Cybersecurity: cases and policies

Cyberattacks are becoming more sophisticated, targeted, and often undetected. That is why
cybersecurity measures are intensely discussed in connection to specific cases and policies in any
part of the globe.
According to the New York State Department of Financial Services (NYSDFS) investigation and
report, on July 15, 2020, a 17-year old hacker and his accomplices easily misled Twitter’s
employees into disclosing their credentials resulting in a breach of Twitter’s network. The
hackers impersonated politicians, celebrities, entrepreneurs, and several cryptocurrency
companies by abusing their Twitter accounts to solicit bitcoin payments in a “double your
bitcoin” fraud. The conclusion was that Twitter’s cybersecurity safeguards were inadequate. In
light of its findings, the NYSDFS insisted on dedicated cybersecurity regulation of large social
media companies similar to the NYSDFS cybersecurity regulation for financial services
organisations. The explanation is that “|[t]he risks posed by social media to our consumers,
economy, and democracy are no less grave than the risks posed by large financial institutions.”
Social media and other consumers’ organisations should also review their own practices in light
of the Twitter hack, and take steps to remove the dangers.
In October 2020 the European Union Agency for Cybersecurity (ENISA) issued its annual
Threat Landscape 2020 publication presenting a summary of the main cyber threats. The insights
are drawn by a tool that has become widely spread for cybersecurity assessments: contextualized
cyber threat intelligence (CTI) based on sectoral incident statistics. One of the main conclusions
is that COVID-19 situation has considerably accelerated cyberattacks. Malicious attackers have
used phishing campaigns and ransomware attacks to obtain sensitive data. By and large, the vast
amount of funding related to the Covid-19 pandemic has resulted in increased attacks on social
services. Educational research programs were increasingly affected by cyber espionage, as a
method to obtain insider information related to Covid-19 research.
The report also explores cyberattacks on emerging technologies. While 5G opens up
unprecedented opportunities for innovative use across industries, cybercriminals are already
attacking the network’s vulnerabilities. Though the 5G network enables device authentication,
device encryption, device ID, and credentialing, the proliferation of endpoints carries multiple
security dangers. Attackers can access confidential proprietary data, steal user information, or
inject dormant malware.
The exponential use of the Internet of things (IoT) enables the deployment of more devices, sensors,
and advanced software applications but the truth is that the IoT industry needs certainty.
Cybercriminals motivated by the potential extent of their attack may be able to shut down whole
cities and deny individuals access to their homes or offices. Malware or additional harmful
software is installed to disrupt the IoT and to exploit users and data for materialistic gains, such
as intellectual property theft, identity theft, brand theft, and fraud.

Another example is the inherent vulnerability of the software, on which smart cars are based on,
lead also to numerous threats. Specialists express the admonition that there is no 100% secure
software. According to a report by Symantec, there were more than 430 million new malware
variants in 2015 with 318 total data breaches and more than 429 million identities exposed to
cyberattacks. With respect to smart cars, cyber crimes include identity theft, general theft as well
as the introduction of any malicious software controlling the vehicle. Bluetooth attacks, for
example, can also easily be used to steal sensitive data. This serves as proof that despite
companies’ investments in cybersecurity, there will always be bugs in software. In addition,
most cyberattacks are caused by human error. Therefore, security measures can never be
efficient if they are not accompanied by adequate internal policies that prevent misconduct.
Setting standards of security and internal organisation that are validated by public authorities
and become a certification requirement for IoT companies can prove to be a solid security
measure.
Recently Australia has adopted its 2020 Cyber Security Strategy. Through the document the
Australian government promises to invest a record $1.67 billion over ten years in cybersecurity,
to support its implementation. The Strategy requires actions of governments, businesses, and
individuals to address key threats and ensure that Australia is a safe place to connect online.
Among the measures the government should undertake is to protect critical infrastructure in a
national emergency, boost cybersecurity partnerships, and stay ahead of the technology curve in
order to adapt to emerging cybersecurity threats. Businesses should strengthen the cybersecurity
of small and medium enterprises, create a more secure Internet of Things through the voluntary
Code of Practice on the security of the Internet of Things released by the Australian government
and grow a skilled workforce. Individuals should also actively contribute to the implementation
of the strategy by taking appropriate steps to protect themselves while being on the net.

Compiled from the Internet by “Media 21” Foundation