Some eight months after the previous issue, we are delighted to provide you, dear reader, a new volume of Cybersecurity Trends. The two main topics treated within this issue here are ethics in the digital world, as well as the human and technological tools of defence. Within the edition, we have a number of articles (many translated) that have been written by some of the most prominent specialists in their fields to give you food for thought on future choices to be made by society. For example, In which kind of digital future do we desire to live, with what rules, and which is the best path for resilience, adapting ourselves and our systems to threats which have never been so mutant and so abundant? The actual situation, that of a lack of awareness, a lack of skilled security specialists, that of practical human problems when an incident happens, is excellently depicted, and constitutes the base we have to start with, and represents the completion of the “4th Industrial Revolution” and, with the 5G implementation, of the real beginning of the “4.0 era”, a new industrial revolution epoch. As an amazing gesture of disclosure, which has not happened since the Estonian Presidency of the EU in 2017, the Head of the Special Telecommunication Services of Romania delivers us insightful views and key facts right of the preparations and challenges that multiple security teams had to deal with at the end of his country’s term of EU presidency. Two lessons have to be learnt. The first is a technological surprise because of the speed of its development. Due to the number of IoT and correlated systems, in the last semester, a data upload boom exceeded, in quantity, downloads. This means a real revolution when it comes to establishing a security perimeter. The second, a real nightmare for defenders, is that brute force, zero days and file inclusion techniques, even if commonly used by criminals, are now replaced by massive attempts of code injections. This means that not only all the defensive
machinery but above all the humans in command have to be even more skilled to detect this kind of incident at its very beginning, as the damages it can create are enormous. More than ever, education, continuous capacity-building, real-time drills, human team cohesion within a company, play an even more central role than the tools themselves that are chosen and bought to secure the perimeter. And when it comes to them, as well as to other entities facing the same risks, only two words are the warrant of resilience: trust and cooperation. One area that continues to evoke debate is the status of the GDPR regulation. It has already increased awareness to authorities of issues. Already in 2019, there have been 36,000 reported breaches, twice the annual rate prior to introducing regulation, whilst Europe has had 206,000 reported cases. The original threat of fines has been lenient in many ways with only Google, Facebook and Equifax having really paid any headline sums. Whilst the GDPR regulation still needs time to settle in, it has had an impact on smaller firms due to its complexity to comply to. The US thinktank National Bureau of Economic Research identified a fall in funding by 40% of funds raised for European tech firms from venture capital sources. Whilst another thought-provoking recent headline has been that of Norwegian firm, Norsk Hydro, a global aluminium producer who were subject to a ransomware attack. This impacted 22,000 computers across 170 different sites in 40 different countries. The company chose not to pay at the cost of 235,000 employees resorting to pen and paper and an economic cost of £45 million and still counting. Whilst it is virtually impossible to stop a breach if someone is intent to find a weak spot, increasingly automation of security is key to a stronger defence and the rapid progress in this field categorized as SOAR by Gartner is outlined in another of our articles in this edition. Coming back to ethics, as they are, as for morals, a philosophical concept, their ad minimam must, in the digital world even more than in cybersecurity, have a need to be flexible enough to gather the most complete consensus possible between all the different educations, traditions, religions marking the very individual and personal culture of each inhabitant of our planet. For us, ethics meant that we had a commitment towards you our reader. The commitment not to let this journal die, no matter the amount of time and energy it needs, after the death of Romulus Maier, its co-founder. Along with the recapitalization of SOARX Ltd (trading as iCyber-Security), that took charge of the original U.K. version of Cybersecurity Trends. We gathered, the three of us, and we did what we believe we had to do, and will do each three months to offer you some of the most interesting points of view to help you to design your own security, in a moment where more than ever, each person must be aware of what to use, in which conditions, and with which protection, as we all face daily a tsunami of new products, apps, tools. To help you gain insights from across Europe and make informed choices is the aim of our work, and we wish you to have a lot of pleasure in reading some of the texts of this issue.