Cybersecurity
Discover Cybersecurity basics & practical insights with our informative posts. Stay updated with the latest trends.
Search inside The Magazine
Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?
Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.
That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.
Ransomware: The Basics
Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.
Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:
You click on a malicious link.
Your device downloads the malware.
Your system is now infected, and somebody else is essentially in charge.
They encrypt your data and demand you pay ransom for the encryption key to get it back.
As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.
Ransomware as a Service
Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.
As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.
The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.
How Has AI Affected Ransomware?
Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.
AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.
How so?
Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.
AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.
Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.
How to Prevent Ransomware Attacks
Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.
1. Keep Your Systems Updated
When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.
Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.
Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.
2. Invest in Quality Training
Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.
These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.
3. Implement Defensive Systems
Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.
However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.
4. Implement Network Segmentation
As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.
As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.
So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.
5. Collaborate With Others
Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”
That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”
Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).
In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.
Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.
Why?
Because paying the ransom often won’t solve any problems.
As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.
So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.
6. Invest in Backups and Disaster Recovery
According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.
That’s precisely what Tom has experienced working with many small and medium-sized businesses.
He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.
According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.
Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).
Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.
Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!
The Importance of Cybersecurity Specialists
Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.
That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.
There are currently few things that worry CEOs worldwide as much as geopolitics. Cybersecurity is undoubtedly one of them. But what happens when you combine geopolitical conflicts and cyber threats?
Geopolitical cyber threats, that’s what.
This lethal combination threatens to disrupt economies, destabilize governments, and shatter global stability. That’s why it must be met with an ironclad cybersecurity strategy.
But what does that strategy entail?
That’s for Tom Vazdar and Venicia Solomons to answer. Tom is the chair of the Master’s Degree in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT). Venicia is a seasoned cybersecurity architect and advocate who has rightfully earned the nickname “the Cyber Queen.”
Here’s what these two esteemed cyber professionals have to say about geopolitical cyber threats in their highly informative master class titled “Cyber Threat Landscape 2024: Navigating New Risks.”
What Are Geopolitical Cyber Threats?
Geopolitical threats refer to cyberattacks (or campaigns) driven by political motives. These attacks are often conducted by state-sponsored actors and have a specific strategic goal in mind.
For instance, Iran-backed hackers have recently been targeting U.S. water systems, aiming to disrupt Israeli-made equipment globally. This example also perfectly illustrates the targets of geopolitical cyberattacks – critical infrastructure, government systems, military networks, and other relevant entities.
But don’t jump to conclusions – the private sector isn’t immune to such attacks.
Cybercriminals have also targeted private companies to steal intellectual property, disrupt operations, or extort money. However, what differentiates these attacks from other cyberattacks is the motivation behind them.
Whether it’s through espionage, sabotage, or disinformation, geopolitical cyber threats always aim to achieve a political or strategic advantage for the attacker.
How Do State-Sponsored Cyber Threats Differ From Other Cyberattacks?
In their master class, Tom and Venicia specifically focus on state-sponsored cyber threats, even though they aren’t the only type of geopolitical cyber threats. Why? Because they’re the most advanced and sophisticated cyber threats.
As Venicia puts it, state-sponsored cyberattacks involve “specialist hacking techniques,” “stealthy behavior,” and “stealthy execution.” That’s why the consequences of these attacks are often only seen after significant damage has been done.
This leads us to another distinctive characteristic of state-sponsored cyberattacks – they typically involve long-term execution.
You see, other forms of cyberattacks usually want to reach their goal as soon as possible. For instance, a ransomware attack will infiltrate your system, and the hacker will ask for ransom straight away.
A state-sponsored cyberattack, on the other hand, usually plays the long game. That’s why they’re considered an advanced persistent threat (APT). Remaining undetected for a long time allows these threats to collect lots of critical data and perform long-term espionage.
Tom adds that the goal of these cyberattacks is another important distinction. As mentioned, they usually have a strategic goal in mind. “Regular” cyber threats, in contrast, typically only aim for financial profit.
Why Is Geopolitical Cybersecurity Important?
For the most part, traditional warfare was limited to three battlefields – the land, the air, and the sea. However, as Tom points out, two vital battlefields have joined the fray – space and cyberspace.
Sure, threats in cyberspace aren’t overtly visible like those on land, air, or sea. However, they can be just as devastating, if not more so – especially if they’re geopolitical cyber threats.
Here’s how Tom and Venicia break down the importance of geopolitical cybersecurity.
Protecting Against Espionage
As mentioned, espionage is one of the leading types of geopolitical cyberattacks. Since espionage aims to collect as much valuable information as possible, these attacks are typically highly refined, which allows them to remain undiscovered for months on end.
Venicia points out that the recent geopolitical tensions have led to increased cyber espionage. That’s what makes solid geopolitical cybersecurity more important than ever. Let one intruder into your network, and you’re essentially giving away all your classified information (past, present, and future).
Avoiding Manipulation
2024 is an election year. This means that “influence operations, disinformation operations, [and] deep fake operations” will run more rampant than ever, as Tom warns. Ultimately, these operations aim to shape public opinion and undermine trust in democratic institutions. These outcomes are never desirable, let alone during such a crucial time.
That’s where cybersecurity comes into play.
These measures help secure digital platforms, detect (and remove) false information, and (in this specific scenario) safeguard electoral systems.
Protecting the Economy
As mentioned, geopolitical cyberattacks aren’t typically done for financial gain. However, they can still cause massive financial losses. How? By targeting “public organizations and private entities that make a large contribution to a country’s economy,” as Venicia explains.
And a world that’s still reeling from the effects the COVID-19 pandemic had on the global economy can’t possibly handle another major disruption. That’s why any similar threat should never be taken lightly.
How to Combat Geopolitical Cyber Threats
Now that you know why geopolitical cyber threats must be combatted, let’s discuss how this can be done.
Keep All Aspects in Mind
There are numerous factors that go into protecting against geopolitical cyber threats. But for this protection to actually work, all these factors must be considered when devising a defense strategy.
For starters, this means protecting all critical infrastructure sectors. Tom lists just some of them –financial services, healthcare and public health, and transportation systems. However, one thing applies to all critical infrastructure sectors – they aren’t “independent islands,” as Tom puts it.
They’re all part of a larger ecosystem.
Each sector can only be protected if there’s a holistic approach to cybersecurity, one that considers interdependencies between sectors and the potential cascading effects of cyber disruptions. This way, in case of a cyberattack, every sector can provide support and respond effectively to minimize the impact.
Foster Collaboration
The collaborative approach shouldn’t only apply to critical infrastructure sectors. All stakeholders, including government agencies, cybersecurity experts, and the private sector, must work together to address geopolitical threats effectively.
This collaboration can take many forms.
However, Tom highlights the three most important ones on the global level – sharing intelligence, developing international norms and agreements, and establishing cybersecurity alliances.
Our experts list some of the most useful alliances and resources in this regard:
- The No More Ransom Project helps organizations combat ransomware attacks by providing decryption keys, thus returning their vital information.
- Public-Private Partnerships (PPPs) worldwide allow for sharing cyber threat intelligence among industry partners to improve defenses collectively.
- The Budapest Convention on Cybercrime sets out international standards for combating cybercrime, promoting cooperation among countries to tackle cyber threats effectively.
Focus on Critical Infrastructure
By now, one thing’s clear – protecting critical infrastructure against geopolitical cyber threats is paramount.
According to Tom, collaboration plays a key role here as well. In his words, “The only way to protect [critical infrastructure] is that collaborative effort between government and the private sector because they cannot go without each other; they have to work together.”
Implement a Robust Cybersecurity Framework
A comprehensive and collaborative approach to combating geopolitical threats is just the preamble. The implementation of a robust cybersecurity framework is where the actual protection starts. Of course, these systems should be based on the intelligence collected through collaboration and education.
However, the system itself is just as important. After all, protecting critical infrastructure and other elements of similar importance requires more than just traditional anti-virus software!
According to Tom, a comprehensive cybersecurity framework will comprise four elements – threat detection, response tools, regular security assessments, and training. The specifics will vary by organization, and every relevant employee should be familiar with them.
Tom also emphasizes the importance of adopting a multi-layer approach to cybersecurity defenses. This way, even if one layer is breached, others will provide protection and prevent a total collapse of the system.
Stay Vigilant
Organizations should always be on the lookout for an uptick in suspicious activities, especially during times of geopolitical conflicts. This vigilance includes monitoring network traffic for anomalies, conducting regular security audits, and staying on top of the latest cyber threats and—let’s face it—the latest geopolitical conflicts.
Train Your Employees
The importance of thorough cybersecurity education can’t be understated. After all, employees are usually the first line of defense against cyber threats. So, they should be trained to handle the information system properly within the organization. They should know what to do and what not to do before, during, and after a geopolitical cyberattack.
However, there’s another type of employee crucial for the strength of cybersecurity within an organization – cybersecurity professionals themselves.
These individuals must be on top of their game at all times. One way to ensure this is to only hire professionals with ample experience and education. For instance, completing a renowned Master’s program like OPIT’s Enterprise Cybersecurity should be a huge green flag for any employer. It signals a strong commitment to cybersecurity excellence and a deep understanding of the latest trends and techniques in the field.
Invest in the education and professional development of your employees, and you stand a chance against the ever-evolving landscape of cyber threats, geopolitical and beyond.
Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.
So, what can be done about these cyber threats now?
That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”
They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.
Human-Centric Cyber Threats 101
Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?
As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.
The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.
How Has AI Impacted Human-Centric Cyber Threats?
AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.
As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.
In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”
In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.
These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.
Unfortunately, it doesn’t stop there.
As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.
How to Counter AI-Powered Human-Centric Cyber Threats
Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.
Enhancing Email Security Measures
The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.
Tom provides a brief overview of how you can do this.
No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.
No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.
And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.
Keeping Up With System Updates
Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.
Top of Form
Nurturing a Culture of Skepticism
The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.
At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”
Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.
They should always ask themselves – who is sending this, and why are they doing so?
This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.
Growing the Cybersecurity Culture
The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.
Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.
According to Tom, it will probably take at least 18 months before these results start to show.
During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.
However, this strong interdepartmental relationship is important for another reason.
As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”
Staying Educated
The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.
The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.
Conducting Regular Training
For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.
Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.
But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.
However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.
So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.
Following in the Competitors’ Footsteps
When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.
However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.
Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.
Stay Vigilant
It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.
So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.
There’s no doubt about it – artificial intelligence has revolutionized almost every aspect of modern life. Healthcare, finance, and manufacturing are just some of the sectors that have been virtually turned upside down by this powerful new force. Cybersecurity also ranks high on this list.
But as much as AI can benefit cybersecurity, it also presents new challenges. Or – to be more direct –new threats.
To understand just how serious these threats are, we’ve enlisted the help of two prominent figures in the cybersecurity world – Tom Vazdar and Venicia Solomons. Tom is the chair of the Master’s Degree in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT). Venicia, better known as the “Cyber Queen,” runs a widely successful cybersecurity community looking to empower women to succeed in the industry.
Together, they held a master class titled “Cyber Threat Landscape 2024: Navigating New Risks.” In this article, you get the chance to hear all about the double-edged sword that is AI in cybersecurity.
How Can Organizations Benefit From Using AI in Cybersecurity?
As with any new invention, AI has primarily been developed to benefit people. In the case of AI, this mainly refers to enhancing efficiency, accuracy, and automation in tasks that would be challenging or impossible for people to perform alone.
However, as AI technology evolves, its potential for both positive and negative impacts becomes more apparent.
But just because the ugly side of AI has started to rear its head more dramatically, it doesn’t mean we should abandon the technology altogether. The key, according to Venicia, is in finding a balance. And according to Tom, this balance lies in treating AI the same way you would cybersecurity in general.
Keep reading to learn what this means.
Top of Form
Implement a Governance Framework
In cybersecurity, there is a governance framework called ISO/IEC 27000, whose goal is to provide a systematic approach to managing sensitive company information, ensuring it remains secure. A similar framework has recently been created for AI— ISO/IEC 42001.
Now, the trouble lies in the fact that many organizations “don’t even have cybersecurity, not to speak artificial intelligence,” as Tom puts it. But the truth is that they need both if they want to have a chance at managing the risks and complexities associated with AI technology, thus only reaping its benefits.
Implement an Oversight Mechanism
Fearing the risks of AI in cybersecurity, many organizations chose to forbid the usage of this technology outright within their operations. But by doing so, they also miss out on the significant benefits AI can offer in enhancing cybersecurity defenses.
So, an all-out ban on AI isn’t a solution. A well-thought-out oversight mechanism is.
According to Tom, this control framework should dictate how and when an organization uses cybersecurity and AI and when these two fields are to come in contact. It should also answer the questions of how an organization governs AI and ensures transparency.
With both of these frameworks (governance and oversight), it’s not enough to simply implement new mechanisms. Employees should also be educated and regularly trained to uphold the principles outlined in these frameworks.
Control the AI (Not the Other Way Around!)
When it comes to relying on AI, one principle should be every organization’s guiding light. Control the AI; don’t let the AI control you.
Of course, this includes controlling how the company’s employees use AI when interacting with client data, business secrets, and other sensitive information.
Now, the thing is – people don’t like to be controlled.
But without control, things can go off the rails pretty quickly.
Tom gives just one example of this. In 2022, an improperly trained (and controlled) chatbot gave an Air Canada customer inaccurate information and a non-existing discount. As a result, the customer bought a full-price ticket. A lawsuit ensued, and in 2024, the court ruled in the customer’s favor, ordering Air Canada to pay compensation.
This case alone illustrates one thing perfectly – you must have your AI systems under control. Tom hypothesizes that the system was probably affordable and easy to implement, but it eventually cost Air Canada dearly in terms of financial and reputational damage.
How Can Organizations Protect Themselves Against AI-Driven Cyberthreats?
With well-thought-out measures in place, organizations can reap the full benefits of AI in cybersecurity without worrying about the threats. But this doesn’t make the threats disappear. Even worse, these threats are only going to get better at outsmarting the organization’s defenses.
So, what can the organizations do about these threats?
Here’s what Tom and Venicia suggest.
Fight Fire With Fire
So, AI is potentially attacking your organization’s security systems? If so, use AI to defend them. Implement your own AI-enhanced threat detection systems.
But beware – this isn’t a one-and-done solution. Tom emphasizes the importance of staying current with the latest cybersecurity threats. More importantly – make sure your systems are up to date with them.
Also, never rely on a single control system. According to our experts, “layered security measures” are the way to go.
Never Stop Learning (and Training)
When it comes to AI in cybersecurity, continuous learning and training are of utmost importance – learning for your employees and training for the AI models. It’s the only way to ensure all system aspects function properly and your employees know how to use each and every one of them.
This approach should also alleviate one of the biggest concerns regarding an increasing AI implementation. Namely, employees fear that they will lose their jobs due to AI. But the truth is, the AI systems need them just as much as they need those systems.
As Tom puts it, “You need to train the AI system so it can protect you.”
That’s why studying to be a cybersecurity professional is a smart career move.
However, you’ll want to find a program that understands the importance of AI in cybersecurity and equips you to handle it properly. Get a master’s degree in Enterprise Security from OPIT, and that’s exactly what you’ll get.
Join the Bigger Fight
When it comes to cybersecurity, transparency is key. If organizations fail to report cybersecurity incidents promptly and accurately, they not only jeopardize their own security but also that of other organizations and individuals. Transparency builds trust and allows for collaboration in addressing cybersecurity threats collectively.
So, our experts urge you to engage in information sharing and collaborative efforts with other organizations, industry groups, and governmental bodies to stay ahead of threats.
How Has AI Impacted Data Protection and Privacy?
Among the challenges presented by AI, one stands out the most – the potential impact on data privacy and protection. Why? Because there’s a growing fear that personal data might be used to train large AI models.
That’s why European policymakers sprang into action and introduced the Artificial Intelligence Act in March 2024.
This regulation, implemented by the European Parliament, aims to protect fundamental rights, democracy, the rule of law, and environmental sustainability from high-risk AI. The act is akin to the well-known General Data Protection Regulation (GDPR) passed in 2016 but exclusively targets the use of AI. The good news for those fearful of AI’s potential negative impact is that every requirement imposed by this act is backed up with heavy penalties.
But how can organizations ensure customers, clients, and partners that their data is fully protected?
According to our experts, the answer is simple – transparency, transparency, and some more transparency!
Any employed AI system must be designed in a way that doesn’t jeopardize anyone’s privacy and freedom. However, it’s not enough to just design the system in such a way. You must also ensure all the stakeholders understand this design and the system’s operation. This includes providing clear information about the data being collected, how it’s being used, and the measures in place to protect it.
Beyond their immediate group of stakeholders, organizations also must ensure that their data isn’t manipulated or used against people. Tom gives an example of what must be avoided at all costs. Let’s say a client applies for a loan in a financial institution. Under no circumstances should that institution use AI to track the client’s personal data and use it against them, resulting in a loan ban. This hypothetical scenario is a clear violation of privacy and trust.
And according to Tom, “privacy is more important than ever.” The same goes for internal ethical standards organizations must develop.
Keeping Up With Cybersecurity
Like most revolutions, AI has come in fast and left many people (and organizations) scrambling to keep up. However, those who recognize that AI isn’t going anywhere have taken steps to embrace it and fully benefit from it. They see AI for what it truly is – a fundamental shift in how we approach technology and cybersecurity.
Those individuals have also chosen to advance their knowledge in the field by completing highly specialized and comprehensive programs like OPIT’s Enterprise Cybersecurity Master’s program. Coincidentally, this is also the program where you get to hear more valuable insights from Tom Vazdar, as he has essentially developed this course.
In the digital age, virtually every aspect of people’s lives is connected through digital channels. On the positive side, this allows instant communication and information access, as well as global connectivity. But this connectivity also introduces a myriad of risks, with cybersecurity threats chief among them.
In such an environment, protecting sensitive information and critical infrastructure has never been more crucial. And yet, the cybersecurity industry is short 4 million workers.
That’s why we invited Tom Vazdar, the program chair of the Master in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT), to shed light on cybersecurity’s critical role in safeguarding our interconnected world. Professor Vazdar will also walk us through the Enterprise Cybersecurity Master’s program at OPIT, explaining what makes it stand out among similar programs.
With extensive experience in various industries (like finance and manufacturing) and countless successful cybersecurity strategies, risk management frameworks, and compliance initiatives under his belt, Professor Vazdar is truly the one to consult. His take on the pressing challenges (and solutions) within the cybersecurity field is invaluable for future students and those already in the industry.
The Current State of Cybersecurity
As Professor Vazdar puts it, “We are living in an era where digital transformation is accelerating.” So, it’s not surprising that new trends (and challenges) continue to emerge in the field. Here’s what Professor Vazdar has to say about them.
Cyberattacks Are Increasing
According to the ISACA’s 2023 State of Cybersecurity report, 48% of organizations reported an increase in cyberattacks compared to the year prior. Professor Vazdar says that this primarily has to do with the increasing complexity of cyberthreats. Simply put, organizations can’t keep up with the escalating sophistication of these threats, resulting in their increased frequency.
But there’s another element to this alarming increase in the number of cyberattacks – a lack of transparency. You see, Professor Vazdar claims that many organizations are believed to underreport cyberattacks. Such underreporting might be due to concerns about reputational damage or regulatory consequences. Either way, it’s exceptionally harmful to the industry, as it hinders the ability to collaborate on developing effective countermeasures and strengthening collective cybersecurity defenses.
Cybersecurity Lacks Workers
As previously mentioned, the cybersecurity industry is experiencing a severe staffing challenge. Interestingly, this doesn’t mean the number of cybersecurity professionals is decreasing. It’s quite the opposite, really.
In 2023, the global cybersecurity workforce grew 8.7% to reach 5.5 million people, a record high. And yet, another 4 million professionals are needed to meet the escalating demand for cybersecurity. If there has ever been a stat to prove just how critical cybersecurity is, this undoubtedly does it.
New Technologies Are Constantly Adopted
Artificial intelligence. Machine learning. Cloud computing. Internet of Things. Blockchain technology. These are just some of the technologies Professor Vazdar singles out as transformative forces reshaping cybersecurity.
On the one hand, these technologies have the power to enhance threat detection and cybersecurity response. On the other, they can also introduce new vulnerabilities and threats, such as data poisoning. The worst part? We’ll let Professor Vazdar explain it:
“All of this has come in a really short period of time, and we, as people, are actually struggling to learn about all these new technologies.”
That’s why he emphasizes the need for continual education in the field, as this is the only way to stay ahead of the curve.
Cybersecurity Strategies Are Becoming Proactive and Predictive
Here’s how it used to be in the cybersecurity world, according to Professor Vazdar: A new massive threat would emerge every few years, affecting the whole world. In the aftermath, you would scramble a team together and work tirelessly for a few days to develop a patch or a solution.
As you can imagine, this approach is hardly viable in today’s oversaturated cybersecurity landscape. That’s why “we’re seeing a shift toward more proactive and more predictive security strategies,” as Professor Vazdar puts it.
Cyberpsychology Is Gaining Importance
Cyberpsychology is by no means a new concept. According to Professor Vazdar, this term was first used in 2008 by Professor Zheng Yan. However, its significance has grown exponentially in recent years. This field of study shifts the focus from the cyberthreat to the cyberattacker.
Its goal is to understand what these malicious actors are doing and why. The result? “We, as humans, know how to defend [ourselves].”
According to Professor Vazdar, this is the third (and most important) layer of defense against cyberthreats. The first concerns the physical environment (i.e., the computer and information systems), while the second is a logical layer that “connects everything together.”
No One Is Immune to Cyberthreats
There’s a common misconception that smaller organizations and individuals aren’t “appealing” to hackers and other malicious actors. However, this couldn’t be further from the truth. No one is immune to cyberthreats, as cybercriminals always have something to gain (regardless of the target’s size or perceived importance).
That’s why investing in cybersecurity is crucial, whether you work for a small IT team or a huge company or just use technology in your day-to-day life.
Why Continuous Education Matters in Cybersecurity
There’s no doubt about it – cybersecurity should be a top priority for everyone in the industry and beyond. But as Professor Vazdar has underscored, what was effective in cybersecurity yesterday might not be sufficient today.
That’s why he emphasizes that “it’s important to get educated [now] more than ever.”
After all, there’s a single constant in the ever-changing cybersecurity field – humans as a crucial line of defense. The more people get educated, the more resilient the protection against cyberthreats becomes.
Why Pursue a Master’s Degree in Cybersecurity at OPIT
One of the postgraduate programs offered by OPIT is the Master of Science (MSc) in Enterprise Cybersecurity. This program is fully remote and can be completed in 12 to 18 months. But enough with the logistics – what makes this program the right choice for getting the much-needed education mentioned above?
Given that he practically shaped this program, Professor Vazdar is the best person to ask this question. He shares with us what makes this program uniquely positioned to prepare students for all the cybersecurity challenges he has touched on in this article.
A Comprehensive Curriculum
According to Professor Vazdar, the first thing that sets this program apart is “the curriculum depth and breadth.” This program covers various topics, from cybersecurity fundamentals (the first module) to advanced areas like AI-driven cybersecurity (the second module).
In other words, this program guarantees two things – a solid cybersecurity foundation and a deep dive into specialized topics. This focus makes it ideal for individuals seeking a well-rounded education in corporate cybersecurity, regardless of their previous experience in the field.
A Unique Structure
Unlike most programs in the industry, OPIT’s Enterprise Cybersecurity program doesn’t solely focus on the technical aspects of cybersecurity. But it doesn’t only dive into the managerial aspect of it either. Instead, it gives you just the “right blend of knowledge,” as Professor Vazdar puts it. Thanks to this approach, you can start working immediately after completing the program. After all, you’re all set skill-wise!
Alignment With Industry Certifications
Industry-standard certifications are becoming increasingly important, as most employers prioritize them when hiring new people. If you’re considering a career in cybersecurity, you’ll be happy to know that OPIT’s Enterprise Cybersecurity program is fully aligned with industry certifications like the Certified Information Systems Security Professional (CISSP). As Professor Vazdar puts it, this ensures that OPIT graduates are “not only academically proficient but that they’re also industry-ready.”
It’s also important to note that this program is internationally recognized and ECTS-accredited by the European Agency for Higher Education and Accreditation.
An Emphasis on Practical Applications
The Enterprise Cybersecurity program places a strong emphasis on practical applications. After all, this is the only way for OPIT students to be industry-ready upon graduating. That’s why the entire third module of the program is dedicated to a Capstone project, a hands-on endeavor that also serves as your dissertation.
A Supportive Environment
One of the aspects of studying at OPIT we’re most proud of is our carefully crafted support team. From the class coordinator to the career advisors, everyone at OPIT has a single goal – to help you succeed.
To this end, all the professors in the Enterprise Cybersecurity program (and beyond) are either academics or experienced professionals with plenty of valuable insights “from the forefront of cybersecurity.”
This course includes interactive lessons, live lectures, and private mentoring sessions, ensuring you never feel alone or isolated at OPIT.
Unparalleled Flexibility
One of the primary reasons for choosing online studying is its incredible flexibility. But OPIT takes this aspect to another level. Besides dictating your own study pace, OPIT lets you choose from several elective courses, allowing you to tailor your learning to your interests and career goals. Professor Vazdar singles out the following courses as the most appealing in terms of what this article has discussed:
- Behavioral Cybersecurity
- Secure Software Development
- AI-Driven Forensic Analysis in Cybersecurity
Give Yourself a Competitive Edge With OPIT
OPIT’s Master of Science in Enterprise Cybersecurity program does much more than educate students. It also prepares them for the future, allowing them to become leaders in cybersecurity. As Professor Vazdar puts it, “Our graduate students will be well-equipped to tackle current and future cybersecurity challenges in different sectors.” And given just how quickly these challenges evolve, you can’t really put a price on such preparation (and education).
So, get in touch with our team of experts to give yourself a competitive edge in the dynamic field of cybersecurity.
What does an average day look like for somebody working in cybersecurity?
That isn’t an easy question to answer when you consider the vastness of the field. Somebody who works in cybersecurity needs to stay constantly abreast of industry changes – especially new attacks cooked up by cybercriminals – and help their employers create and tweak their security plans.
However, thanks to Tom
, who has developed the Open Institute of Technology’s (OPIT’s) Master’s Degree in Enterprise Cybersecurity, we can provide some insight into what your average day may look like.Who Is Tom
?Serving as the Program Chair of OPIT’s upcoming Master’s Degree in Cybersecurity, Tom brings a vast amount of practical experience to the table. His work has spanned the globe. Tom has been employed as the Chief Security Officer for a major Croatian bank, in addition to serving as the Chief Information Officer for a company in the United States’ manufacturing sector.
His practical experience spans other industries – including technology and finance – and he’s currently completing a doctorate while running his own practice. Tom’s specialty is the behavioral aspect of cybersecurity. His deep understanding of the “culture” that surrounds the field has been shaped by his work on development strategies, policies, and frameworks for his past employers.
The Importance of Trends
The first thing Tom highlights is that a cybersecurity professional has to follow the trends in the industry. As he points out: “We are living in an era where digital transformation is accelerating, and with it, the complexity and frequency of cyber threats are also increasing.” To demonstrate this, he points to an ISACA report published in 2023 showing that cyber attacks have increased 48% in 2023 compared to 2022. More worryingly, 62% of the organizations that experience these attacks underreport them – an indication that many simply don’t have the talent to truly understand the threat they face.
As a cybersecurity professional, your role is to provide the expertise such companies are sorely lacking.
Thankfully, many business leaders understand that they need this expertise. Tom points out that 59% of leaders say they’re understaffed in the cyber department, leading to a rising demand for people with the following technical skills:
- Identity and access management
- Data protection
- Cloud computing
- DevSecOps (development, security, and operations)
Furthermore, Tom says that artificial intelligence (AI) is completely transforming the cybersecurity industry. While AI is often beneficial to professionals in the field – it can enhance threat detection and response – it is also a danger. Malicious entities can use AI to conduct a new wave of attacks, such as data poisoning, for which you need to be prepared as a cybersecurity professional.
Tom’s discussion of these emerging trends highlights one of the most critical aspects of a day in the life of a cybersecurity professional – learning is key. There is no such thing as static knowledge because the industry (and the attacks your company may face) constantly evolve.
An Average Day Broken Down
Now that you understand how important staying on top of the ever-changing trends in cybersecurity is for those in the field, it’s possible to break things down a little further. On an average day, you may find yourself working on any, some, or even all of the following tasks.
Developing and Maintaining a Cybersecurity Strategy
Given that such a large number of business leaders are understaffed and have minimal access to appropriate talent, you’ll often be tasked with creating and maintaining a company’s cybersecurity strategy.
This strategy is not as simple as creating a collection of actions to take in the event of an attack.
Tom emphasizes not only the importance of proactivity, but also of integrating a cybersecurity strategy into the wider business strategy. “It becomes part of the mission and vision,” he says. “After all, there are two things that are important to companies – their data and customer trust. If you lose customer trust, you lose your business. If you lose your data, you lose your business.”
As a technically adept professional, you’ll be tasked with building a strategy that grows ever more complex as the threats the company faces become more advanced. New technologies – such as AI and machine learning – will be used against you, with your main task being to ensure the strategy you create can fend off such technologically-empowered attacks.
The Simpler Day-to-Day
Now, let’s move away from the complexities of developing an overarching plan and go into more detail about daily responsibilities. A cybersecurity professional is usually tasked with dealing with the day-to-day maintenance of systems.
It’s all about control.
Tom says that much of the role involves proactively identifying new protective measures. For instance, software patching is key – outdated software has vulnerabilities that a hacker can exploit. You’ll need to stay up to date on the development of patches for the software your company uses and, crucially, implement those patches as soon as they’re available.
Creating regular backups is also part of this day-to-day work. It’s an area that many businesses neglect – perhaps assuming that nothing bad can happen to them – but a backup will be a lifesaver if a hacker compromises your company’s main data stores.
Tending to Your Ecosystem
It’s not simply your own institution that you must maintain as a cybersecurity professional – everyone who interacts with that institution must also be managed. Vendors, external software developers, and any other part of your supply chain need to be as risk-aware as your business. As Tom puts it: “If they don’t care about vulnerabilities in their system, and they work for you as a company, then you’ll have an issue because their risk suddenly becomes your risk.”
As such, managing the cyber security aspect of your company’s relationships with its partners is a vital part of your duties. You may engage in planning with those partners, helping them improve their practices, or cooperate with them to create strategies encompassing your entire supply chain.
Continued Education
Tom goes on to highlight just how important continued education is to the success of a cybersecurity professional. “It’s always interesting. And if you’re really passionate about it, cybersecurity becomes your lifestyle,” he says. “You want to see what’s new. What are the new attack methods, what are your competitors doing, and what is new on the market.”
He points to a simple example – phishing emails.
These emails – which were traditionally laden with spelling errors that made them easier to spot – are becoming increasingly hard to detect thanks to the use of AI. They’re written better. Failure to understand and adapt to that fact could make it harder to educate yourself and the people in your company.
Your average day may also involve educating your colleagues about upcoming threats and new attack methods they need to understand. The phishing example Tom shares applies here. Any email that looks somewhat legitimate is a threat, so continued education of your colleagues is essential to stop that threat from having its intended effect.
An Example of a Typical Project
Given how vast the cybersecurity field is, the range of projects you may work on will vary enormously. However, Tom provides an example of when he worked in the banking industry and saw the rise of the Zeus Botnet.
In this case, his responsibilities were twofold.
First – finding a way to defend against botnet attacks. That involved researching the malware to figure out how it spread, allowing him to put protective measures in place to prevent that spread. The second task involved creating educational programs, both for employees and his bank’s clients, to make them aware of the Zeus Botnet.
Here, we see the education part of the cybersecurity professional’s “average day” coming into play, complementing the more technical aspects of dealing with malware. We even see supply chain risk coming into play – each client is part of the bank’s supply chain, meaning they need to understand how to defend themselves just as much as the bank does.
The Qualifications Needed to Work in Cybersecurity
With a multitude of cybersecurity qualifications available – many covering specific niches – it’s tough to find the appropriate one to make you attractive to an employer. That’s where Tom’s work with OPIT comes in. The master’s degree that he’s developing not only focuses on the technical skills a professional needs but places those skills in a business context.
The upcoming course will offer electives in subjects such as AI, cloud security, and IoT security, granting students flexibility to pursue a specialization within their degree. The overall program is also closely aligned to industry certifications – such as those offered by CISSP – to ensure graduates are as industry-ready as they are academically qualified.
The intention, Tom says, is to fill the skills gap that 3 million businesses say they have in cybersecurity. The program provides the right blend of knowledge between technical and managerial skills, in addition to allowing students to pursue subjects of particular interest to them.
Ultimately, it doesn’t teach absolutely everything that you could learn about the industry. No course can. But it does equip you with key foundational knowledge aligned with industry certifications that make you more employable. That, combined with your continued education and completion of relevant certifications once you’re employed, means you have an enormous opportunity to build a successful cybersecurity career with OPIT.
So, the qualifications needed for the industry start with a relevant degree. They then blossom out. Professionals focus on courses that meet the specific requirements of their roles so that they learn the cybersecurity techniques that are most effective for their needs.
Have questions?
Visit our FAQ page or get in touch with us!
Write us at +39 335 576 0263
Get in touch at hello@opit.com
Talk to one of our Study Advisors
We are international
We can speak in: