Alessandro Guarino, founder and CEO of the cyber security consulting company StAg, visited Kaunas University of Technology (KTU) in October to give a keynote speech on the importance of security at the scientific conference ICIST 2024 organized by the KTU Faculty of Informatics. According to the expert, people today are still unaware of the dangers of virtual space and sometimes act naively.
“The biggest challenge in making cybersecurity accessible to the public is knowledge transfer. Most people are not interested in security and do not realize its importance until something serious happens,” says A. Guarino.
The purpose of social networks is to keep you in the loop
A key example was the high-profile 2018 Meta and Cambridge Analytica scandal, which involved illegally collecting information on users’ interests, behavior, and social connections to create personalized political advertisements. This led to legal investigations and fines for Meta.
“Apps such as social networks or dating platforms are designed to keep users connected for as long as possible. These apps often use users’ data, so it’s important to understand the price we pay for free access,” stresses A. Guarino.
The most common strategy to inform the public about safety is a series of rules and advice. However, according to the expert, this approach is not practical. “It’s not just about telling people what to do; it’s about explaining why it’s important. This kind of information makes it necessary to get involved and understand the threats we may face,” says the cyber security expert.
According to A. Guarino, one of the most effective strategies is to show the consequences of ignoring safety rules. He says that the threat strategy is effective, but it is more important to show the benefits of protection – the ability to avoid harm.
Information is often ignored by staff
On the business side, A. Guarino mentioned that many companies find it challenging to encourage employees to take security seriously, even when required to do so under legislation such as the General Data Protection Regulation (GDPR).