Cybersecurity for people: new challenges
More and more, but not enough, users of all kinds of services are wondering what is the risk of being a victim of cybercrime.
Given the general idea that cyberattacks are only focused on high-level information (industry, banks ...), the necessary precautions are not taken to avoid them. However, according to the Internet Crime Report 2017 (Hayde, Feregrino and Rodríguez Henriquez, 2018), around 300,000 complaints of cyber-crimes associated with an economic loss of 1.4 million dollars were received by the victims, with people 40 years of age and older being the most affected.
Concerning data of users in Non-Governmental Organizations (NGOs), cybersecurity is conditioned by the handling of very sensitive personal data. Mierzwa&Scott (2017) noted that these kind organizations often believe cybersecurity is not very important, as the employees do not view their organizations as valuable targets for cyber-crime.
On the one hand, both public and private organizations are increasingly aware of the need to protect themselves from attacks and theft of information, among other cybersecurity problems. Although there is a trend of continuous growth in cybersecurity budgets allocated by all Agencies, in the case of NGOs, inherent characteristics of this type of organizations such as obtaining funding and reducing costs, are not aligned with a good cybersecurity program. According to the PwC Global State of Information Security Survey (GSISS, 2017), the NGO cybersecurity budget represents 42% less than the average for other industries.
On the other hand, NGOs, personalizing in their end users, suffer a persistent threat to cybersecurity: human behaviour. From a qualitative point of view, the human factor is involved in most cyberattacks. It is important to notice that the most widely used password worldwide is 123456 (International Institute for Global Security Studies, INISEG, 2018). Quantitatively, technological irruption is visible in a greater number of people, many of them belonging at the same time to groups at risk of exclusion and users of services connected to the Internet of Things (IoT). There is an increase in the number of users of NGOs who, in addition to resorting to the entity because they belong to socially sensitive groups, become vulnerable groups in aspects related to cybersecurity problems.
The exposed problematics were the incentive for the Spanish Red Cross (CRE) and the Social Technologies Foundation (TECSOS) to participate in the GHOST Project. CRE is a Humanitarian Organisation, member of the International Movement of Red Cross and Red Crescent National Societies. It is one of the biggest organisations of civil society in Spain and it is strongly participated by volunteers. In the social and health field, the humanitarian objectives of CRE are focused on, among others, improving the situation of the most vulnerable people. In 2002 CRE, together with Vodafone Spain Foundation (FVE), created TECSOS, joining the social knowledge provided by CRE and technologic knowledge provided by Vodafone Foundation, in order to 1) solve social needs and 2) improve the living conditions of socially disadvantaged groups and people, by applying, developing and using the ICT solutions based on the IoT.
Tomás Mateos, Manager of Information Systems at CRE, highlights the evidence that technological development has marked a before and after in the entities dedicated to humanitarian work. Not only improving their internal management but also the services they provide to those in need, through telecare and telemedicine programs, among others. The organization is therefore aware of the need for easy-to-use applications that guarantee the security of confidential information in the new services connected to IoT. These services are being deployed in the homes of users and can range from sensors that collect the activity of the person within the home to health data of the person, and so on (CIO Spain, 2019).
The participation of CRE and TECSOS in the GHOST project envisages collaborating in a paradigm shift in the cybersecurity of the user person by incorporating usable, understandable and transparent security. In addition, it aims to empower users of the technological services offered to increase their Quality of Life. In the end, it is clear that the current increase in cybercrime requires responsibility for the security actions of the companies that manage services and communications, but also of those who use these services.
Spanish Red Cross and TECSOS Foundation.
CIO Spain. Debemos aprovechar la disrupción tecnológica para mejorar la ayuda a colectivos vulnerables [We must take advantage of technological disruption to improve aid to vulnerable groups]. 2019. Available in: https://www.ciospain.es/entrevistas/debemos-aprovechar-la-disrupcion-tecnologica-para-mejorar-la-ayuda-a-colectivos-vulnerables
Hayde PB, Feregrino C and Rodríguez Henríquez L. Importancia de la educación sobre Ciberseguridad para el usuario común [Importance of Cybersecurity Education for the Common User]. 2018. Available in: https://saberesyciencias.com.mx/2018/10/12/importancia-la-educacion-ciberseguridad-usuario-comun/
INISEG. 2018. Súper dato: los empleados son la mayor amenaza para la ciberseguridad [Super Fact: Employees are the biggest threat to cybersecurity]. Available in: https://www.iniseg.es/blog/ciberseguridad/super-dato-los-empleados-son-la-mayor-amenaza-para-la-ciberseguridad/
Mierzwa S and Scott J. Cybersecurity in Non-Profit and Non-Governmental Organizations. Institute for Critical Infrastructure Technology. February, 2017. Available in: https://www.researchgate.net/profile/Stan_Mierzwa/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations/links/58b5672f92851ca13e52a312/Cybersecurity-in-Non-Profit-and-Non-Governmental-Organizations.pdf
PwC. Global State of Information Security Survey (GSISS). 2017. Available in: https://www.pwc.ru/en/publications/gsiss-2017.html