The importance of cybersecurity in our society

By Tomas J. Garcia Lopez (ESI-UCLM graduate).

"No system is secure” is a phrase that is repeated frequently in any computer field. And it is true.  

Hardly a company is safe from cyberattacks that take advantage of flaws in its systems. Large companies like Apple, Facebook or Microsoft receive multiple reports of bugs on their systems on a daily basis. Small and medium-sized companies are no exception and, for this reason, it is increasingly common to invest part of the capital in the security of their systems, with the aim of avoiding these attacks and maintaining integrity. 

Most companies with sufficient funds are beginning to create dedicated security management departments, hiring staff and frequently conducting security audits of their own assets. The main problem lies in the lack of knowledge in most of the people hired, since Spain still does not have a sufficient academic offer in cybersecurity and some graduates begin their work function without sufficient knowledge in cybersecurity, with only general concepts and mainly theoretical. Due to the above, Spain ranks 59th out of 75 countries in terms of cybersecurity [2], a position that is not excessively prominent compared to other countries. However, despite this problem, there is a large Spanish community with extensive security knowledge that has been learning self-taught or through professional certifications offered by institutions such as OffensiveSecurity, among the most important. Within this community there are certain individuals who have become aware of the great problem mentioned above, and are dedicated to disseminating and creating content related to this specialty, providing learning resources to people who want to start in this field. 

The problem of cybersecurity in Spain [1] also entails numerous expenses: every minute 2,9 million dollars are lost due to computer crimes globally. It is estimated that 94% of companies have suffered at least one serious cybersecurity incident throughout 2021. All this makes us rethink investment in security in the company, and more so when new technologies appear every day that represent progress and advances, but also new sources of attacks. Technological progress is very present in our society, and just as it provides us with advantages, it is also a major security risk, since it is more common to find faults in new systems than in others that have been on the market for longer. For example, let's imagine a sector such as home automation, where a failure in the communication system could allow a person to activate or deactivate the alarm in a home. 

From my experience in this industry, I can give some tips regarding user level security that may help. For example, many people ask me about passwords and what their characteristics should be to be more secure. The truth is that none is totally secure, because there are certain ways to get someone's password and many times it does not depend on its strength. However, it is true that you can prevent brute force attacks with passwords by alternating special characters, uppercase, lowercase, and numeric characters.  

Another frequently used technique is Phishing (impersonation to obtain credentials and user data). Recently, a colleague was the victim of one of these attacks and lost all the money in her bank account. For this reason, my recommendation is that you never enter personal data such as passwords without first carefully reviewing the url in which you find yourself. Especially if it's the url original, the parameters must be reviewed, since the company may be the victim of an XSS-type attack and the request is redirected to the attacker through a parameter in the url, for example "?t=http://hacker.com". 

To finish, comment something about the security in your own computer: I recommend not to save, except for exceptions, the passwords in your computer, since the malware It usually collects all the data from your computer, such as passwords in browsers, Telegram conversations, Whatsapp or cryptocurrency wallets, among others. After collecting this data, it is stored in a directory on your computer with a totally random name combining characters. It then sends that information to a remote server, so you should always check any executable file that is installed, as well as that it comes from a reliable source; and, if possible, crucial information should not be stored on your computer, since any device connected to the network is vulnerable. 

In conclusion, no system is totally secure, since even Giants of the Internet suffer attacks almost daily, taking advantage of certain security holes. However, what sets them apart from others is their ability to respond to these failures. For all these reasons, it is essential that companies take the ciberseguridad very much in mind and do not see it as something unnecessary. In fact, on many occasions the existence and continuity of companies depend largely on the implementation of protocols that guarantee security. 

References