We are witnessing an important moment in which the world of technology is fundamentally changing, with numerous consequences for the digital environment, relations between people, work and leisure.
Virtually nothing is untouched by the wave of digitalisation, and people, companies and institutions are increasingly obliged to live and operate online. There is no doubt that it is a scenario of opportunities; however, it also brings with it new threats of cyber-vulnerability for internet users.
The problem is that even though users may be concerned about their cybersecurity, they are often unable to identify what the dangers really are, and therefore do not know how to deal with them. For instance, a large number of internet users think that the greatest threat online is for your personal data and passwords to be stolen. However, cyber-crime is constantly evolving, for example, attackers may want to access users’ resources to take advantage of their processing power in order to perform tasks that require considerable computing power, or they may steal your bandwidth so that your system will act as a zombie within a botnet, which will enable them to perform massive attacks.
The publication -only in Spanish- Cybersecurity – Protecting Information in the Digital World, which Fundación Telefónica has just launched in its digital culture editorial, examines this topic, reflecting on the type of dangers lurking online and ways of preventing them. Probably, the most interesting feature of this work is the study the authors carried out, which consisted of classifying the main current trends and identifying their main vulnerabilities, as well as their security needs. In this way, they analyse phenomena such as BYOD (Bring Your Own Device), cloud computing and big data, the internet of things, the industrial internet, mobile apps and multiple digital identities.
The concept known as Bring Your Own Device is the product of the gradual disappearance of the barriers between employees’ personal and professional lives, as they increasingly carry out work-related tasks anywhere, not necessarily in the office. Consequently, they increasingly use their own devices, especially laptops and smartphones, with the resulting cost savings for companies, the flexibility of being able to work anywhere and a considerable increase in productivity.
In spite of the advantages of this way of working, it brings with it considerable dangers from the point of view of cybersecurity, because it involves devices which, when accessing corporate networks, can lead to certain traces of personal information falling into the hands of third parties. Uncontrolled and unlimited access to company systems can leave the door open for malware to enter. Additionally, BYOD implies the coexistence of a large number of operating systems and different versions, a diversity which is difficult to manage and which may often lead to the existence of security loopholes.
Security solutions in the case of BYOD consist of:
Focus on the Network – This is based on the control of access to the known network (Network Access Control) and means that it is the network that controls which devices can access the system.
Mobile Device Management (MDM) – MDM is a software platform that monitors and manages all mobile devices.
Virtualisation – This enables applications to run on back-end servers, which means that neither applications nor company data are found on mobile devices themselves.
Focus on Mobiles: This involves having security systems on devices themselves using an MDM system installed by the manufacturer. Generally, mobile devices will have two SIM cards, one for personal use and the other for professional use.
In a short space of time, cloud computing has become an important technological trend; however it involves many risks associated with security. These risks include loss of control in the use of cloud infrastructure, the lack of a security guarantee for data and applications when portability to another supplier is involved, isolation faults, problems with obtaining external security or quality certifications for the services of a company operating in the cloud, or the exposure that is involved in online interface management.
With regard to big data, the storage and processing of huge amounts of data, in itself, constitutes a security risk, since leaks or theft of information can have significant legal implications and may affect an organisation’s reputation.
Here, the report highlights security issues such as data encryption and the resilience of the network, which is essentially, the ability to provide and maintain an acceptable level of service with which to deal with the faults that appear in the day-to-day use of the network.
The Internet of Things (IoT) is one of today’s big developments for the future. The possibility of connecting all kinds of objects to each other enables us to consider the advent of intelligent or smart environments: smart cities, smart homes, smart schools or smart vehicles. Applications related to the internet of things will become so common in our daily lives that a lot of sensitive personal information could be within reach of third parties if there is not sufficient protection.
There are four main security recommendations in this case: resilience in the event of attacks on a node, so that overall network security is not compromised; data authentication; access controls that enable you to manage, in an orderly manner, which objects are connected and whether they have the right to be connected; and finally, the upholding of privacy standards for customers in accordance with legislation and with their own desires and needs.
The industrial internet, or Industry 4.0, involves not only the automation of the activity carried out by many production machines, and even entire processes, so that they can work without human intervention, but also, providing those machines or processes with a certain intelligence so that they can interact with the environment in a more autonomous way and are able to adapt directly to the situations and changes they are faced with.
Attacks on industrial installations are nothing new, but the fundamental aspect of the industrial internet lies in the integration of traditional physical production systems with the computer systems that monitor these processes, in what has come to be called cyber-physical systems (CPS). The objective is therefore to protect the different layers or surfaces of a system (communications, hardware, software) so that there are no vulnerabilities.
Currently, apps are the preferred means for connecting to the internet from mobile devices. In order to gain an idea of their significance, suffice to say that 90% of the time people are connected to the internet via a mobile device, they are using an app, and every month, some 40,000 new apps are released onto the market. The main cyber threat in this case is their ability to collect personal data and record behaviour, which makes them the focus of potential information leaks, which would affect user privacy. Another factor to be taken into account is that their global nature collides with the various privacy protection laws that exist in different countries.
Security solutions can consist of the use of specific privacy software for mobiles; however, it is essential to inform and educate users about the proper management of their privacy online.
Digital identity, or a user’s online profile, results from the fragmentation and spread of personal information in different places. This often means it is impossible to control it and that it can be used by third parties without the consent of the user. As a result, identity-related fraud is as varied and diverse as the human imagination allows.
The complexity of addressing digital identity, both from a legal and technological standpoint, means that all matters relating to identity and privacy, above all, must be included in the design of systems, services and applications from the very outset, as part of the numerous security solutions that exist. And of course, the most important thing is to raise user awareness with regard to matters associated with identity and its implications in preventing possible problems related to this subject.