The Magazine
👩‍💻 Welcome to OPIT’s blog! You will find relevant news on the education and computer science industry.
Search inside The Magazine
Written on April 25th 2024
Source here: Times of IndiaÂ
The job market has never been a straightforward path. Ask anyone who has ever looked for a job, certainly within the last decade, and they can tell you as much. But with the rapid development of AI and machine learning, concerns are growing for people about their career options, with a report from Randstad finding that 7 in 10 people in India are concerned about their job being eliminated by AI.
 Employers have their own share of concerns. According to The World Economic Forum, 97 million new AI-related jobs will be created by 2025 and the share of jobs requiring AI skills will increase by 58%. The IT industry in India is experiencing a tremendous surge in demand for skilled professionals on disruptive technologies like artificial intelligence, machine learning, blockchain, cybersecurity and, according to Nasscom, this is leading to a shortage of 600,000 profiles.
 So how do we fill those gaps? Can we democratize access to top-tier higher education in technology?
These are the questions that Riccardo Ocleppo, the engineer who founded a hugely successful ed-tech platform connecting international students with global Universities, Docsity, asked himself for years. Until he took action and launched the Open Institute of Technology (OPIT), together with the Former Minister of Education of Italy, Prof. Francesco Profumo, to help people take control of their future careers.
OPIT offers BSc and MSc degrees in Computer Science, AI, Data Science, Cybersecurity, and Digital Business, attracting students from over 38 countries worldwide. Through innovative learning experiences and affordable tuition fees starting at €4,050 per year, OPIT empowers students to pursue their educational goals without the financial and personal burden of relocating.
The curriculum, delivered through a mix of live and pre-recorded lectures, equips students with the latest technology skills, as well as business and strategic acumen necessary for careers in their chosen fields. Moreover, OPIT’s EU-accredited degrees enable graduates to pursue employment opportunities in Europe, with recognition by WES facilitating transferability to the US and Canada.
OPIT’s commitment to student success extends beyond academics, with a full-fledged career services department led by Mike McCulloch. Remote students benefit from OPIT’s “digital campus,” fostering connections through vibrant discussion forums, online events, and networking opportunities with leading experts and professors.
Faculty at OPIT, hailing from prestigious institutions and industry giants like Amazon and Microsoft, bring a wealth of academic and practical experience to the table. With a hands-on, practical teaching approach, OPIT prepares students for the dynamic challenges of the modern job market.
In conclusion, OPIT stands as a beacon of hope for individuals seeking to future-proof their careers in technology. By democratizing access to high-quality education and fostering a global learning community, OPIT empowers students to seize control of their futures and thrive in the ever-evolving tech landscape.
Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?
Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.
That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.
Ransomware: The Basics
Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.
Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:
You click on a malicious link.
Your device downloads the malware.
Your system is now infected, and somebody else is essentially in charge.
They encrypt your data and demand you pay ransom for the encryption key to get it back.
As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.
Ransomware as a Service
Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.
As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.
The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.
How Has AI Affected Ransomware?
Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.
AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.
How so?
Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.
AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.
Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.
How to Prevent Ransomware Attacks
Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.
1. Keep Your Systems Updated
When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.
Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.
Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.
2. Invest in Quality Training
Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.
These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.
3. Implement Defensive Systems
Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.
However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.
4. Implement Network Segmentation
As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.
As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.
So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.
5. Collaborate With Others
Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”
That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”
Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).
In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.
Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.
Why?
Because paying the ransom often won’t solve any problems.
As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.
So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.
6. Invest in Backups and Disaster Recovery
According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.
That’s precisely what Tom has experienced working with many small and medium-sized businesses.
He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.
According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.
Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).
Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.
Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!
The Importance of Cybersecurity Specialists
Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.
That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.
There are currently few things that worry CEOs worldwide as much as geopolitics. Cybersecurity is undoubtedly one of them. But what happens when you combine geopolitical conflicts and cyber threats?
Geopolitical cyber threats, that’s what.
This lethal combination threatens to disrupt economies, destabilize governments, and shatter global stability. That’s why it must be met with an ironclad cybersecurity strategy.
But what does that strategy entail?
That’s for Tom Vazdar and Venicia Solomons to answer. Tom is the chair of the Master’s Degree in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT). Venicia is a seasoned cybersecurity architect and advocate who has rightfully earned the nickname “the Cyber Queen.”
Here’s what these two esteemed cyber professionals have to say about geopolitical cyber threats in their highly informative master class titled “Cyber Threat Landscape 2024: Navigating New Risks.”
What Are Geopolitical Cyber Threats?
Geopolitical threats refer to cyberattacks (or campaigns) driven by political motives. These attacks are often conducted by state-sponsored actors and have a specific strategic goal in mind.
For instance, Iran-backed hackers have recently been targeting U.S. water systems, aiming to disrupt Israeli-made equipment globally. This example also perfectly illustrates the targets of geopolitical cyberattacks – critical infrastructure, government systems, military networks, and other relevant entities.
But don’t jump to conclusions – the private sector isn’t immune to such attacks.
Cybercriminals have also targeted private companies to steal intellectual property, disrupt operations, or extort money. However, what differentiates these attacks from other cyberattacks is the motivation behind them.
Whether it’s through espionage, sabotage, or disinformation, geopolitical cyber threats always aim to achieve a political or strategic advantage for the attacker.
How Do State-Sponsored Cyber Threats Differ From Other Cyberattacks?
In their master class, Tom and Venicia specifically focus on state-sponsored cyber threats, even though they aren’t the only type of geopolitical cyber threats. Why? Because they’re the most advanced and sophisticated cyber threats.
As Venicia puts it, state-sponsored cyberattacks involve “specialist hacking techniques,” “stealthy behavior,” and “stealthy execution.” That’s why the consequences of these attacks are often only seen after significant damage has been done.
This leads us to another distinctive characteristic of state-sponsored cyberattacks – they typically involve long-term execution.
You see, other forms of cyberattacks usually want to reach their goal as soon as possible. For instance, a ransomware attack will infiltrate your system, and the hacker will ask for ransom straight away.
A state-sponsored cyberattack, on the other hand, usually plays the long game. That’s why they’re considered an advanced persistent threat (APT). Remaining undetected for a long time allows these threats to collect lots of critical data and perform long-term espionage.
Tom adds that the goal of these cyberattacks is another important distinction. As mentioned, they usually have a strategic goal in mind. “Regular” cyber threats, in contrast, typically only aim for financial profit.
Why Is Geopolitical Cybersecurity Important?
For the most part, traditional warfare was limited to three battlefields – the land, the air, and the sea. However, as Tom points out, two vital battlefields have joined the fray – space and cyberspace.
Sure, threats in cyberspace aren’t overtly visible like those on land, air, or sea. However, they can be just as devastating, if not more so – especially if they’re geopolitical cyber threats.
Here’s how Tom and Venicia break down the importance of geopolitical cybersecurity.
Protecting Against Espionage
As mentioned, espionage is one of the leading types of geopolitical cyberattacks. Since espionage aims to collect as much valuable information as possible, these attacks are typically highly refined, which allows them to remain undiscovered for months on end.
Venicia points out that the recent geopolitical tensions have led to increased cyber espionage. That’s what makes solid geopolitical cybersecurity more important than ever. Let one intruder into your network, and you’re essentially giving away all your classified information (past, present, and future).
Avoiding Manipulation
2024 is an election year. This means that “influence operations, disinformation operations, [and] deep fake operations” will run more rampant than ever, as Tom warns. Ultimately, these operations aim to shape public opinion and undermine trust in democratic institutions. These outcomes are never desirable, let alone during such a crucial time.
That’s where cybersecurity comes into play.
These measures help secure digital platforms, detect (and remove) false information, and (in this specific scenario) safeguard electoral systems.
Protecting the Economy
As mentioned, geopolitical cyberattacks aren’t typically done for financial gain. However, they can still cause massive financial losses. How? By targeting “public organizations and private entities that make a large contribution to a country’s economy,” as Venicia explains.
And a world that’s still reeling from the effects the COVID-19 pandemic had on the global economy can’t possibly handle another major disruption. That’s why any similar threat should never be taken lightly.
How to Combat Geopolitical Cyber Threats
Now that you know why geopolitical cyber threats must be combatted, let’s discuss how this can be done.
Keep All Aspects in Mind
There are numerous factors that go into protecting against geopolitical cyber threats. But for this protection to actually work, all these factors must be considered when devising a defense strategy.
For starters, this means protecting all critical infrastructure sectors. Tom lists just some of them –financial services, healthcare and public health, and transportation systems. However, one thing applies to all critical infrastructure sectors – they aren’t “independent islands,” as Tom puts it.
They’re all part of a larger ecosystem.
Each sector can only be protected if there’s a holistic approach to cybersecurity, one that considers interdependencies between sectors and the potential cascading effects of cyber disruptions. This way, in case of a cyberattack, every sector can provide support and respond effectively to minimize the impact.
Foster Collaboration
The collaborative approach shouldn’t only apply to critical infrastructure sectors. All stakeholders, including government agencies, cybersecurity experts, and the private sector, must work together to address geopolitical threats effectively.
This collaboration can take many forms.
However, Tom highlights the three most important ones on the global level – sharing intelligence, developing international norms and agreements, and establishing cybersecurity alliances.
Our experts list some of the most useful alliances and resources in this regard:
- The No More Ransom Project helps organizations combat ransomware attacks by providing decryption keys, thus returning their vital information.
- Public-Private Partnerships (PPPs) worldwide allow for sharing cyber threat intelligence among industry partners to improve defenses collectively.
- The Budapest Convention on Cybercrime sets out international standards for combating cybercrime, promoting cooperation among countries to tackle cyber threats effectively.
Focus on Critical Infrastructure
By now, one thing’s clear – protecting critical infrastructure against geopolitical cyber threats is paramount.
According to Tom, collaboration plays a key role here as well. In his words, “The only way to protect [critical infrastructure] is that collaborative effort between government and the private sector because they cannot go without each other; they have to work together.”
Implement a Robust Cybersecurity Framework
A comprehensive and collaborative approach to combating geopolitical threats is just the preamble. The implementation of a robust cybersecurity framework is where the actual protection starts. Of course, these systems should be based on the intelligence collected through collaboration and education.
However, the system itself is just as important. After all, protecting critical infrastructure and other elements of similar importance requires more than just traditional anti-virus software!
According to Tom, a comprehensive cybersecurity framework will comprise four elements – threat detection, response tools, regular security assessments, and training. The specifics will vary by organization, and every relevant employee should be familiar with them.
Tom also emphasizes the importance of adopting a multi-layer approach to cybersecurity defenses. This way, even if one layer is breached, others will provide protection and prevent a total collapse of the system.
Stay Vigilant
Organizations should always be on the lookout for an uptick in suspicious activities, especially during times of geopolitical conflicts. This vigilance includes monitoring network traffic for anomalies, conducting regular security audits, and staying on top of the latest cyber threats and—let’s face it—the latest geopolitical conflicts.
Train Your Employees
The importance of thorough cybersecurity education can’t be understated. After all, employees are usually the first line of defense against cyber threats. So, they should be trained to handle the information system properly within the organization. They should know what to do and what not to do before, during, and after a geopolitical cyberattack.
However, there’s another type of employee crucial for the strength of cybersecurity within an organization – cybersecurity professionals themselves.
These individuals must be on top of their game at all times. One way to ensure this is to only hire professionals with ample experience and education. For instance, completing a renowned Master’s program like OPIT’s Enterprise Cybersecurity should be a huge green flag for any employer. It signals a strong commitment to cybersecurity excellence and a deep understanding of the latest trends and techniques in the field.
Invest in the education and professional development of your employees, and you stand a chance against the ever-evolving landscape of cyber threats, geopolitical and beyond.
Written on April 18th 2024
Source here: University 2 Business (full article in Italian)
OPIT – Open Institute of Technology was born with the aim of bridging the gap between what is taught in traditional universities and what the job market requires. Let’s discover the degree courses available.
The job market is undergoing a significant transformation that will accelerate further in the coming years. Driving this transformation is the adoption of transformative technologies such as AI, Big Data and Cloud Computing, with Cybersecurity as the “glue” necessary to guarantee the security of information and data, which increasingly represent the real asset of companies.
According to the World Economic Forum, in its “Future of Jobs 2023” report, the adoption of Artificial Intelligence (AI) is expected to create significant job turnover, with forecasts of both growth (50%) and job losses (25%). Employee training on AI and Big Data is a top priority for companies (42%), ranking third overall among professional training needs for the next five years.
As a result, AI and Machine Learning specialists are the fastest growing jobs, driven by the growing use of AI.
A 30-35% increase in demand for data-related professionals, such as analysts and data scientists, is also expected. Additionally, growing cyber threats are driving a 31% increase in demand for cybersecurity analysts, creating approximately 200,000 new jobs over the next 5 years.
Innovation in university programs transforms technology careers
Such a context of strong evolution and discontinuity places emphasis on the need for the traditional university system, especially in the technological field, of a strong update of teaching methodologies and its content, in order to be able to stay “in step with the times” and be able to adequately train new generations of professionals.
However, this poses great organizational complexities, linked to the need to update not only the programs, but also the skills and processes within the various institutions. As well as the timescales required to accredit and include new courses, which are often not aligned with the job market needs. These are problems that are not only related to the Italian market, but more generally, extend globally.
An overview of OPIT
It is in this context that OPIT – Open Institute of Technology is placed, an Academic Institution accredited by the MFHEA (Malta Further and Higher Education Authority) pursuant to the European Qualifications Framework (EQF). The academic institution was created with the aim of bridging the gap between what is taught in traditional universities and what the job market requires, while at the same time bringing various innovations in content and linked to the pedagogical model.
In an era characterized by an inevitable acceleration towards the most urgent transitions affecting society in the digital age, OPIT’s mission is to focus on quality online education in technology. The starting point is the awareness of the misalignment in the job market, between what is taught in most universities and what companies are looking for today. This so-called misalignment, accelerated by the advent of Artificial Intelligence, is generated by too much theory and an approach that lacks practice. We have identified the skills that will drive this change and have translated them into our innovative degree programs.
OPIT’s educational model stands out in the university education landscape for its emphasis on the needs of quality, flexibility and inclusiveness of the new generations. The focus on technology education allows us to offer high-level career-aligned learning with hands-on courses designed to best prepare students’ future careers: two Bachelor’s degrees in Digital Business and Modern Computer Science and four Master’s degrees in Applied Data Science & AI, Applied Digital Business, Responsible Artificial Intelligence and Enterprise Cybersecurity.
Technological careers, AI integrated into every degree path
Artificial Intelligence is a topic addressed, from different angles, in every single degree course we offer, not just in the more technical ones. For example, we teach digital business students how AI is changing the world and how to incorporate this expertise into the products they aspire to create. A fundamental integration to face the challenges of the contemporary world.
Our students have the opportunity to understand in depth the potential and applications of AI, developing a preparation oriented towards technology and innovation. The institution’s hybrid model combines a community of online students with the flexibility to accelerate or extend their academic path, thus responding to the specific needs of each one.
Written on April 11th 2024
Source here: Huffpost IT (full article in Italian)
Francesco Profumo: “Our universities are at the top thanks to a far-sighted policy”
Italy is the seventh in the world and second in Europe for university education. Interview with the professor and manager, now president of Uni-Italia: a success born from the reform of university autonomy; we realized early on that it was necessary to hybridize knowledge; we are attractive to the world; the south is also growing
Francesco Profumo, former Minister of Education, University and Research in the Monti government, was first dean of the Faculty of Engineering and then rector from 2005 to 2011 of the Polytechnic of Turin, the university from which he graduated in electrical engineering in 1977. He chaired the Compagnia di San Paolo and the Acri (Association of Foundations and Savings Banks) until March 2024 and is currently president of Uni-Italia and rector of the Open Institute of Technology.
Read full article here: Huffpost IT
Written on April 11th 2024
Source here: B&FT Online
Open Institute of Technology (OPIT), an EU-accredited online institution renowned for its expertise in Information Technology (IT) education, has unveiled plans to increase enrollment from African countries, including Nigeria, Kenya, and Ghana, for the academic year 2024.
Since its inception in 2023, OPIT has been dedicated to providing world-class education in information technology, and now, it is expanding its global reach to welcome students from diverse backgrounds across Africa.
In its inaugural year, OPIT attracted a diverse cohort of 100 students from 38 different nations, with a notable representation from Africa. A proportion of both Bachelor’s (9percent) and Master’s (7percent) students originated from African countries, demonstrating OPIT’s commitment to fostering diversity and inclusivity within its student body.
Also, a substantial percentage (40percent) of Master’s students hailed from non-STEM backgrounds, underscoring OPIT’s dedication to providing educational opportunities to individuals from diverse professional domains. OPIT’s first cohort boasted students from a wide array of industries, including consulting, tech, gaming, energy, government, financial services, agriculture, oil and gas, and education, among others. This diverse mix of backgrounds contributes to a rich and vibrant learning environment at OPIT.
In anticipation of its upcoming student intake, OPIT has implemented several enhancements to its programmes, faculty, and support services:
New and enhanced programmes
OPIT has introduced four specialized tracks for its BSc in Computer Science programme for 2024, including Cybersecurity, Data Science & AI, Software Development & Cloud Computing, and Metaverse & Gaming. Additionally, a new BSc in Digital Business has been launched, catering to students interested in blending digital business with core computer science principles.
In addition to the existing MSc Applied Data Science and Artificial Intelligence (AI) programme, OPIT now offers other Masters Degree options:
Concerning its revamped Bachelors and Masters programmes, Professor Francesco Profumo, Rector of OPIT (and former Minister of Education, University and Research of Italy) said:“In an era marked by an inevitable acceleration towards the most urgent transitions impacting society in the digital age, OPIT’s mission is to focus on quality online education in Technology.
The starting point is the awareness of the misalignment in the labor market, between what is taught in most universities and what companies are looking for today. That so-called mismatch, accelerated by the advent of AI, is generated by too much theory and too little practical approach. We have identified the skills that will guide this change and translated them into our innovative Degrees.”
Faculty expansion
The faculty at OPIT stands out as one of its greatest assets. In 2024, OPIT’s faculty members boast a diverse blend of academic and professional experiences, with stints at renowned institutions and organizations including Symantec, Microsoft, PayPal, McKinsey, MIT, Morgan Stanley, University of Edinburgh, Amazon, US Naval Research, and more. This deliberate mix ensures a well-rounded approach to training at OPIT, incorporating both scholarly expertise and real-world insights.
Speaking concerning OPIT’s faculty and teaching, Riccardo Ocleppo, Founder and Director of OPIT stated: “Our teaching model combines quality, flexibility, and cost-effectiveness. We believe that education, even if it takes place remotely, must guarantee closeness on all other aspects, starting from the support for the student throughout the period of study. We have translated into practice a new idea of higher education, radically different from the offering from traditional universities.”
“To support our approach, we have selected some of the most experienced academics and professionals in the Technology sphere. The quality of the Professors and the innovative format guarantees a tier-1 learning experience within a community of people linked by the common goal of entering the job market with up-to-date, relevant skills.”
Experiences & opportunities
OPIT offers a diverse array of global perspectives, as students and faculty come from various corners of the world. A freshly established Career Services Department aims to forge stronger connections between students and their desired industries and career paths.
Moreover, students from Africa enrolling in 2024 will enjoy the advantage of having their degrees recognized by the World Education Services (WES). This recognition translates to the potential conversion of OPIT degrees into points for immigration assessment processes in the United States and Canada in the foreseeable future.
Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.
So, what can be done about these cyber threats now?
That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”
They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.
Human-Centric Cyber Threats 101
Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?
As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.
The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.
How Has AI Impacted Human-Centric Cyber Threats?
AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.
As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.
In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”
In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.
These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.
Unfortunately, it doesn’t stop there.
As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.
How to Counter AI-Powered Human-Centric Cyber Threats
Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.
Enhancing Email Security Measures
The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.
Tom provides a brief overview of how you can do this.
No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.
No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.
And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.
Keeping Up With System Updates
Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.
Top of Form
Nurturing a Culture of Skepticism
The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.
At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”
Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.
They should always ask themselves – who is sending this, and why are they doing so?
This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.
Growing the Cybersecurity Culture
The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.
Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.
According to Tom, it will probably take at least 18 months before these results start to show.
During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.
However, this strong interdepartmental relationship is important for another reason.
As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”
Staying Educated
The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.
The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.
Conducting Regular Training
For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.
Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.
But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.
However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.
So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.
Following in the Competitors’ Footsteps
When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.
However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.
Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.
Stay Vigilant
It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.
So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.
There’s no doubt about it – artificial intelligence has revolutionized almost every aspect of modern life. Healthcare, finance, and manufacturing are just some of the sectors that have been virtually turned upside down by this powerful new force. Cybersecurity also ranks high on this list.
But as much as AI can benefit cybersecurity, it also presents new challenges. Or – to be more direct –new threats.
To understand just how serious these threats are, we’ve enlisted the help of two prominent figures in the cybersecurity world – Tom Vazdar and Venicia Solomons. Tom is the chair of the Master’s Degree in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT). Venicia, better known as the “Cyber Queen,” runs a widely successful cybersecurity community looking to empower women to succeed in the industry.
Together, they held a master class titled “Cyber Threat Landscape 2024: Navigating New Risks.” In this article, you get the chance to hear all about the double-edged sword that is AI in cybersecurity.
How Can Organizations Benefit From Using AI in Cybersecurity?
As with any new invention, AI has primarily been developed to benefit people. In the case of AI, this mainly refers to enhancing efficiency, accuracy, and automation in tasks that would be challenging or impossible for people to perform alone.
However, as AI technology evolves, its potential for both positive and negative impacts becomes more apparent.
But just because the ugly side of AI has started to rear its head more dramatically, it doesn’t mean we should abandon the technology altogether. The key, according to Venicia, is in finding a balance. And according to Tom, this balance lies in treating AI the same way you would cybersecurity in general.
Keep reading to learn what this means.
Top of Form
Implement a Governance Framework
In cybersecurity, there is a governance framework called ISO/IEC 27000, whose goal is to provide a systematic approach to managing sensitive company information, ensuring it remains secure. A similar framework has recently been created for AI— ISO/IEC 42001.
Now, the trouble lies in the fact that many organizations “don’t even have cybersecurity, not to speak artificial intelligence,” as Tom puts it. But the truth is that they need both if they want to have a chance at managing the risks and complexities associated with AI technology, thus only reaping its benefits.
Implement an Oversight Mechanism
Fearing the risks of AI in cybersecurity, many organizations chose to forbid the usage of this technology outright within their operations. But by doing so, they also miss out on the significant benefits AI can offer in enhancing cybersecurity defenses.
So, an all-out ban on AI isn’t a solution. A well-thought-out oversight mechanism is.
According to Tom, this control framework should dictate how and when an organization uses cybersecurity and AI and when these two fields are to come in contact. It should also answer the questions of how an organization governs AI and ensures transparency.
With both of these frameworks (governance and oversight), it’s not enough to simply implement new mechanisms. Employees should also be educated and regularly trained to uphold the principles outlined in these frameworks.
Control the AI (Not the Other Way Around!)
When it comes to relying on AI, one principle should be every organization’s guiding light. Control the AI; don’t let the AI control you.
Of course, this includes controlling how the company’s employees use AI when interacting with client data, business secrets, and other sensitive information.
Now, the thing is – people don’t like to be controlled.
But without control, things can go off the rails pretty quickly.
Tom gives just one example of this. In 2022, an improperly trained (and controlled) chatbot gave an Air Canada customer inaccurate information and a non-existing discount. As a result, the customer bought a full-price ticket. A lawsuit ensued, and in 2024, the court ruled in the customer’s favor, ordering Air Canada to pay compensation.
This case alone illustrates one thing perfectly – you must have your AI systems under control. Tom hypothesizes that the system was probably affordable and easy to implement, but it eventually cost Air Canada dearly in terms of financial and reputational damage.
How Can Organizations Protect Themselves Against AI-Driven Cyberthreats?
With well-thought-out measures in place, organizations can reap the full benefits of AI in cybersecurity without worrying about the threats. But this doesn’t make the threats disappear. Even worse, these threats are only going to get better at outsmarting the organization’s defenses.
So, what can the organizations do about these threats?
Here’s what Tom and Venicia suggest.
Fight Fire With Fire
So, AI is potentially attacking your organization’s security systems? If so, use AI to defend them. Implement your own AI-enhanced threat detection systems.
But beware – this isn’t a one-and-done solution. Tom emphasizes the importance of staying current with the latest cybersecurity threats. More importantly – make sure your systems are up to date with them.
Also, never rely on a single control system. According to our experts, “layered security measures” are the way to go.
Never Stop Learning (and Training)
When it comes to AI in cybersecurity, continuous learning and training are of utmost importance – learning for your employees and training for the AI models. It’s the only way to ensure all system aspects function properly and your employees know how to use each and every one of them.
This approach should also alleviate one of the biggest concerns regarding an increasing AI implementation. Namely, employees fear that they will lose their jobs due to AI. But the truth is, the AI systems need them just as much as they need those systems.
As Tom puts it, “You need to train the AI system so it can protect you.”
That’s why studying to be a cybersecurity professional is a smart career move.
However, you’ll want to find a program that understands the importance of AI in cybersecurity and equips you to handle it properly. Get a master’s degree in Enterprise Security from OPIT, and that’s exactly what you’ll get.
Join the Bigger Fight
When it comes to cybersecurity, transparency is key. If organizations fail to report cybersecurity incidents promptly and accurately, they not only jeopardize their own security but also that of other organizations and individuals. Transparency builds trust and allows for collaboration in addressing cybersecurity threats collectively.
So, our experts urge you to engage in information sharing and collaborative efforts with other organizations, industry groups, and governmental bodies to stay ahead of threats.
How Has AI Impacted Data Protection and Privacy?
Among the challenges presented by AI, one stands out the most – the potential impact on data privacy and protection. Why? Because there’s a growing fear that personal data might be used to train large AI models.
That’s why European policymakers sprang into action and introduced the Artificial Intelligence Act in March 2024.
This regulation, implemented by the European Parliament, aims to protect fundamental rights, democracy, the rule of law, and environmental sustainability from high-risk AI. The act is akin to the well-known General Data Protection Regulation (GDPR) passed in 2016 but exclusively targets the use of AI. The good news for those fearful of AI’s potential negative impact is that every requirement imposed by this act is backed up with heavy penalties.
But how can organizations ensure customers, clients, and partners that their data is fully protected?
According to our experts, the answer is simple – transparency, transparency, and some more transparency!
Any employed AI system must be designed in a way that doesn’t jeopardize anyone’s privacy and freedom. However, it’s not enough to just design the system in such a way. You must also ensure all the stakeholders understand this design and the system’s operation. This includes providing clear information about the data being collected, how it’s being used, and the measures in place to protect it.
Beyond their immediate group of stakeholders, organizations also must ensure that their data isn’t manipulated or used against people. Tom gives an example of what must be avoided at all costs. Let’s say a client applies for a loan in a financial institution. Under no circumstances should that institution use AI to track the client’s personal data and use it against them, resulting in a loan ban. This hypothetical scenario is a clear violation of privacy and trust.
And according to Tom, “privacy is more important than ever.” The same goes for internal ethical standards organizations must develop.
Keeping Up With Cybersecurity
Like most revolutions, AI has come in fast and left many people (and organizations) scrambling to keep up. However, those who recognize that AI isn’t going anywhere have taken steps to embrace it and fully benefit from it. They see AI for what it truly is – a fundamental shift in how we approach technology and cybersecurity.
Those individuals have also chosen to advance their knowledge in the field by completing highly specialized and comprehensive programs like OPIT’s Enterprise Cybersecurity Master’s program. Coincidentally, this is also the program where you get to hear more valuable insights from Tom Vazdar, as he has essentially developed this course.
Have questions?
Visit our FAQ page or get in touch with us!
Write us at +39 335 576 0263
Get in touch at hello@opit.com
Talk to one of our Study Advisors
We are international
We can speak in: