As an information security practitioner, I closely follow the World Economic Forum's Global Risk Report. The 2023 edition has underscored the escalating prominence of cybercrime and cybersecurity as a global risk. "Widespread cybercrime and cyber insecurity" has made its debut in the top 10 rankings of the most severe risks over the next decade (WEF, 2023).
In the digital age, the importance of information security cannot be overstated. As we navigate the complex landscape of cybersecurity, one factor often stands out as both a potential risk and a line of defense: the human factor. This was the focus of my recent doctoral dissertation, where I explored the behavioral and cross-cultural factors that influence an individual's intention to comply with information security policies.
It is well known that humans are the weakest link in the information security chain, but specifically, who are them? Well, you may guess, “they” are everyone. I have been in both sides, as a user and as a system admin; and in both sceneries humans tend to make mistakes. It’s human nature.
A lot have been investigated, written and said about how to better protect companies against the unstoppable proliferation of advanced and sophisticated cyber-threats/attacks. By default, and by common sense, we tend to think that by adopting and implementing cutting-edge security technologies, companies will be on a better position to stop, prevent, and reduce security threats from cyber-criminals. This is not so far from reality. Lots of technologies have emerged and being adopted to reach that goal. Among these technologies are: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewalls, Antivirus, Network Access Control (NAC), Proxies, Gateways, Advance Threat Analytics (ATA), Sandboxes, Multi-factor Authentication (MFA), Artificial Intelligence (AI), and Machine Learning (ML) solutions to mention a few. However, security and data breaches still happen and are on the news all around the world, every day.
In the last decade of the proliferation of the World Wide Web, there has been a shift from normal human combat warfare to electronic warfare, where a person with a computer can do more damage to the infrastructure of a country than thousands of soldiers. The amount of data, intelligence, and damage generated by such warfare is astronomical. This type of warfare requires artificial intelligence and Expert Systems to go to the forefront of the battlefield in order to analyze data and trends to identify potential attacks and provide countermeasures to such attack. AI has put in a new perspective how Decision Support Systems (DSS) improve defense. DSS implemented today are in place to stop and deter in the shortest possible amount of time a cyberattack, and assist cyber defenders in finding the correct response.
Dr. Gilberto Crespo is an information security researcher & technology expert.