In this article, we will discuss the issue of cybersecurity from the point of view of people, as the greatest risk for cybersecurity in companies. Perhaps many times without realizing it, we violate the cybersecurity of our company due to human error.
People, the true and greatest risk in Cybersecurity
According to the results of a study conducted by CyberSecurity 2019, OT / ICS, 60% of security professionals, consider that people are the greatest risk to your company’s cybersecurity.
Because of this, the new Information Technologies (IT) are trying to develop industrial security systems, which will help protect the most critical information, that is, the most sensitive data that would have a negative impact on an organization, if they arrived to be published intentionally or accidentally.
On this issue, a mechanism used in the army called Operational Safety or Opsec plays a very important role, which has become something vital for the government and from time to time it has become something of vital importance in companies.
What is Opsec?
As we mentioned earlier, it is a security mechanism used by the army and whose objectives are: “Identity, control and protect sensitive unclassified information about a mission, operation or activity, and hinder or mitigate the ability of an adversary to put in danger that information.”
Inscribe, defines Opsec as Military Discipline in Industrial Control. The main objective is to avoid the disclosure of secrets, in the form of critical information to the adversaries. It is a continuous process of analysis and review.
The most important thing when developing an Opsec program in an industry is to clearly define the critical information that is handled in each organization, therefore, it is necessary to define what information is considered critical and its definition. Once this has been clarified, the use of a good Opsec program together with adequate employee awareness will provide any company with an extra level of security in their systems.
Why are people the biggest threat in cybersecurity?
CybersecurityPyme has a lot to say about cybersecurity, emphasizing that 62% of security professionals believe that people are the greatest threat to industrial control systems.
SANS Institute, in its latest study, has revealed that more than half of respondents believe that cyber risks are high or higher than in previous years and are due in a high percentage to people, as they remain the greatest threat to Industrial control systems and their associated networks. The study was conducted in consultation with 348 security professionals worldwide, and professionals from the Information Technology, Operation Technology, and Hybrid Areas department were included. The highest percentage of respondents (62%) believe that people are the greatest risk to cybersecurity, then it would be technology (22%) and finally processes and procedures (14%)
Biggest cybersecurity threat
Speaking of human errors, Panda Security has a model that automates and minimizes human errors, as defined by María Campos, vice president of sales for the large account at Panda Security. He also notes that Panda tries to give an answer that attacks all fronts and that is where the cybersecurity model, “zero confidence”, comes into play, where all applications are classified through a continuous service, to know if they are good, bad or unknown. By controlling everything that people execute, the risk is reduced and possible impacts are avoided. Something important also, in the field of awareness and training, is to make things very easy for the user and therefore, leave few decisions in their hands-on whether to execute something or not.
As we know technology is advancing faster than we think, therefore, industries must always be at the forefront of this issue, and as long as human errors are detected on time or planned, cybersecurity in an industry can be controlled…
There are many factors that influence to violate cybersecurity in an industry.
The gap between supply and demand continues to increase, therefore, increasingly specialized training is vital to apply new mechanisms and identify cyber threats.
Cybersecurity and privacy in 5G networks
For the first time, mobile technology will not be mostly intended to serve the individual user but will open new growth opportunities for all industries and a multitude of business verticals. Services such as telemedicine, smart city and traffic management or everything that surrounds smart homes will benefit from 5G technology. However, this will also mean an increasing number of sensitive and private data circulating through the network.
At the privacy level, many of the requirements included in the General Data Protection Regulation (GDPR) of the European Union are perfectly valid to address the issue of privacy and security in 5G networks. Transparency, the responsibility of the company in charge of data processing or the right to protection of digital people must remain key elements in the future.
Vulnerability assessment, quantification of real risks and the development of mitigation strategies are fundamental, both at the public and corporate level.
The security of 5G networks
On the other hand, the maxim that everything that is connected is likely to be hacked makes more sense than ever when thinking about a hyperconnected and digital society. That is why more and more talk about the concept of security and privacy from the design in 5G networks. That is, any service that is deployed in a network must anticipate potential risks and protect against them already from the design phase.
The more physical elements are connected to the network, the more gateways will exist for cyber threats. Therefore, the assessment of vulnerabilities, the quantification of real risks and the development of mitigation strategies are fundamental, both at the public and corporate levels. This is the line on which, for example, the European Commission works, which last March published a series of recommendations to jointly address the security of 5G networks.
According to the regional organization, the introduction of industrial 5G in the automotive, health, industry and transport sectors leads to a potential profit increase of 114,000 million euros per year. Ensuring the cybersecurity of this new generation of mobile networks is key to protecting the development of these industries, as well as defending the autonomy of European countries.