Blockchain, we would solve the current problem of not knowing which companies we have given our data to in order to be able to exercise our rights of deletion or modification, among other things.
  • Wallets: These applications, our “credential receptacles”, still need a lot of work to be done. We have talked many times about how complicated it is to manage the public-private keys of a Blockchain platform.

One of the limitations of this technology is its accessibility for people who are not familiar with it or people with special needs. If we were to ask an elderly relative to download a Bitcoin wallet to use as a means of payment when going to the supermarket… can you imagine the result?

Thanks to these technologies we could have apps that allow us, for example, to carry out procedures with public administrations.

This is why we should not associate it so much with the world of cryptocurrencies and their wallets. The future here would be that, thanks to these technologies, we could have mobile applications that allow us, for example, to carry out procedures with public administrations using our identity in a very simple way, something that is currently a bit more complicated.

In short, creating wallets or applications that simplify interaction with this identity model, with the goal of incorporating it into our daily lives, is the challenge ahead. Technology is available and mature. It just needs to be usable and transparent for users.

The concept of sovereign digital identity is the best candidate to be the solution to all the limitations we have today. And the only one that will allow us to be able to become the owners of our personal data again, thus recovering the privacy that we so long for.

Therefore, it is only a matter of time before we start to be able to use this type of solutions that simplify and facilitate the use of our digital identity in our daily lives.

María Teresa Nieto Galán
María Teresa Nieto Galán

Graduate in Computer Engineering from UC3M. I discovered blockchain technology in 2016 and since then I have not stopped learning about it and developing solutions based on it. I am currently part of the Blockchain Competence Centre. I feel terrible about smoke and that's why I only write about the things I have experienced.

Disinformation and fake news: what initiatives do exist to combat them?

Daniel Sandmeier    7 November, 2022

The phenomenon of disinformation has been causing concern in European societies, including Spain, for several years now. The I Study on disinformation in Spanish society reveals revealing data such as the fact that 72% of the population admits to having considered false news to be true and 95.8% of Spaniards believe that disinformation is a problem for society as a whole.

As a result of the concern aroused by this phenomenon, in December 2018 the EU approved the Action Plan against disinformation. This document defines the phenomenon of disinformation as “verifiably false or misleading information that is created, presented or disseminated for financial gain or to deliberately mislead the public, and which is likely to cause public harm”. This public harm includes threats to democratic processes, as well as to public goods such as health, the environment or public safety.

The paper also notes that “evidence shows that third states are increasing their disinformation strategies to influence social debate, create divisions and interfere in the decision-making of democracies”.

However, this phenomenon becomes very difficult to counter as it inevitably collides with one of the fundamental values of the EU and its member states, namely freedom of expression. European democratic societies depend on the ability of their citizens to have access to a variety of verifiable information, so that they can form an opinion on different political issues. It is in this way that citizens can participate knowledgeably in public debates and express their will through free and fair political processes.

If European institutions or governments were to restrict or censor access to information, however unreliable it may be, it could be labelled as arbitrary and authoritarian. This is why the phenomenon of disinformation is very difficult to combat.

Fake News : how should we be fighting it?

Initiatives against misinformation at European level

The following initiatives are currently in place at European level to combat the phenomenon of misinformation:

  • EU vs. Disinfo: this is the flagship project of the European External Action Service’s East StratCom working group. It has some special sections devoted to issues considered of relevance, such as the recent Covid-19 pandemic.
  • Learning zone against disinformation: this is a website designed for use by teachers in EU member states, with the aim of providing them with a repository of presentations explaining what disinformation is and how to deal with it, designed to educate students.
  • SOMA (Social Observatory for Disinformation and Social Media Analysis): A space for analysis and research on information and disinformation that was active until April 2021. Its objective was to understand the dynamics of social networks that favour the creation of information disorders.
  • EDMO (European Digital Media Observatory): Created in June 2020 by the European Commission, its mission is to establish a network of research centres on digital media and verification resources, through the creation of eight regional research units in different EU countries. In addition to IBERIFIER, which is the centre created in Spain and Portugal, the following observatories make up the EDMO network: IDMO (Italy), EDMO Ireland (Ireland), BENEDMO (Netherlands and Belgium), CEDMO (Czech Republic, Slovakia, Poland and Hungary), NORDIS (Finland, Sweden, Norway and Denmark), EDMO BELUX (Belgium and Luxembourg) and DE FACTO (France).
Photo: Charles Deluvio / Unsplash

Another initiative to combat the phenomenon of disinformation is the Digital Services Act which, among other objectives, aims to regulate the algorithms of large platforms and combat disinformation campaigns consisting, for example, of the use of bots and fake accounts. This European regulation is expected to become mandatory in all EU countries from January 2024 and will apply to data hosting services, online search engines, social networks and marketplaces.

Artificial intelligence: making fake news more real

Initiatives against misinformation in Spain

The EDMO observatory’s work in Spain is embodied in the IBERIFIER project, launched in September 2021, planned to last four years and endowed with a budget of 1.47 million euros. It involves 90 researchers specialised in digital communication, disinformation, computing, and strategic analysis. A total of 23 institutions in Spain and Portugal are participating in the project.

Other initiatives against disinformation are the news checkers that some media outlets have launched. These include the following:

  • Maldita.es and Newtral: The EU presents these two Spanish media as a clear initiative aimed at combating disinformation, as they are also members of the IFCN (International Fact-Chaking Network).
  • VerificaRTVE: tool launched by RTVE to combat hoaxes and misinformation.

It is also worth mentioning the recent publication of the book Combating Disinformation Campaigns in the Field of Homeland Security, in September this year, which is the result of a public-private cooperation initiative promoted by the Department of Homeland Security at the end of 2020, which aimed to bring together civil society experts from sectors involved in this field, as well as representatives of the relevant public administration.

Daniel Sandmeier
Daniel Sandmeier

Graduate in Law and Business Administration and Management from the Public University of Navarra, as well as an Inter-University Master's Degree in Intelligence Analyst from the URJC and the Carlos III University. Intelligence analyst at Telefónica Tech Cyber Security & Cloud, with experience in security analysis and foresight. Passionate about history and judoka in his spare time.

Cyber Security Weekly Briefing, 28 October – 4 November

Telefónica Tech    4 November, 2022

Vulnerabilities fixed in new OpenSSL version 

The new 3.0.7 version of OpenSSL, announced last week by the developers of the project, was made public this past Wednesday.

The expectation around this version was high because, initially, it was going to patch a critical vulnerability in the software, the first of this severity since 2016. In the end, yesterday’s release includes fixes for two vulnerabilities considered to be of high importance, thus lowering the initial criticality announced.

The vulnerability that had raised the highest alert is CVE-2022-3602, a buffer overflow flaw in the certificate verification process that requires a certificate authority (CA) to have signed a malicious certificate or the application to continue the verification process without a valid path. While an attacker could trigger the flaw via a malicious email address, many platforms already incorporate protections to prevent such attacks.

The second vulnerability fixed, also with high criticality, CVE-2022-3786, is also a buffer overflow in the same process, but based on the length of the email address.

More info

* * *

Emotet campaign returns after five months of inactivity 

The research team Cryptolaemus, which specialises in the study of the Emotet malware, has announced on Twitter that the operators of the popular malware have returned to malicious actions after five months of inactivity.

In particular, an Emotet infection campaign has been detected via email distributing malicious Excel files. To bypass Mark-of-the-Web (MoTW) protection, the mail instructs the potential victim to copy the Excel file to the Templates folder, which will allow it to be opened outside the protected mode and thus execute the macros that will download the malware onto the target computer.

The Emotet malware is then downloaded as a DLL file into random folders created in the path %UserProfile%\AppData\Local. According to the available data, this reactivation campaign is reportedly having a global impact, distributing its malicious files in several languages.

More info →  

* * *

Use of Raspberry Robin in complex infection chains 

Microsoft researchers have recently reported new discoveries concerning the Raspberry Robin malware. Based on their analysis, this malware is being marketed as a method to gain access to victims’ systems to subsequently install other malware or carry out other post-exploitation activities.

During the summer, Raspberry Robin has been used to install the FakeUpdate malware by malicious groups close to EvilCorp, and has even been observed in infection chains of the Lockbit ransomware.

More recently, Raspberry Robin is reportedly being used to deploy other malware such as IcedID, Bumblebee, and Truebot. Likewise, Microsoft has observed its use by the FIN11/TA505 group, which is using it together with Truebot to deploy Cobalt Strike beacons and infect their victims with the Clop ransomware, thus allowing this group to abandon phishing as the initial vector of the chain of infection.

It should be noted that, according to Microsoft, nearly 3,000 devices from 1,000 different organizations have been affected in some way by Raspberry Robin in the last month. 

 More info →  

* * *

Google fixes a 0-day vulnerability for Chrome 

Google has released an update for Chrome that fixes a 0-day vulnerability that has a public exploit. The vulnerability, identified as CVE-2022-3723, was discovered by researchers at Avast and involves a type confusion issue in V8, the JavaScript engine in Chrome that would be triggered by receiving datasets marked both trusted and untrusted.

Successful exploitation of the vulnerability would allow a remote attacker to manipulate data on the victim’s system and escalate privileges. It is recommended to update the browser as soon as possible, to version 107.0.5304.87 on Mac and Linux and 107.0.5304.87/88 on Windows. 

More info → 

* * *

RomCom RAT launches campaign via KeePass and SolarWinds fakes

Researchers at BlackBerry Threat Research have discovered a RomCom RAT (Remote Access Trojan) campaign with new access vectors. According to the BlackBerry team, RomCom has cloned the official download pages of several widely used software products such as the network monitor SolarWinds, the password manager KeePass or the PDF file reader Reader Pro.

RomCom has copied the original HTML to reproduce it on domains with typos that give the appearance of veracity to these malicious URLs. In fact, in the case of SolarWinds along with the infected file the user will be redirected to the official SolarWinds registration page to be contacted by legitimate customer support to avoid suspicion on the part of the victim.

In the pieces of malware analysed, the file setup.exe has been observed executing the file hlpr.dat, which contains the dropper that installs RomCom. This campaign is spread through phishing techniques, SEO poisoning and social engineering. 

More info

Attention: Data leak! (In search of lost data)

Martiniano Mallavibarrena    3 November, 2022

We have been hearing about “data leaks” on a regular basis for years, both in the media and in our professional or even personal environment. The concept actually covers several different scenarios, but, in general terms, we could say that the consequences are similar and that the main lessons learned are common. In this article we are going to explain what kind of situations can provoke these leaks, their multidimensional impact and some best practices that can help us avoid these crises.

Apart from doctrine and theoretical definitions, in this sector we tend to use the expressions “data leak” or “data breach” in the same way to refer to certain situations where, for various reasons, a significant amount of data (it can be hundreds of gigabytes or even terabytes) belonging to an organisation ends up outside its control in terms of both privacy and location (the data is accessible either directly on the Internet, or because of an auction, or because it is exposed on Internet sites with restricted access but with no connection to the original organisation). Such situations are often referred to, in simplified form, as ‘data leaks’.

As an example, the INCIBE organisation defines this situation as: “the loss of confidentiality, so that privileged information is accessed by unauthorised personnel“.

Let us first look at the three main types of scenarios in which data leaks occur and then comment on the consequences that occur in all cases in this type of situation.

The first scenario: Negligence

For years now, the widespread use of cloud-based data storage services for organisations has led to an immense concentration of information in the form of millions of files classified in thousands and thousands of folders at international service providers of this type (the famous “OneDrive” or folders in “Sharepoint” or “Teams” are already part of many people’s routine).

Such services combined with the latest generation of office applications clearly and easily optimise the processing and sharing within workgroups, but at the same time generate (unintentionally) a sense of overall security that is generally true but does not include the classification of information (digital labelling of your document as containing public, internal, classified or secret information). In some environments, this classification may occur automatically (e.g., if the system detects bank account details or credit card numbers, the document is classified as confidential without asking for confirmation), but this is not the most common scenario.

A common example in many companies is that of hermetic systems containing highly sensitive financial and human resources information that “no one not entitled” can access and, on the other hand, dozens of files (almost always spreadsheets) with summaries of this information specially prepared for internal meetings and decision making that, unfortunately, are not usually classified or treated in a specific way beyond storing them in shared folders for restricted use.

Although this is not the only case, it is certainly the most representative when we mistakenly share a folder with a client, auditor or supplier using online storage services, but the control measures are not adequate and/or the information is not correctly classified. In that case, the files (maybe tens or hundreds, maybe thousands) will be exposed on the Internet and the probability that they will end up for sale on the Dark Web or shared in bulk anywhere is high.

In these cases and beyond the general consequences that we will see at the end of the article, in these specific cases, the organisation usually ends up being aware of the problem, and it is not unusual for disciplinary measures to be taken against specific individuals, most of the actions are usually aimed at deploying or reinforcing the use of specific platforms such as those known as DLP (Data Loss Prevention) or more broadly, SASE (Secure Access Service Edge).

The absence of proper classification of information in this type of situation (your manager asks you to review your team’s salary increases using a spreadsheet that is shared by email) inhibits other automatic protection measures (such as DLP-type functions) from having to use various techniques (such as searching for patterns in files using machine learning techniques) to try to maintain their level of effectiveness.

The second scenario: Insider

Another case, less likely statistically, but more lethal in terms of impact, involves employees (or any internal staff) who deliberately act against the interests of the company. This is often referred to as an “insider”.

Disloyal employees, extorted by third parties or people with labour disputes can follow this behavioural profile and generate very significant damage to organisations when they calculatedly expose or steal (and then share/sell) data to the outside world (always seeking to maximise reputational or intellectual property damage, among others), again causing a data leak.

In this case, most of the comments of the previous scenario apply, both because of the possible ineffectiveness of DLP/SASE type platforms and the lack of strict control of information classification.

If the action can be attributed to particular individuals, in this case, the consequences are usually of a criminal nature, as some types of offences, such as article 197 of the Spanish penal code, can be applied. If they are not direct employees of the organisation, penalties, cancellation of service contracts, etc. may be applied.

These types of leaks are not always known by the public or even by the organisation itself, although on occasions there have been cases of extortion in exchange for not publishing or selling the data (in the case of sensitive financial information on human resources or intellectual property, for example).

‘Insiders’ in Cybersecurity: “Catch me if you can”

The third scenario: Security incidents

This is the best known and most common scenario, especially in cases of incidents supported by the use of ransomware (where client data is encrypted and a ransom is demanded in exchange for an encryption mechanism), the actor compromises the organisation’s infrastructure, accesses certain volumes of data (not always sensitive, most of the time they seek volume in attacks that last a few days) and before encrypting them, they exfiltrate them outside the organisation’s perimeter. While this practice is not common to all actors, it is common for many of them, offering a second pressure factor for the payment of the ransom.

Once the malicious actor has exfiltrated a certain volume of data (the techniques for doing so are diverse and fall outside the scope of this article) it will usually take a few days (perhaps weeks) before he hears about it again. The ways in which this data is made public are almost always in one of the following cases:

  • Pre-publication on some kind of “blog” (there are several famous “Happy blogs” by these actors) of the future file sharing. It seeks to increase the pressure on the victim, again aiming for the payment of the ransom.
    • If they announce it beforehand, they usually comply and after some time they usually share (on another page, usually in TOR to avoid police or judicial action) the stolen data, a sample or the whole of it, but in subsequent deliveries.
    • If, in some cases, the actor publishes the data on websites on the “shallow Internet“, the victim organisation or the law enforcement agency in charge of the case usually has the possibility to takedown the content by contacting the legitimate owners of the relevant web portal.
  • In other cases, with or without prior notice on a blog, the exfiltrated data appear on a TOR page either in “auction” mode (restricted access but the victim can see the auctioned object as a third measure of pressure) or in public access mode (mentioned above).

In all these cases, our organisation’s data (of any kind) can end up uncontrollably on the Internet.

The overall impact of information leaks

Thinking about the more general cases, a number of direct consequences of data leaks in organisations should be taken into account.

  • Legal consequences (the most popular but not necessarily the most sanctioning is the GDPR/LOPD line).
    • They apply to cases where it is certain or highly likely that personal data of EU citizens are held in such files.
      — In other regions, regulations similar to the GDPR may apply but of local or regional use (as far as their citizens are concerned), but not in the same way as the GDPR)
      — In all these cases there is a sanctioning regime that may be applicable (including financial penalties and disqualification from holding public office in cases where it applies).
    • Automated tools are usually necessary to be able to analyse hundreds of Gigabytes or even Terabytes of a leak, trying to characterise the type of data we have inside (which will be the focus of the argumentation of the data protection agency to decide on the sanction, as discussed in the previous point).
    • Contractual or NDA issues: In many cases, these data leaks contain confidential information about private companies, audits or sensitive intellectual property. This type of situation is often associated with confidential contracts covered by an NDA (Nondisclosure agreement) which, if not respected, can lead to significant financial penalties, cancellation of contracts, etc.
  • Reputational damage: In the context of data leaks, it is obvious that many people visit TOR (or monitor it with automatic tools) and profit from these situations: either by commenting on social networks (they position themselves as experts), or by alerting third parties (almost always on commission), downloading the data and trading with them, etc. In all these cases, the situation will end up in the media and, depending on the case, perhaps in the press and on TV (with a very significant deterioration of brand image). Therefore:
    • Some organisations have been tempted to pay the ransom for a ransomware incident (or for extortion by an internal insider), for example, just to avoid this situation even if they have a good recovery plan: severe reputational damage and disclosure of secrets, loss of trust of their main customers, etc., may be motivation enough.
    • Beyond the sensitive information that a data leak may contain, much other information (including personal files of users themselves at any level of the organisation) may end up being downloaded anywhere and by any individual or group, which should be taken into account again, perhaps, for communication measures, legal action with third parties, disciplinary action against clearly incompetent employees, etc.
      — In some anecdotal cases, the content of users’ personal files has been more “popular” than the actual leakage of data.
  • A mixed case that sometimes occurs is where the data leakage includes data from third party organisations. Then the leakage relating to one company A has a negative impact on others (B, C, D, etc.) which again leads to serious problems of the two previous types.

The summary of the article is clear: no organisation is free from the risks of such situations and therefore any organisation can be faced with a major data leak with press and TV coverage. Often the content of the leak is not fully known until it is shared by the actor and can be downloaded for analysis. Depending on the case, reputational or legal problems will be the most serious concerns.

A very complex situation in any case and a major risk that we all need to mitigate. We should not forget that.

Artificial Intelligence, IoT, and Blockchain: surfing the “Third Wave”

Ismael Rihawi    2 November, 2022

Back in 1980, futurologist Alvin Toffler published The Third Wave, a book inspired by Steve Case to express his vision of the development of the information technology paradigm in the context of a digital and globally interconnected world. The Third Wave, with its focus on “the things” around us, is already here. But how did we get to this point?

Major science fiction film references predicted a hyper technological future, where all physical representations (humans and machines) would coexist in harmony with a universe of on-demand digital assets and services. Films watched leisurely that we always observed with a certain skepticism, but that we gradually see becoming reality as we know it today.

In a universe that we understood to be ruled by impulses and inertia, figures such as Steve Case, co-founder of the company America on Line (AOL), which promoted the creation of the Internet, emerged. Case, already by 2016, was able to describe with exquisite precision the evolution of connectivity in the information society, identifying 3 great waves with their own identities that illustrate their different degrees of maturity over time.

We will now discuss the characteristics that define each of these stages, focusing in particular on the third wave, including: keys to success, main approaches to implementation and the actors involved in mapping out a future that we have recently embarked on.

First wave: communities beyond territorial limits

Figure 1: The foundations were built on a consensus between newly growing companies, united by the same purpose.

In the period between 1985 and 1999, companies such as AOL (of which Case was the leading component), Apple, Microsoft, IBM, Cisco Systems, HP, Sprint and Sun Microsystems were responsible for creating the hardware, software and network infrastructure needed to enable people to communicate with each other, laying the foundation for the Internet of Information.

Looking at it today in perspective as a revolution, its expansion was very complex. On the one hand, the high costs related to the acquisition of personal computers and installation of lines for service coverage to individuals. On the other hand, the challenge and cost of training professionals in the development of new lines of business (Web as Business Infrastructure). 

All this raised a sea of questions of different kinds: for the main players, from the technological point of view (“can I actually build it?”), to the business perspective, what are true benefits of this showcase on which to present the brand? (“it it worth the investment?”). The arrival of the second wave would respond in one fell swoop to such uncertainty.

Second wave: mass applications, social networks as a means of expression

Figure 2: The steps taken so far have allowed us to have an extensive market of applications, acting as facilitators of pastimes.

At the turn of the millennium, and representing a clear accelerator in the dotcom crisis, this era stood out for the creation of an excessive ecosystem of applications of different natures, based on the path laid out during the first wave. Social networks, search engines, online stores and payment platforms exemplify in good form the enormous diversity. A common aspect united all of them: to position the user in the centre, giving him/her the leading role so that he/she adds value in a co-creation environment (Web as Social Media).

In parallel to this emergence, new ways of information consumption and interaction with the world were developed. Thanks to the creation of intelligent devices (smartphones, tablets and wearables) and the concept of cloud storage, the frequent use of the web became popular, causing an exponential increase in the volume of data generated, breaking at the same time the spatial-temporal limits of connectivity that we were originally bound to.

New technology companies emerged in response to this opportunity, taking up the baton of “the avant-garde by default”. Google, Facebook, Twitter or Amazon, among others, took the risk of investing in an emerging market, without the certainty of receiving a great reception at first or obtaining a clear return on investment. And they were right.

Third wave: focusing on the things around us

Figure 3: New technologies in the service of extending the digital world to the real world.

And we arrive at the present moment, the object of an exhaustive study by Steve Case in the book he published under the same name as his mentor. He had no reason to devote such attention to it: to announce a new time of expansion of technology into all areas of our daily lives, becoming practically omnipresent. So close to us, that it allows us to act effectively in anticipation of real problems and weaknesses, whether in an environment of industrial production processes, or in the detection of pathologies of different significance in patients.

However, an outcome with such an accentuated social impact will require, as was the case in the first wave, the correct alignment of multiple aspects that push advancements out of their comfort zone. We must consider the perseverance in the exercise of innovation, the search for multisectoral alliances to provide the product with reputational and/or financial strength, as well as ensuring compliance with regulatory framework.

Regulatory complexity will now address issues for a wide scope of applications, such as drone fleet management, resource efficiency in a Smart City, or the implementation of an Artificial Intelligence assistant and fault detection in autonomous vehicles. These are issues that benefit the user’s experience, but in case of operational malpractice, could put at risk the integrity of the system itself.

In correspondence with the above, it will be vital to enhance the ability of change management, a determining factor to position which companies will lead this evolving environment. Those that can maintain the entrepreneurial spirit and self-discipline, will prevail (Apple and Amazon attest to this). In addition, they will champion the balance between financial return and the execution of its mission, with those organizations that truly put it into practice being rewarded. Brand loyalty taken to the next level.

How to build a Smart City: with IoT and Big Data

When technology matures to unite society and progress

Solving the challenges of the Third Wave means making use of advanced tools such as those we already have, which have reached a remarkable degree of maturity. Forming a set of integral tools, these technologies act as triggers for all digital transformation processes, and whose benefits provide personalization to the product or service that consumers expect in this arena. This is how all business solutions will bring together each of these pillars in their different stages of development:

  1. Internet of Things as a multi-element intelligence source, providing a tsunami of data wherever its application is justified.
  2. Big Data and Artificial Intelligence capabilities for the capture, normalization and extraction of patterns and trends that allow us to predict and act in time to optimise business decision making.
  3. Blockchain as a channel for sharing the record of changes in the state of our digital assets and to draw conclusions about them, representing a safe, reliable and immediately accessible way for all agencies involved to access data, governed by control mechanisms via Smarts Contracts.
  4. The technological communication standards required for a correct information transfer between the different agents and control points.
  5. Perimeter Cybersecurity mechanisms, preventing unauthorized access and use of data in compliance with regulations.

Steve Case was right. Let’s not be afraid of surfing the crest of the wave.

The Formula for Successful Hybrid Working

Mark Skelton    31 October, 2022

Optimising cloud-based technologies and enabling a seamless blend between remote and office work will be the key to hybrid working success. To achieve this, any effective hybrid working formula needs to consider 3 key areas: connectivity, cyber security, and digital inclusion.

Connectivity

With hybrid working emerging as the standard model for many of us, businesses need to ensure that connecting from any location is as smooth as possible, and exchanges with colleagues, whether in an office or working from home are seamless.  

If not, it could have a serious effect on collaboration among teams. It can also lead to unequal employee representation, with some people’s thoughts, ideas or opinions being overlooked. Smart meeting rooms will therefore be an important investment as organisations adopt hybrid working.

In this new fluid workspace, hardware and software need to integrate to create a productive meeting experience for participants, whether they are joining the meeting from the office or remotely.

Collaborative solutions to address the challenge of hybrid working

New tools are appearing every day to complement these spaces. For example, Microsoft’s employee experience platform Viva, and intelligent collaboration devices such as Surface Hubs or Poly Meeting Room solutions can seamlessly record and take notes during meetings.  

Linking these tools together can create a seamless working environment. In the not-too-distant future, we will also see Augmented Reality (AR) and Virtual Reality (VR) integrate into meeting room spaces to take that experience to a next level and give hybrid collaboration another dimension.

Cyber Security

Many of us are now working more regularly from home, and while this has many benefits, it can also  open the door to new Cyber Security threats. For those looking to offer employees hybrid working in the long term, addressing staff and data security is paramount.

Creating Cyber Security resilience involves several elements, one of which is staff education and ongoing training. Many admit that employees are their biggest weakness in IT security. So, providing education on the risks out there and how to spot them is an essential part of any strategy. 

The human factor: a key element of cyber security

This training should be regularly updated to represent the changing conditions of the workplace. Organisations need to continually adapt to keep employees safe, and once a cyber defence has been deployed, it’s then crucial to regularly check the security measures are effective.

This continuous monitoring is where many organisations struggle to keep pace with the thousands of updates each week, which is why, many CISOs, CTOs and business leaders are deciding not to go it alone but preferring to outsource cyber security to professional teams.

Digital Inclusion

As more of have shifted to home or hybrid working, one of the casualties has been workplace culture and a sense of community among workers.

Behavioural analytics tools can play a key role to ensure remote working is enjoyable and sustainable for everyone

There are also concerns that employee wellbeing and job satisfaction are also more difficult to track in a remote team. This is where behavioural analytics tools can play a key role, by analysing behavioural patterns to understand employee activity and help ensure remote working is enjoyable and sustainable for everyone within the modern workplace.

Secure Digital Workplace: chronicle of a foretold (and necessary) evolution

The insights that are unlocked by this technology will be invaluable, as they can also provide businesses with insights into employee working patterns. When these tools are combined with data sources, such as networks and smart meeting rooms, it provides business leaders with an all-important overview of employee engagement. From here, it’s possible to evaluate the true feeling of employees and understand if anyone does not feel included, and why.

Crucially business leaders must remember that there is not a one-size-fits-all method of implementing hybrid working.

The process involves a significant amount of evaluation and learning. As with every IT investment, you must secure the foundations of security and connection, and do not forget to include your team in the process.

Mark Skelton
Mark Skelton

Mark Skelton is Vice President and CTO at Telefónica Tech UK&I with responsibility for the technology strategy. Before this, his background was with big system integrators and large consulting firms including Accenture. He is an expert in digital transformation, workplace transformation, and hybrid IT strategy. He is passionate about bridging the gap between technology and business requirements to ensure customers achieve a good return on investment. He regularly consults on the following technology areas: - cloud transformation (Azure, AWS, private cloud) - digital transformation (IoT, data analytics) - productivity transformation (O365, VDI)

Cyber Security Weekly Briefing, 21-28 October

Telefónica Tech    28 October, 2022

Campaigns spreading ERMAC malware 

A team of Cyble researchers recently discovered a mass phishing campaign aimed at spreading the ERMAC banking trojan. The infection method is based on downloading fake apps that impersonate Google Wallet, PayPal, Snapchat and others.

These fake apps are downloaded from fake domains with websites that impersonate some of the most popular Android markets. These impersonations also include fake domains based on the companies allegedly distributing the apps.

Once these fake apps are executed, the ERMAC malware proceeds to steal data such as contact and SMS information, as well as a list of apps in use by the device. Phishing pages are displayed on the victim’s screen via that latter function, which in turn sends the collected data to the malware’s Command & Control via POST requests. 

More info

* * *

Apple fixes 0-day vulnerability for iOS and iPadOS in latest patch 

The latest update released by Apple fixes, among others, a 0-day vulnerability that could have been actively exploited against iPhone and iPad devices.

This vulnerability, identified as CVE-2022-42827 and still pending CVSS qualification by Apple, would allow an attacker to execute arbitrary code in the Kernel with the highest privileges. This could lead to data corruption, performance disruption or unauthorised code execution on the device.

The update that fixes this vulnerability would be available for iPhone 8 models onwards, all iPad Pro models, iPad Air third generation and above, and iPad and iPad Mini fifth generation and above 

More info

* * *

VMware fixes critical vulnerability in Cloud Foundation 

VMware has issued an advisory on two vulnerabilities affecting its Cloud Foundation hybrid platform, including a critical one.

  • The first, identified as CVE-2021-39144 with a CVSS score of 8.5 (9.8 according to VMware), is a remote code execution vulnerability through the Xstream library.
  • The second, identified as CVE-2022-31678 with a CVSS score of 5.3 assigned by VMware, could allow an attacker to cause a denial of service or expose information.

Both vulnerabilities would affect VMware Cloud Foundation (NSX-V) version 3.11 and would be fixed with the latest update. 

More info

* * *

Critical vulnerability in OpenSSL announced 

The OpenSSL Project team has announced that it will release a new version of OpenSSL, version 3.0.7 on November 1st, which will include a security patch that has been classified as critical.

While no details have been released of the serious vulnerability that will be fixed in this release beyond the fact that it does not affect versions prior to 3.0, its mere existence has caused concern as it is the first critical vulnerability to be announced by OpenSSL since 2016.

Although the developers have announced the deployment of the new version and the bug in advance so that users have time to take inventories and prepare their systems, OpenSSL does not believe that this will be enough for attackers to discover the vulnerability, as Mark J. Cox, a member of the team, has stated

More info

* * *

Zoom vulnerability could expose users to phishing attacks  

Zoom has issued a security bulletin fixing a vulnerability susceptible to URL scanning. Listed as CVE-2022-28763 with a CVSS of 8.8, the flaw could be exploited by a malicious actor using a specially crafted Zoom meeting URL to redirect a user to an arbitrary network address, enabling additional types of attacks, including taking control of the active session.

The products affected by this vulnerability include Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows), Zoom VDI Windows Meeting Clients, and Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows), all in versions prior to version 5.12.2.

Zoom recommends updating or downloading the latest software.  

More info

* * *

Drinik: Android banking trojan re-emerges with advanced capabilities 

Analysts at Cyble have detected a new version of the Drinik banking malware, targeting Android systems, and currently targeting 18 banking institutions in India.

According to Cyble’s report, the trojan poses as the country’s official tax administration app (iAssist) to steal victims’ personal information and banking credentials. Once installed on the victim’s device, the application requests permissions to write to external storage, receive, read and send SMS, and read the call log.

It will also request permission to make use of Android’s accessibility service, which will disable Google Play Protect and enable the malware to perform navigation gestures, record the screen and capture keystrokes and user credentials, displaying the legitimate Indian income tax site in the app.

As an end goal, Drinik redirects victims to an Income Tax Department phishing website where, under the guise of a refund in their favour, it will ask the user for their financial information, including account number, credit card number, CVV and PIN.

Drinik has been known since 2016 and has been evolving continuously improving its capabilities and targeting mass audiences, such as Indian taxpayers and bank customers in this case. 

More info

What was traced first in Blockchain, the chicken or the egg?

María Teresa Nieto Galán    27 October, 2022

Globalisation has become part of our daily lives in all economic activity areas. Some of those areas where change has been most visible are the agricultural, poultry and livestock sectors. By 2030, the demand for food is expected to grow by 35% due to a growing global population. This prediction will demand greater efficiencies in primary production systems.

To meet this challenge, technology is the best ally they can have. Not only must demand be met, but it must also be done in a way that is sustainable for the planet.

Likewise, in these primary sectors, there is a very clear local base, as each type of product is unique thanks to the type of soil, climate or native varieties that reside in a specific region of the world. In the case of Spain, was one of the first countries in the world to protect these geographical links and the traditions of our foodstuffs. As a result, designations of origin have become a key element in development policies.

Blockchain certifies food quality, safety and authenticity

However, these processes are characterised by the large number of intermediaries involved. With so many participants, it is not uncommon to encounter cases of fraud affecting their chain of trust.

One of them is the case of fraud in half of the crianza wines sold from Valdepeñas where, after extrapolating the real consumption data on the market with those actually declared, it was observed that the resulting sales figure was double that declared to the Designation of Origin organisation.

Another case, related to the poultry sector, is the fraud of organic eggs. In Spain, 11 billion eggs are produced every year and are identified with a code where the first digit represents the type of egg.

This number defines what treatment the hen received and can take different values:

  • Number 3: reared in cages
  • Number 2: reared on the floor of a house.
  • Number 1, free-range hens: reared in poultry houses that have the possibility to go out and peck outside. However, their feed is not certified organic.
  • Number 0, organic production: hens reared in the same way as above, but their feed is organic.

In 2020 Seprona of the Guardia Civil uncovered a fraud operation involving irregular consignments. In one of the cases, 45,000 eggs were sold as organic, when in fact they were of a lower category.

Blockchain technology is necessary for traceability solutions

On multiple occasions we have already talked about the fact that Blockchain technology is very necessary for traceability solutions, as it allows us to control the process, guaranteeing the quality, security and immutability of the information related to the products.

The Merge: one small step for Web3, one giant leap for Ethereum

However, what would happen if an egg type 3, from caged hens, already fraudulently labelled as “organic” is certified as such on the blockchain? Blockchain technology would not be sufficient, as it is necessary to prove that the data is valid before recording it on the blockchain.

BlockchAIn of Things

You might ask, what can we do about it? Is it all lost? Have we found an unanswered limitation in this technology? The answer is simple: BlockchAIn of Things.

At Telefóncia Tech we are aware that the technologies we work with are powerful and disruptive in themselves and, if we combine them, we could have the solution to our problems.

In this way, we could find a solution to the case of ecological eggs if we combine Blockchain technology and Artificial Intelligence. The Blockchain part, we would have it clear, we would only have to give traceability to the eggs once they start in the supply chain.

The 7 priorities of a company when adopting Blockchain

Where would Artificial Intelligence be applied then? One of the many applications of artificial intelligence is image recognition. Thanks to Deep Learning techniques, where the famous neural networks come into play, it is possible to recognise objects in images and even count them.

In this way, you could monitor the hens on the farm with cameras in real time and automatically determine whether they were hens of type 3, 2, 1 or 0. In this way, the information could be certified on the Blockchain before there was any possibility of fraud.

Therefore, the solution to the question of “what was certified first, the egg or the hen?” it would be much simpler than the typical problem, because the first to be certified in Blockchain was the chicken.

What is the Fifth Domain and what is its strategic importance?

Estevenson Solano    26 October, 2022

In recent years, conflict and stability in cyberspace have become a growing concern for many countries and organisations that consider cyberspace as a strategic domain and have strengthened their cyber defence, cyber intelligence and offensive capabilities.

The National Institute of Standards and Technology (NIST) defines cyberspace as a global domain within the information environment consisting of the interdependent network of information systems infrastructures..

The term “cyberspace” comes from the American writer William Gibson, who used it in his 1984 novel ‘Neuromancer’

This includes the internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries characterised as a complex environment resulting from the interaction of people, software and services on the internet through technological devices and networks connected to it, which does not exist in any physical form.

Cyberspace, the fifth domain

Cyberspace has been called the ”fifth domain”, of equal strategic importance to land, sea, air and space. This has intensified international competition in this field with major powers competing to dominate cyberspace.

Concerned about how to prioritise so many security activities amidst such a changing landscape? Are we joining forces to rethink cybersecurity? What is the impact of cyberspace on economic growth and development? Do we accurately understand the connotation, characteristics and essence of cyberspace?

The dynamic nature of cyberspace can introduce challenges in decision-making. Leaders routinely face difficult decisions in managing cyber risk, as exposure to cyber risk can threaten reputation, customer trust and competitive positioning, and possibly result in fines and lawsuits.

Understanding The Dynamics of Ransomware Security Incidents

New Cybersecurity Challenges

In this context, leaders must simultaneously address changing organisational priorities, shifts in budgets, technologies and employee headcounts, as well as evolving adversarial tactics and emerging security events, among other things. Cyberspace has faced many security challenges such as identity tracking, identity theft, terrorism, espionage and warfare. The continued exponential growth of cyber-attacks puts more pressure on executive decision-makers to stay ahead of the curve.

Cyberspace connects everything and everyone with applications, data, purchases, services and communications… Securing it is essential to protect organisations, the environment and society.

Reacting after the fact can be very costly and increase the need for ex post regulatory assessment and sanction. We see and understand that cyber risk is dynamic in nature, and we must now act accordingly.

Recent developments and changes in cyberspace, such as the increase in cyber threats, the shift to hybrid working and the ability to bring your own device into the work environment, have increased discussions about the need to improve the overall cybersecurity posture across organisations.

Challenges for the management of cyber crises

Zero trust has emerged as a potential solution and a challenge that creates confusion in cybersecurity circles about its effectiveness. What policies, practices and partnerships are needed to prevent a cyber pandemic? Are our organisations prepared for a confrontation in cyberspace?

It also reveals where the greatest challenges lie in managing cyber crises, which are induced in cyberspace and have characteristics that make them difficult to deal with, such as the fact that they can be induced remotely and instantaneously in multiple locations.

As the dangers transform, so must our responses; digital threats demand vigilance, determination and resolve to react with precision to an ever-growing risk.

Cyber crises are also not always easily traceable, and it is sometimes difficult to see that the cause of a particular crisis in the offline world is an act in cyberspace. Finally, the borderless nature of cyberspace leads to a potential large-scale geographical spread of cyber crises and cyber resilience.

Security system complexity, created by disparate technologies and lack of in-house expertise, can amplify these costs. However, organisations with a comprehensive cybersecurity strategy, governed by best practices and automated using advanced analytics, Artificial Intelligence (AI) and machine learning, can fight cyber threats more effectively and reduce the lifecycle and impact of breaches when they do occur.

Where is your company on the cybersecurity journey?

An expanding risk surface

Indeed, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error, specifically by negligent employees or contractors inadvertently causing a data breach, continue to increase.

While cybersecurity professionals work hard to close security breaches, attackers are always looking for new ways to escape IT’s notice, evade defence measures and exploit emerging weaknesses.

Digitalisation has led to increased exposure of our technology assets in cyberspace, requiring a worldview of risk, resilience and trust.

The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools and new cloud services.

Today’s organisations are connected like never before. Their systems, users and data live and operate in different environments. Perimeter-based security is no longer adequate, but implementing security controls within each environment creates complexity.

The result in both cases is degraded protection for your most important assets. A strategy focused on zero trust to the cyberspace and environment makes the commitment and establishes controls to validate every user, device and connection in the business for authenticity and purpose.

To successfully execute a zero trust strategy, organisations need a way to combine security information to generate the context (device security, location, etc.) that informs and enforces validation controls.

Cyberspace is increasingly exploding. It requires greater coordination among all of us. It requires the development of standards to provide a stable and secure environment.

A cyber resilient organisation in the face of disruptions from cyberspace is one that can identify, prevent, detect, contain and recover from a myriad of serious threats to data, applications, and information technology (IT) and technology operations (TO) infrastructure.

We should remember that a defence-in-depth strategy, also known as a defence-in-depth strategy, helps us to address a cybersecurity approach that uses multiple layers of security for holistic protection.

The impact of cybersecurity attacks on SMEs and corporates

The importance of a layered defence

A layered defence helps security organisations reduce vulnerabilities, contain threats and mitigate risk. Simply put, with a defence-in-depth approach, if a bad actor breaches one layer of defence, it could be contained in the next layer of defence.

Traditional perimeter-based IT security models, designed to control access to trusted enterprise networks, are not suited to the digital world.

Organizations today are developing and deploying applications in corporate data centres, private clouds and public clouds, as well as leveraging SaaS solutions. Most enterprises are evolving their defence-in-depth strategies to protect cloud workloads and defend against the new attack vectors that accompany digital transformation.

The digital world has transformed the way we live, work and play. However, it is a digital world that is constantly open to attack, and because there are so many potential attackers, we need to ensure we have the right security in place to prevent systems and networks from being compromised.

There are plenty of risks, but so are the solutions, including those based on Artificial Intelligence and the “Zero Trust” model”

There is unfortunately no single method that can successfully protect against every type of attack. This is where a defence-in-depth architecture comes in.

Rethinking and refocusing Cybersecurity

Although cyberspace has become a central element of all vital processes in the global economy and in people’s social lives, it also carries a wide variety of risks. Framing these risks is no easy task: some cause damage in cyberspace itself, while others cause damage in the offline world as well.

Moreover, sometimes the damage is intentional, while other times it may be the result of accidents. The “cyber damage model” brings together these challenges and offers the opportunity to gain a comprehensive overview of different types of cyberspace-related incidents.

Cyber crises also bring with them a number of specific challenges for leadership, especially in terms of sense-making, decision-making, termination and learning.

Leading without a cyber strategy is like playing a game of whack-a-mole: as soon as one incident is squashed, another one pops up.

Cybersecurity strategies aimed at meeting the grand challenges are characterised by a holistic, cross-cutting and comprehensive approach as a catalyst for added value from governance, risk and compliance frameworks. Including the establishment of axes, principles, structures and practices necessary for their design, construction, implementation, monitoring and improvement, from the strategic to the tactical and operational level, resulting in emerging and disruptive innovation.

It is important to rethink and refocus cybersecurity when establishing a cyber strategy, giving scope in its spectrum to cover preparations and precautions taken against cyber crimes, cyber wars, cyber attacks, cyber incidents and cyber threats from the cyber surface.

More than ever, there are many positives. We have come a long way in a short time and we are doing a good job, but the key is not to settle, it is to reaffirm the commitment to do better, as our adversary comes with new skills.