Alessandro Guarino, cyber security expert visiting KTU: Italy teaches internet safety to primary school children

Alessandro Guarino, founder and CEO of the cyber security consulting company StAg, visited Kaunas University of Technology (KTU) in October to give a keynote speech on the importance of security at the scientific conference ICIST 2024 organized by the KTU Faculty of Informatics. According to the expert, people today are still unaware of the dangers of virtual space and sometimes act naively.

“The biggest challenge in making cybersecurity accessible to the public is knowledge transfer. Most people are not interested in security and do not realize its importance until something serious happens,” says A. Guarino.

The purpose of social networks is to keep you in the loop

A key example was the high-profile 2018 Meta and Cambridge Analytica scandal, which involved illegally collecting information on users’ interests, behavior, and social connections to create personalized political advertisements. This led to legal investigations and fines for Meta.

“Apps such as social networks or dating platforms are designed to keep users connected for as long as possible. These apps often use users’ data, so it’s important to understand the price we pay for free access,” stresses A. Guarino.

The most common strategy to inform the public about safety is a series of rules and advice. However, according to the expert, this approach is not practical. “It’s not just about telling people what to do; it’s about explaining why it’s important. This kind of information makes it necessary to get involved and understand the threats we may face,” says the cyber security expert.

According to A. Guarino, one of the most effective strategies is to show the consequences of ignoring safety rules. He says that the threat strategy is effective, but it is more important to show the benefits of protection – the ability to avoid harm.

Information is often ignored by staff

On the business side, A. Guarino mentioned that many companies find it challenging to encourage employees to take security seriously, even when required to do so under legislation such as the General Data Protection Regulation (GDPR).

“Telling children what to do or what not to do works even worse than it does for adults; they tend to do it backward. The key is creatively showing why safety is important,” A. Guarino stresses. He says we need to do the same in business: “For years, I have been explaining to small businesses about the use of firewalls and caution when surfing the internet – as simply and clearly as possible. Unfortunately, the importance of security is only realized when a problem occurs.”

VPNs are not for security but for inaccessible content

A. Guarino said changing attitudes towards cyber security in universities is also essential.

“IT professionals don’t always look into security, but it should be part of their job. It is important to integrate a security approach into all projects from the start, not just at the end when trying to fix problems, ideally integrating cyber security modules across all IT curricula,” says the expert.

“Many people use virtual private networks (VPNs) not for security reasons but to access blocked and inaccessible content in their country. This shows that there is still a lack of security knowledge and a broader approach,” says A. Guarino.

The expert believes that we need to discern what information is conveyed by visible advertisements, which often only provide information that makes the consumer want to buy while leaving out much that is not. “We need to pay attention to who is talking about security because often commercial advertisements are only trying to sell a product, without looking at its real benefits,” shares the cybersecurity expert