Today marks a new date for World Cybersecurity Day. Beyond being just another day, we can allow ourselves to reflect a little on the subject.
Cybersecurity is often a rather abstract concept for most of us, and as a result, it is often relegated to the background, without being given the importance it deserves.
Today, information technologies have totally invaded us and as a global collective we are not knowing how to deal with their effects and consequences. Everything is connected, everything can be managed remotely, the amounts of information being generated and handled are exorbitant and as a result the world has been transformed into a gigantic network of electronic devices that talk to each other, in many cases with human beings as mere spectators.
At first it was computers; but they were controlled, locked up in high-tech laboratories, operated only by an elite of technicians and scientists, who used them for academic, military and research purposes. But that did not last long; soon after, the use of computers spread to the commercial sphere, and they gradually invaded different areas. Until two things happened that would change our destinies: the personal computer appeared and, some time later, the use of the Internet became widespread. Fundamentally, the latter was the turning point; the Internet is the amalgamating agent, through which we have achieved this permanent hyper-connectivity between computing devices and also many of the things we use on a daily basis.
At the same time, the Internet acts as a giant magnifying glass for everything we did before it existed. Our capabilities have grown enormously; it is possible to handle extraordinary amounts of data in ridiculously short times; the speed at which news travels has grown to make it almost instantaneous in many cases; searches for information on any subject are trivial, communication is instantaneous regardless of where the parties are located, it is possible to do things remotely that previously required physical presence, and we could go on and on naming increased capabilities. It is as if our hands, eyes and ears have grown to reach the entire planet, and furthermore, as if our brains have an infinite capacity to memorise, deduce and process information.
So far, however, we have only talked about tools. The Internet, information systems and everything else that is interconnected are tools, just as much as a hammer or a shovel. Therefore, we cannot assign them characteristics of good or evil. It is their use that can be good or bad.
In fact, among the increased capabilities that these tools give us, there is the ability to steal from a distance, being able to access bank accounts and transfer money, or to access classified documents and learn secrets, there is the ability to deceive and defraud through emails, or to hijack systems and data and then ask for ransom, and many others like these, and all this remotely and with the protection conferred by anonymity. And all remotely and with the protection conferred by anonymity.
Nothing is new: studying, working, communicating, stealing, swindling, kidnapping. We humans have been doing all these activities since time immemorial. It's just that for some time now, we have had superpowers, if we compare our current capabilities with those we had until no more than 20 or 30 years ago, and in many cases much less.
In the midst of all this, the concept of cyberspace emerges. With multiple definitions, and long associated with science fiction, one that seems to be generally accepted is that which defines it as the set of interconnected devices and things, the systems that run on them, the communications that link them and the services that are provided and the processes that are executed from their availability. Clearly, it arises from the union between automatic digital data processing and telecommunications.
Today, more than just conventional computers make up this universe; many everyday objects have been modified to give them different (often unnecessary) information processing and communication capabilities.
From household appliances to cars, toys, security cameras and various other household devices, today many of these objects have an "active" presence on the Internet. This is without considering the element that perhaps has the most impact when it comes to explosive growth and security issues: mobile phones.
With computing capabilities superior in many cases to large computers of a few decades ago, smartphones have put in the hands of each of us an access point to the vast network of networks. From these, we have similar capabilities to those we could have from a conventional computer, with the convenience of portability in a pocket-sized format.
This has only further complicated an already complicated scenario in terms of information risks for the organisations and individuals involved.
While there are other reasons, the ability to make money easily and in huge amounts for an individual scale is the main driver behind the information security problems we are and will continue to face.
Cybersecurity is about how we protect our information in cyberspace, while remaining part of it. Technology is a very important component of defences, but by itself it is not enough. Remember that it is a tool, a powerful tool, but a tool nonetheless.
It is we, human beings, who are responsible for using it properly and thus defending ourselves from those who use it to abuse our rights as citizens of the world.
Author: Hugo Köncke
Consulting Manager Security Advisor Uruguay
Connect