Already in 2022, there was a signiﬁcant increase in cyberatacks globally, signaling a trend that many indicators predict will continue to grow. The economic costs arising from this volume of criminal activity are soaring to truly dizzying ﬁgures, which is an important wake-up call in terms of the need to emphasize the fundamental role played now, and in the future, by cybersecurity.
Fortunately, most organizations are changing their mindset on this point. Whereas in the past it was common to perceive cybersecurity as a super-specialized area, the almost exclusive technical competence of IT departments, which was limited to technological solutions (ﬁrewalls, antivirus, etc.) installed in the diﬀerent systems, today this idea is being abandoned.
Our current understanding of it allows us to include it within the corporate culture itself, permeating each and every aspect of daily activity. Such a transformation in the general sensitivity with which we now relate to the protection of assets, their exposure to risks of various kinds, and their vulnerabilities, brings with it the challenge of knowing how to develop awareness and training programs that respond adequately to present and future demands.
However sophisticated we may imagine the possible cybercrime actions to be, perhaps mediated by the gimmicky inﬂuences that come to us from movies or other popular media, the truth is that social engineering in general, and phishing in particular, are still the main resources used by cybercrime to perpetrate its acts.
Preparing people to recognize when they are being targeted by such campaigns is critical. Without such a precaution, any technological investment will suﬀer from being compromised by phishing strategies or similar deceptions.
Artificial Intelligence in the world of cybersecurity
It is true that, increasingly, techniques in this regard are becoming more and more sophisticated. This point helps us to introduce the next challenge we want to highlight. Undoubtedly, if there is one element that has absolutely permeated society, it is the democratization of the use of artiﬁcial intelligence (AI).
The constant debates generated around it oscillate, on the one hand, between those who fear the consequences it may entail, and, on the other, those who see in it the solution that humanity has been waiting for to solve the world’s problems.
Regardless of the position adopted on the subject, the truth is that its use has signiﬁcantly transformed many aspects. As far as we are concerned, we see news emerging of how its use beneﬁts both cybersecurity and its antagonist. Cybercrime is being used by cybercriminals to sophisticate their actions.
In reality, no innovation has yet been detected that has burst onto the scene thanks to the direct contribution of AI. What has been observed is that artiﬁcial intelligence is helping to improve the most common cybercrime techniques (ransomware, phishing, code injections, DDoS, etc.).
A very expert use, no doubt, through a lot of knowledge, and a great deal of hours of testing and trials, can obtain results that put some professional cybersecurity solutions in check. However, it is no less true that the later is also beneﬁting from the reach of this technology. Through it, threat detection mechanisms are able to develop increasingly precise responses, thanks to the analysis of volumes of data and parameters that were unthinkable until recently.
Applications will continue to advance in various directions, and the challenge facing cybersecurity is to know how to adapt to and incorporate them, in a constant struggle to avoid being left behind by what is being devised by cybercrime based on artiﬁcial intelligence.
What does seem clear is that, despite what diﬀerent voices say, AI will not lead to the destruction of practically all cybersecurity jobs in the near future.
In fact, reports published from relevant sectors of the industry itself, as well as from entities with a strong presence in the sector, and other media, highlight the massive need for professionals trained in diﬀerent specializations within this complex ﬁeld. New proﬁles will emerge, as they are already doing, to respond to the demands imposed by the context (prompt engineering, etc.). Artiﬁcial intelligence will certainly automate actions that today occupy various professionals, but their knowledge and experience will still be needed to work with elements beyond the capabilities of a machine. Analyzing the results obtained, knowing how to properly understand the data, knowing how to apply the conclusions derived from them, weighing the real risks of the models, communicating the details properly, generating ideas, making decisions that take into account variables beyond the statistical, are aspects that are far from being replaced. Cybersecurity has, and will continue to have, an enormous need for professionalswhose talent is incorporated into multiple scopes (research and development, regulatory compliance, audits, etc.).
Cybersecurity as a strategic factor
Another aspect that should not be neglected, and which cybersecurity must deal with appropriately, is the increasing professionalization of cybercrime. The underground market oﬀers tools designed for all types of cyber-atacks. While their eﬀectiveness depends to a large degree on the skills of the person handling them, it is no less true that their availability invites many upstarts to try their luck in their criminal aspirations.
The proliferation of attacks, coupled with an unstable geopolitical context that strains international relations, manipulation through disinformation campaigns that generates a climate of unrest, etc., all call for cybersecurity policies that are capable of eﬀectively managing these and other threats. In this sense, both national and international public bodies are designing legislation to support cybersecurity as a strategic factor. There is an increasing demand for compliance with requirements whose implementation requires specialized assistance. Guiding the incorporation of controls and measures whose classiﬁcation and codiﬁcation is sanctioned, not only by the highest authorities, but also by the very drifts imposed at the level of competitiveness (which increasingly demand the possession of certiﬁcations that endorse the commitment to information security) is one more challenge to add to the cybersecurity agenda.
Data and connection security
In addition to all of the above, we cannot fail to mention the increasingly important role of the cloud, and the way it provides for teleworking to become a reality for many people. This poses another major challenge for cybersecurity. Not only is it necessary to design solutions that guarantee the security of the data that organizations no longer keep on their own premises, but it is also necessary to establish how access to the data is to be carried out. And in doing so, this must be aligned with productivity, so that it is not aﬀected by measures that, in their zeal, hinder or slow down workﬂows. Increasingly dynamic authentication procedures, which do not depend on requirements that escape the reality of the human condition, and solutions that strengthen the security of connections (especially external ones), are objectives that should not be left out of any cybersecurity catalog.
In addition to what we have just mentioned, there has been a signiﬁcant increase in the number of devices connected to the network. Until now, what we know as the “Internet of Things” (IoT) has been limited to very basic compliance with the section dedicated to security. It is common to ﬁnd that the devices we buy come with dangerously elementary conﬁgurations as standard. Here, too, cybersecurity faces the challenge of substantially improving the protection to be provided, starting with the design. The billions of connected elements are a suﬃciently large atack surface that their control should not be neglected.
At JakinCode we take these challenges into account, along with others derived from them. We design products and services that respond to the need to give them an eﬀective and eﬃcient response. We have solutions adapted to the needs of our clients, covering areas ranging from the installation of cybersecurity measures, to training and awareness in this area.
Optimise your company’s security against cyber-attacks through a security audit and intrusion test.