The presentation, Everyone gets hacked: What is cybersecurity? by Mårten Mickos, Frans Rosén and Andrew Rubin, was about the current state of cybersecurity and what needs to be done.
According to the presenters, the focus has been only on developing advanced software and cloud services, without protecting them. As a result, security lags many years behind the technology.
The above statement seems to be backed by statistics. A quick research shows that there are enormous attacks taking place worldwide, on a daily basis. The motivational factors behind the attacks can be classified as Cyber Crime, Hactivisim, and Cyber Espionage. The following chart shows the statistics for these three types of attacks worldwide for October 2016.
Obviously, cybersecurity is a shared responsibility between the end users and the developers. Users need to be careful in what kind of software they download and the links they visit. However, the greater responsibility lies with the developers.
According to the presenters, most of the mass attacks done by hackers are cheap ones. If we followed the basic security guidelines, we would be protected from most of the attacks. They also added that security needs to be considered part of software writing and the deployment cycle. The presenters ended with following suggestions:
- Setup a bug bounty program: open your system for security experts to look for vulnerabilities
- We need to train more security experts, as there is currently a shortage of qualified people
- Schools need to integrate security into their curriculums
- We need to think about security before the crises happen
At Otavamedia OMA, many of the websites we develop are based on Content Management Systems (CMS) such as Drupal and WordPress. I truly believe that cybersecurity is crucial for all CMS based websites. Next time, I will be more careful with the plugins and modules I download. I also plan to train my colleagues and customers about cybersecurity. I hope that everybody will remember that all parties need to take part in cybersecurity to make it secure.