By Enrico Venuto, CISO, Politecnico di Torino
In recent years, with the strengthening of telecommunications networks and the widespread diffusion of communication devices, applications, and online services, there has been a boom in the use of digital technologies. These technologies have quickly permeated everyone’s life so that today, living “disconnected” seems nearly impossible.
This incredible evolution of digital communication systems has also brought about significant risks connected to the usage of mobile phones and computers: the risk that someone might infiltrate our “digital life” and impersonate us in certain operations is very real. Additionally, the shift to online economic transactions has prompted an evolution in the tactics used by scammers and thieves. Unlike traditional theft, which is often easy to detect, these digital intrusions are more insidious and harder to identify. Our established methods of protection—walls, doors, padlocks, and chains—are no longer sufficient against these new types of attacks.
To combat and prevent these threats, we need tools that are less visible and tangible, primarily digital solutions designed to mitigate digital risks. Today, many individuals and companies work in developing tools and techniques for online defence: while in the past, few companies were focused on cybersecurity, today it is virtually impossible to find an IT company that does not address it.
This explosive growth in the cybersecurity sector has enabled us to access a variety of sophisticated tools, which are continuously updated to defend against cyber intrusions. These tools include antivirus software, anti-spam filters, anti-malware solutions, firewalls, and data encryption technologies.
Understanding cybersecurity can be complex, but the metaphor of a chain is often used to illustrate its principles. In this analogy, each link in the chain represents a component that is continuously targeted by cyber threats. The chain comprises individuals who experience phishing emails, malicious messages, and phone calls designed to steal their information. Antivirus systems, operating systems and network devices are also links of this chain.
It is essential to recognise that the overall strength of a chain is determined not by its strongest links but by its weakest. Every burglar knows that a chain is only as strong as its weakest point, which represents the greatest vulnerability.
Despite the considerable attention given to the security tools available to us, viewing cybersecurity simply as a collection of programs, systems, and procedures is overly simplistic. In the past, this perspective may have held some truth; however, increasing awareness of the dangers of the internet and the proliferation of a security culture have led to a more informed public. Today, it is uncommon to find someone entirely oblivious to the risks associated with digital systems. Even those over seventy, who have largely lived without technology, now use smartphones and the internet. They approach these tools with caution and respect, acknowledging the complexities that can be misunderstood or feared.
Moreover, the deep interpenetration of the digital component in people’s lives has made it a crucial part of individual identity. An attack or offence to a person’s digital sphere today constitutes an assault not on something external but on the very essence of the individual. Such offences, attacks, blackmail, and privacy violations can deeply wound individuals, sometimes leaving scars that are difficult to heal.
In recent years, the rise and proliferation of a new genre of applications have significantly altered the landscape of cyber threats and scams, making things possible that were previously unthinkable or prohibitively expensive. Artificial intelligence, particularly generative AI, has provided numerous tools whose improper and fraudulent use could facilitate a variety of entirely new scams, to which we are still vulnerable due to the limited availability of defence and prevention tools.
Consider for example the implications of being able to create, with minimal effort and at a very low cost, fake videos of people taken from other contexts who do or say things programmed by the attacker. For example, one could think of making a video call to a relative while actually speaking with an avatar. Generative AI tools could also allow for signing phone contracts by generating copies of identity documents and fake video declarations. As these tools become more accessible, regulatory bodies are working swiftly to establish guidelines and best practices to safeguard individuals.
A common assertion in cybersecurity discussions is that the weakest link in the security chain is the human element: people often make mistakes, overlook crucial details, and fall prey to scams. However, the increased penetration of digital life into our daily existence has led to greater awareness of online risks. Individuals are becoming more attentive and informed, navigating a world that is no longer solitary but interconnected, relying on shared knowledge and experiences.
Attacks evolve daily, becoming more insidious. Yet, the ability to discern threats, the culture of cybersecurity, and a focus on security—along with privacy legislation that increasingly prioritises data management by IT service providers—offer more effective protection tools, no longer solely reliant on the often unaware use of security software.
While cyber attacks continue to evolve, so too do our protective measures. The emphasis on cybersecurity education, along with privacy regulations aimed at improving data management, is enhancing our ability to defend against cyber threats. Across Europe, national and international organisations are developing strategies for IT security and incident management, with specialised police units dedicated to combating cyber fraud. This collaboration allows law enforcement to tackle digital crimes that can be executed from anywhere in the world.
The growth of awareness, the dissemination of cybersecurity culture, the ability to use social media to network and raise awareness of new types of scams and attack techniques employed by malicious actors, and the sharing of good security practices, are transforming humans into one of the most resilient links in the cybersecurity chain. It is becoming increasingly common to see in companies or universities where the culture of cybersecurity has spread and taken root—along with a profound awareness of online risks—that the notification of early signs of ongoing cyber attacks comes from humans, even before sophisticated (and expensive) automated alert and prevention systems.
Humans, once the weakest link, are beginning to serve as the most acute and sensitive sentinels against cyber attacks. The human brain is the most resilient link in the chain and constitutes the first line of defence in cybersecurity.
About the author
Enrico Venuto holds a M.S. Degree in Electronic Engineering from Politecnico di Torino. As an ICT Architect, he designed and developed the first campus-wide teaching and learning portal in 2000. Former Head of the IT New Technologies, Portals and Contents Division of the Politecnico di Torino and then IT Infrastructure Manager, he is now the CISO and the Head of the Cybersecurity & IT for Research Division. Enrico is a member of the Technical and Scientific Committee of GARR, the ultra-broadband network dedicated to the Italian research and education community. Author of some scientific papers in web-learning and ICT Security areas, he has been involved in a number of European projects.
Also this year GÉANT joins the European Cyber Security Month, with the campaign ‘Your brain is the first line of defence‘. Read articles from cyber security experts within our community, watch the videos, and download campaign resources on connect.geant.org/csm24
