Cybersecurity

Information Society is leading the battle for Cybersecurity

The Ministry of Digital Governance (MDG) in Greece is implementing a set of projects through Information Society for the protection of public bodies against cyberattacks.

Cybersecurity in the public sector is crucial for safeguarding sensitive information, ensuring the integrity of essential services, and maintaining public trust. Government agencies handle vast amounts of personal data and critical infrastructure, making them prime targets for cyberattacks. Effective cybersecurity measures prevent data breaches, protect national security, and ensure the continuity of public services. By investing in robust cybersecurity frameworks, the public sector can mitigate risks, respond effectively to incidents, and uphold the privacy and safety of citizens.

Continue reading

The importance of user role definition and access restrictions

Many of us have seen the cinematic masterpiece called The Lord of the Rings and can recall the scene where Pippin Took touches The Palantír (the glass orb looking thing with the eye of Sauron in it) and thus gave said villain an insight to his mind.

The bad news: Sauron knows everything Pippin knows. The good news: Pippin doesn’t know anything!

At first there is the panic when Gandalf thinks Sauron now knows everything, then there is the calmness of realising the ‘fool of a Took’ knows nothing that Sauron can use. If we compare that to real life: The panic of knowing your systems have been infiltrated, then the calmness of realising that the access is very limited and doesn’t cover any of the important parts of the IT system.

Continue reading

New Cybersecurity Master's Program in Oulu

Cybersecurity is a new study option based on the research excellence in software security at the University of Oulu. The student specialising in cybersecurity will be able to design, develop, test and evaluate systems, software or hardware for security goals in the ever evolving digital landscape​.

As a whole, artificial intelligence and the development of different AI solutions play a role in all four study options. For example, the studies can contribute to various aspects of emerging edge computing and edge AI technologies.

Continue reading

New Cybersecurity Master's Program in Oulu

Cyber security is a new study option based on the research excellence in software security at the University of Oulu. The student specialising in cyber security will be able to design, develop, test and evaluate systems, software or hardware for security goals in the ever evolving digital landscape​.

As a whole, artificial intelligence and the development of different AI solutions play a role in all four study options. For example, the studies can contribute to various aspects of emerging edge computing and edge AI technologies.

Continue reading

CS-AWARE NEXT received support from the Horizon Standardisation Booster

Our project had the opportunity to receive advisory services by the HSbooster.eu that is a European Commission initiative aiming to provide expert services to European projects to help them to increase and valorise project results by contributing to the creation of new or improvement of existing standards.

As presented in the final expert report, ‘the whole HSBooster consultancy process with CS-AWARE NEXT went fluently and there was great support by the team of CS-AWARE NEXT to identify a suitable standardisation strategy for their envisioned project results’. It is also mentioned that ‘the CS-AWARE NEXT project is on a very good track’ and that we ‘have identified a clear and actionable target’ in terms of, amongst others, ‘adding an extension to the OASIS STIX public repository’. There is no doubt that this might potentially ‘pave the way for future standardisation impacts, i.e., the inclusion of the extension in the official STIX OASIS standard’. Standardisation is, as known to all of us that have been involved in one or some other way in such a process, a long shot, but also well worth trying.

Continue reading

Enhancing your security with open-source tools

With cybersecurity gaining increased attention in Italy, it has emerged as the top priority for digital investment among businesses in 2023. Notably, both large enterprises and SMEs recognize the significance of robust cybersecurity measures. Recent data reveals that a staggering 61% of organisations with over 250 employees have chosen to boost their cybersecurity budgets in the past year. Moreover, the Italian cybersecurity market is projected to witness remarkable growth, reaching a value of 1.86 billion euros in 2022, reflecting an exceptional acceleration of +18% compared to the previous year. In this article, we delve into the realm of monitoring and analysis, exploring the potential of open-source solutions to strengthen cybersecurity defences and address the evolving challenges faced by Italian organisations. Fluentd

Continue reading

Cybersecurity – a case for advanced decision models

Advanced attacks demand advanced countermeasures. On a technical level there already is an elevated level of awareness and readiness. That is why in a first wave of attacks criminals usually focus on tricking users into opening up systems for them . While this has now been the rule for at least over a decade, the way in which these attacks are prepared now follow an almost military style approach. With new, highly distributed environments, little protected IoT systems, tools based on AI, and the weakest link in the chain, the human, not being able to invest the needed time and resources in cyber security, the rise in successful cyber-attacks is predictable . While the need for education and training is commonly accepted, the necessary significant shift in countering cyber-attacks from a purely operational to a tactical and strategic level is still an open issue in many organizations. Policy-based reactions to cyber-attacks should have long ago replaced the still prevailing bug-fixing approach to dealing with an intrusion. However, there is some light at the end of the tunnel. Learning from military and business decision making, such long overdue model-based solutions are also finding their way into the field of cyber security. The first highly successful wave of these decision models is shaped by the now legendary OODA Loop , which properly links observations (e.g., OSINT cyber threat intelligence, system monitoring) with an advanced form of classification (called orientation). These two steps, when combined properly, can provide the critical situational awareness needed to make the right decision, on which the actions taken depend. Especially in distributed collaborative environments, which typically characterize the ecosystem of projects like CS-AWARE-NEXT , these models are a welcome game changer. When applied together with well-established cyber defence frameworks such as NIST/CSF , there is an opportunity to thwart even advanced AI-based attacks. Attacks are on the rise and their sophistication is growing, but better situational awareness, advanced military grade decision models and proven cybersecurity frameworks, when applied in an integrated way can equip Security Operations Centres with the necessary tools to successfully shelter the expected oncoming heavy attack storms.

Continue reading

Data poisoning attacks

Data poisoning is an increasingly important security concern for Machine Learning (ML) systems. As machine learning models are becoming more prevalent in our lives, they are also becoming more vulnerable to malicious attacks. Data poisoning attacks are one of the most insidious and difficult-to-detect kinds of threats on ML models.

Data poisoning is a type of adversarial attack in which a cybercriminal injects malicious data into a machine learning model. These attacks can be used to manipulate the results of a machine learning system, or to redirect the system’s resources away from its intended purpose.

Continue reading

Massive increase in cyber attacks in 2022

Universities, research centers, state and military services, hospitals, communication infrastructure and banks have received numerous cyberattacks in 2022; and the worst is yet to come.

It is estimated that more than 1.000 cyberattacks per organisation take place throughout the universe, which is 38% more than 2021. In Europe in particular, the average number of attacks per target reached 1.000, with an increase of 26% when compared to 2021. In a worse position one can find the Americans, as they faced an increase of 52%!

Continue reading

CriM -- Cyber Security Seminar and Workshops -- 2022

During November 2022 we held the Cyber Security Seminar and Workshops in Oulu, Finland. This four days event has been held since 1999 and brings together teachers, researchers, experts, and students of cybersecurity: https://www.oulu.fi/en/crim.

CriM had twelve talks before lunch and three exercises in the afternoon, covering topics from incidence response to password handling. We were especially glad to hear a talk from Bart Preneel, Europe’s most pronounced cryptography expert, who reminded us at the end of his presentation to a quote from Immanuel Kant “Optimism is a moral duty”.

Continue reading