The great challenges of cybersecurity

Already in 2022, there was a significant increase in cyberatacks globally, signaling a trend that many indicators predict will continue to grow. The economic costs arising from this volume of criminal activity are soaring to truly dizzying figures, which is an important wake-up call in terms of the need to emphasize the fundamental role played now, and in the future, by cybersecurity.

Fortunately, most organizations are changing their mindset on this point. Whereas in the past it was common to perceive cybersecurity as a super-specialized area, the almost exclusive technical competence of IT departments, which was limited to technological solutions (firewalls, antivirus, etc.) installed in the different systems, today this idea is being abandoned.

Our current understanding of it allows us to include it within the corporate culture itself, permeating each and every aspect of daily activity. Such a transformation in the general sensitivity with which we now relate to the protection of assets, their exposure to risks of various kinds, and their vulnerabilities, brings with it the challenge of knowing how to develop awareness and training programs that respond adequately to present and future demands.

However sophisticated we may imagine the possible cybercrime actions to be, perhaps mediated by the gimmicky influences that come to us from movies or other popular media, the truth is that social engineering in general, and phishing in particular, are still the main resources used by cybercrime to perpetrate its acts.

Preparing people to recognize when they are being targeted by such campaigns is critical. Without such a precaution, any technological investment will suffer from being compromised by phishing strategies or similar deceptions.

Artificial Intelligence in the world of cybersecurity

It is true that, increasingly, techniques in this regard are becoming more and more sophisticated. This point helps us to introduce the next challenge we want to highlight. Undoubtedly, if there is one element that has absolutely permeated society, it is the democratization of the use of artificial intelligence (AI).

The constant debates generated around it oscillate, on the one hand, between those who fear the consequences it may entail, and, on the other, those who see in it the solution that humanity has been waiting for to solve the world’s problems.

Regardless of the position adopted on the subject, the truth is that its use has significantly transformed many aspects. As far as we are concerned, we see news emerging of how its use benefits both cybersecurity and its antagonist. Cybercrime is being used by cybercriminals to sophisticate their actions.

In reality, no innovation has yet been detected that has burst onto the scene thanks to the direct contribution of AI. What has been observed is that artificial intelligence is helping to improve the most common cybercrime techniques (ransomware, phishing, code injections, DDoS, etc.).

A very expert use, no doubt, through a lot of knowledge, and a great deal of hours of testing and trials, can obtain results that put some professional cybersecurity solutions in check. However, it is no less true that the later is also benefiting from the reach of this technology. Through it, threat detection mechanisms are able to develop increasingly precise responses, thanks to the analysis of volumes of data and parameters that were unthinkable until recently.

Applications will continue to advance in various directions, and the challenge facing cybersecurity is to know how to adapt to and incorporate them, in a constant struggle to avoid being left behind by what is being devised by cybercrime based on artificial intelligence.  

What does seem clear is that, despite what different voices say, AI will not lead to the destruction of practically all cybersecurity jobs in the near future.

In fact, reports published from relevant sectors of the industry itself, as well as from entities with a strong presence in the sector, and other media, highlight the massive need for professionals trained in different specializations within this complex field. New profiles will emerge, as they are already doing, to respond to the demands imposed by the context (prompt engineering, etc.). Artificial intelligence will certainly automate actions that today occupy various professionals, but their knowledge and experience will still be needed to work with elements beyond the capabilities of a machine. Analyzing the results obtained, knowing how to properly understand the data, knowing how to apply the conclusions derived from them, weighing the real risks of the models, communicating the details properly, generating ideas, making decisions that take into account variables beyond the statistical, are aspects that are far from being replaced. Cybersecurity has, and will continue to have, an enormous need for professionals whose talent is incorporated into multiple scopes (research and development, regulatory compliance, audits, etc.).

Cybersecurity as a strategic factor

Another aspect that should not be neglected, and which cybersecurity must deal with appropriately, is the increasing professionalization of cybercrime. The underground market offers tools designed for all types of cyber-atacks. While their effectiveness depends to a large degree on the skills of the person handling them, it is no less true that their availability invites many upstarts to try their luck in their criminal aspirations. 

The proliferation of attacks, coupled with an unstable geopolitical context that strains international relations, manipulation through disinformation campaigns that generates a climate of unrest, etc., all call for cybersecurity policies that are capable of effectively managing these and other threats. In this sense, both national and international public bodies are designing legislation to support cybersecurity as a strategic factor. There is an increasing demand for compliance with requirements whose implementation requires specialized assistance. Guiding the incorporation of controls and measures whose classification and codification is sanctioned, not only by the highest authorities, but also by the very drifts imposed at the level of competitiveness (which increasingly demand the possession of certifications that endorse the commitment to information security) is one more challenge to add to the cybersecurity agenda.

Data and connection security

In addition to all of the above, we cannot fail to mention the increasingly important role of the cloud, and the way it provides for teleworking to become a reality for many people. This poses another major challenge for cybersecurity. Not only is it necessary to design solutions that guarantee the security of the data that organizations no longer keep on their own premises, but it is also necessary to establish how access to the data is to be carried out. And in doing so, this must be aligned with productivity, so that it is not affected by measures that, in their zeal, hinder or slow down workflows. Increasingly dynamic authentication procedures, which do not depend on requirements that escape the reality of the human condition, and solutions that strengthen the security of connections (especially external ones), are objectives that should not be left out of any cybersecurity catalog.

In addition to what we have just mentioned, there has been a significant increase in the number of devices connected to the network. Until now, what we know as the “Internet of Things” (IoT) has been limited to very basic compliance with the section dedicated to security. It is common to find that the devices we buy come with dangerously elementary configurations as standard. Here, too, cybersecurity faces the challenge of substantially improving the protection to be provided, starting with the design. The billions of connected elements are a sufficiently large atack surface that their control should not be neglected.

At JakinCode we take these challenges into account, along with others derived from them. We design products and services that respond to the need to give them an effective and efficient response. We have solutions adapted to the needs of our clients, covering areas ranging from the installation of cybersecurity measures, to training and awareness in this area.