Promoting understandable cybersecurity to bring out the real issues we should all be concerned about
LIBRECON, southern Europe’s international open-source technology event, powered by CEBIT, brought together in Bilbao the top open-source technology companies to look at success stories, run workshops and hear papers from prestigious firms. One of these papers was given by Javier Zubieta, Marketing and Communications Manager of GMV’s Secure e-Solutions sector, who analyzed the latest sector trends and shared the expertise built up during his long and varied career.
One of the main points debated in this year’s congress was cybersecurity. Javier Zubieta’s paper, in particular, was based on the “Understandable” concept, designed to explain society’s complex issues in a simple way that can be understood by laymen. The paper stressed the importance of awareness-raising: an ignorance of the causes, reasons and modus operandi of something so crucial to us should worry us all. Cybersecurity is one of the critical points affecting the whole connected world we now live in, and is bound to become even more critical as time goes by. This is why it is so important to get across an understandable cybersecurity.
In a world moving so dizzyingly fast towards digitalization, it behoves all of us to observe good cybersecurity practices, both as individuals and employees. Javier Zubieta’s speech discussed real cases such as the Mirai botnet. The main targets of this malware were routers, digital video recorders and IP security cameras (IoT devices). The Denial of Service (DoS) cyberattack managed to degrade service quality and bring down systems. Mirai’s infection vector was use of the malware’s default credentials, since many of them are used in IoT devices where security is wanting or completely absent. The victim was a US DNS firm and the most notable consequence was denial of access to over 60 services including Amazon and Twitter. In sum this case is a simple, real example of cybersecurity being a latent threat and the fact that anyone can fall victim to malware.
The second part of Zubieta’s paper focused on explaining cybersecurity terms by means of real, everyday photos. A brief account established the parallelism in layman’s terms. These included examples of “deep web”, “zero-day”, “protocol vulnerability”, “black swan”, “phishing” or the aforementioned “DoS”. Once these concepts had been analyzed, an explanation was then given of the difference between reducing the likelihood of their success, mainly involving vulnerability management, and reducing their impact, involving mainly security controls and cyber-protection measures.
To wind up, Javier Zubieta shared his vision of cybersecurity vis-à-vis a future marked out by the twofold goal of “improving resilience and detection capacity”. “In one way or another we need to head off threats by dint of preventive detection, disarming any potential attack. At the same time experience shows we need to learn how to take the blows and recover quickly from incidents we don’t even know about today but which we are highly likely to suffer in the future. Resilience is no easy matter; indeed it is a thrilling challenge and the solutions is bound to come from the next generation” he argued at the end of his speech.