Cybersecurity Challenges: From Weak Passwords to Ruined Reputations
In the cyber kill-chain, humans can be a weapon, target, and tool to disrupt service delivery, steal data, ruin a personal or corporate reputation, or cause a political crisis. Vilnius University (VU) researchers present their project, implemented together with students and colleagues from abroad, to highlight these cyber challenges.
The scientists and students of the Institute of Computer Science of the Faculty of Mathematics and Informatics (MIF) of VU, together with other researchers from other educational institutions in the Baltic countries and Germany, are participating in the project "Increasing Security-Awareness: The Invisible Power of Digital Traces." The project aims to study human behaviour in cyberspace and the digital traces left behind and to highlight new scientific directions to solve cyber security challenges.
The scientists stressed the importance of paying attention to studying user behaviour in cyberspace. Despite active campaigns to educate the public, users are using weak passwords, i.e., clichéd or short words, which have been included in dictionaries of the most common passwords for several years. Global digitization is leading to changes in all industrial sectors, where cyber security is becoming increasingly relevant in ensuring quality services. Especially since social engineering attacks can exploit user vulnerabilities, for example, associated with existing digital identities.
Disgruntled employees can pose threats
According to project participant prof Dr Stefano Sütterlin from Albstadt-Sigmaringen University of Applied Sciences, there are often challenges associated with insider threats in organizations. For example, due to employee dissatisfaction with work or management principles.
"An authorized user can access the organization's data or systems. It can harm systems unintentionally, with no malicious intent, simply by carelessly handling sensitive data. But dismissed employees dissatisfied with the company's policies can threaten the company's assets, such as intellectual property and reputation," says the professor.
According to the project manager Dr Agnė Brilingaitė, the project connects IT and psychological sciences: "The combination of different sciences makes it possible to properly take into account the traces left by the user in cyberspace, including digital identities, which enable profiling, allowing to customize the content, but at the same time create artefacts for social engineering attacks."
Assoc. Prof. Dr Ricardo G. Lugo from the Norwegian University of Science and Technology highlights the importance of communication in cyber operations centres and the communication barriers between IT and non-IT personnel. For her part, Vidzeme University of Applied Sciences assoc. Prof. Dr Ginta Majore distinguishes the digital twins in eco-cyber-physical systems and their security challenges. "Remote sensors send information that shows what actions the operator needs to take, so it is important to carry out appropriate simulations and provide measures to protect the sensors," says the professor.
The participants tried out the laser shooting range
In September, the Cybersecurity Laboratory of the Institute of Computer Science, together with the General Jonas Žemaitis Military Academy of Lithuania, organised a three-day cybersecurity event as part of the project "Increasing Security Awareness: the Invisible Power of Digital Traces." Guests from Albstadt-Sigmaringen University (ASU), Vidzeme University of Applied Sciences (ViA), Tallinn University of Technology (TTU), and the Norwegian University of Science and Technology (NTNU) attended the event.
One of the project's aims was to engage students in research activities and highlight the cybersecurity challenges. Students of the VU Faculty of Mathematics and Informatics from the Information Technologies and Computer Modelling study programmes and international exchange students and students from the German partner institution attended the event. The project and the Erasmus+ programme funded the German students' visit.
LKA allowed the participants to try out the laser shooting range. After this activity, the participants played an interactive cybersecurity scenario related to the timely notification of the information security manager about a cyber incident. Prof. Dr Aušrius Juozapavičius (LKA) prepared the scenario and commented on the competencies demonstrated by the participants. Prof. Dr Olaf Maennelis (TTU) observed how participants make decisions based on presented system artefacts and described scenario conditions. According to him, the created scenario reflects the potential challenges of a cyber specialist in making decisions according to established procedures in the event of an incident.
Head of the Cyber Security Laboratory, Dr Linas Bukauskas emphasises that such events provide the community with a better understanding of the scientific activities carried out at the University, reveal the scientific challenges in the subject area, and allow the students to develop general intercultural communication competencies.
Rimantė Andrijauskaitė and Austėja Bauraitė, students of the VU Information Technologies study program participating in the project, are delighted not only with the opportunities to develop skills but also with the contacts made, which will lead to future joint projects.
"It's nice to meet like-minded people with whom the discussions are interesting and natural, no matter where they are from," VU student A. Bauraitė shared her impressions.
The project will end already this month, so the team that met at the end of September reviewed the activities of the last six months. Prof. Dr A. Juozapavičius is happy with the results: "It was a pleasure to visit Germany and hear them present cybersecurity topics they found interesting. Seminars back in Lithuania were no less exciting when Vilnius University students presented their research on cutting-edge topics. I'm sure the students from both sides benefited greatly from meeting each other".
This project of the Baltic-German University Liaison Office is supported by the German Academic Ex-change Service (DAAD) with funds from the Foreign Office of the Federal Republic of Germany.