In an increasingly digitalized world, where technology shapes almost every aspect of our daily lives, cyberattacks are more common than we would sometimes like to admit. And what’s most surprising on many occasions is not the attack itself, but the perpetrator. Such is the recent case of a 17-year-old teenager who, according to the London authorities, is allegedly linked to the cyberattack on the Transportation for London (TfL) system in early September.

This incident not only highlights the vulnerability of our critical infrastructure, but also opens the door to a deeper discussion about the role of young people in the world of cybersecurity and the responsibility that falls on them when their actions cross the line of legality.

The incident: What happened?

For those unfamiliar with the case, the attack affected one of London’s most widely used systems: the public transportation network. Significant service interruptions were reported for hours, affecting thousands of people. The technical details of the attack have not yet been fully disclosed, but we do know that it was a sophisticated attack that disrupted the operation of the digital systems that TfL uses to manage traffic, ticket sales, and bus and train logistics.

But what’s particularly caught many people’s attention is the alleged involvement of a teenager in the case. According to reports, this young man could have been part of a larger group or even acting on his own. At this age, many young people are exploring the digital world, but some decide to go further and cross the boundaries of what is allowed (sometimes without fully being aware of the consequences). And in a sensitive context such as public transportationation, the consequences of a cyberattack are not only technical; they directly affect the lives of thousands of people.

What drives a teenager to cybercrime?

This teenager’s story invites us to reflect on an increasingly common phenomenon: the involvement of young people in illicit activities in cyberspace. But what motivates someone so young to engage in an attack of this scale?

It’s easy to fall into the stereotype of the “lone cybercriminal,” someone who acts out of pure malice or with the goal of causing chaos. However, the reality is much more complex. Some teens get into hacking and cybersecurity out of curiosity, others out of defiance, and some, unfortunately, because of a lack of proper guidance or education in digital ethics.

Access to tools or means to engage in cybercrime, both in obscure forums and in more accessible networks, has grown exponentially. For a teenager with basic technical skills, the next logical step after learning to program or researching vulnerabilities may seem, in the eyes of many, to be “testing their skills” in a real-world environment. This approach, without proper guidance, education, and ethics, can lead to serious consequences.

The importance of cybersecurity education

If this incident makes one thing clear, it is the urgent need to educate the new generations on cybersecurity from an early age. While many schools and educational systems teach young people about how to use technology, little is said about the ethical and legal risks involved in misusing it.

Access to information and hacking tools is not in itself the problem; the real challenge is how young people use this knowledge. With the right guidance, that same 17-year-old could have been a valuable talent for a cybersecurity firm, using his skills to protect systems rather than attack them.

What’s the role of the cybersecurity industry?

This is where the responsibility of the cybersecurity industry and companies comes into play. We must not only focus on protecting our critical infrastructure from attackers, but also on creating spaces where talented young people can develop their skills in an ethical and productive manner, in a controlled environment where simulated attacks have no actual consequences. Initiatives such as ethical hacking competitions or cybersecurity training programs could be an excellent way to channel the interest of these young people towards constructive outlets in society.

What measures do GMV’s solutions incorporate?

GMV has a series of measures and practices in place to prevent this type of attack. A common practice is network segmentation, which limits the lateral movement of attackers between critical systems and office networks. We also use intrusion detection and prevention systems (IDS/IPS) to monitor traffic and detect threats in real time, as well as multi-factor authentication (MFA), which adds an additional layer of security by requiring multiple forms of verification for access to sensitive systems. Additionally, we have an update and patch management process that keeps the software secure from known vulnerabilities, while firewalls and access controls prevent unauthorized traffic. Furthermore, we perform continuous monitoring with SIEM platforms, which detect suspicious patterns and make it possible to react swiftly to threats. To identify weaknesses and vulnerabilities, we conduct audits and penetration tests, complemented by cybersecurity training for employees to avoid human error. Finally, we implement redundant systems and incident response plans, guaranteeing service and business continuity and cyberattack resilience.

Author: Victor Sanz Martín