COVID-19 and the Internet of Threats
Only a few weeks earlier, we were under the impression that we are in a protected environment, one might call it a "deep sleep", where everything was just one click away. All the "bad things" seemed to be happening very far away, and we even tried very hard not to be disturbed and to continue with our lives as if nothing was really happening. Suddenly, however, everything has changed. Almost immediately, we realized that we are all equal in the face of illness, and what was very far away, was now at our door. Nonetheless, it is important that we also look at the opportunities that we have, and, most importantly, we need to make sure that we learn something meaningful. What is today called the COVID-19 virus has been, undoubtedly, a dramatic and painful experience for humanity. Nevertheless, at least in the developing countries from the European Union (EU), the current situation also triggered a profound and positive change. Suddenly, public institutions, government agencies, universities, schools, discovered that the Internet can help to reduce the spread of diseases (e.g., by eliminating what was previously a normal site - the endless queues) and that public services can be brought to the citizen by existing Information Technology (IT) solutions. Almost by night, what was previously unthinkable, suddenly started to materialize. Regular people were able to access public services, university lectures, etc., all of these being supported by modern IT solutions. Nowadays, a positive and possibly general opinion in these countries seems to be a hope that: "these services will not disappear after COVID-19". Unfortunately, while we try to see the "bright" side of COVID-19, if there is any, the sudden and somehow forced "digitalization" also opened new opportunities to malicious actors. What was originally seen as the savior, and a key enabler for the on-line operation of our society, has also shown its dark side: the Internet of Threats. As such, we experience an increase in the number of attacks targeting non-specialized people, people that are lacking the necessary IT skills to identify a common threat. Within this scenario, it becomes very clear that security solutions, as the ones developed within the GHOST project, can have many benefits. The era of the Internet of Threats, on the one hand, and of people getting "forced" by the current unfortunate situation to rapidly adopt a wide variety of sophisticated IT services, on the other hand, brings new challenges for any security solution. Accordingly, security solutions do not only need to apply for people lacking security expertise, but also to a large number of "connected" people that are, in general, lacking IT/computer skills. In such extreme, but nowadays very realistic cases, we need to reconsider the strategy of security solutions and to think of the possible adaptation to the current scenario. It becomes very clear that in these cases, the lack of general computer usage skills will require not only one particular solution, but a complete suite of security solutions orchestrated by an (artificially?) intelligent approach that can learn the user's needs and quickly adapt the security measures in order to provide the best possible protection. The following question, therefore, needs to be quickly addressed: Do security solutions raise to the challenge, or do we need to approach the problem differently? To address this question, the GHOST project somehow anticipated the need to address the requirements of non-IT experts. Accordingly, it developed a security solution that can fit to the needs and the profile of a wide variety of users, including non-security, as well as non-IT experts. The GHOST project addresses these issues by bringing together a team of IT and security experts, alongside non-IT experts that have permanent contact with regular non-IT users. The result of the project is therefore a tool-suite that is adaptable to a wide variety of users. Most importantly, however, the solution has been constantly changed by incorporating the feedback from expert and non-expert users from three different countries in the EU. Consequently, GHOST can provide the right answer to the above-mentioned question and can help non-IT experts to get familiarized and to accept more easily these sophisticated, but nowadays essential, software solutions. The KIS team.