Redefining the Approach to Cybersecurity

One of the most critical issues in cybersecurity is represented by social engineering attacks. These threats have been known for years, but it is very difficult to handle them effectively, because they are strictly related to human nature. Social engineering is not just a phishing email; indeed, it is possible to distinguish several forms of attack which combine different elements, from human to social to physical and technological. According to a psychological point of view, social engineering is a powerful means of gaining information exploiting individuals’ weaknesses. Moreover, due to the mechanisms of persuasion, widely studied in literature, it is easy to imagine how complicated the management of this threat is. Appropriate training of employees, especially of key roles of the company, can be an effective antidote to social engineering. Given the current scenario and the future perspective in cybersecurity, it is clear that the approach used to manage cybersecurity requires a radical change. Currently, the preferred cybersecurity strategy is still based on technological solutions, without brilliant results, since cyberthreats keep growing. Many are convinced that Artificial Intelligence (AI) will be an opportunity for managing cybersecurity; whether true or not, it is however evident that AI has also the power to generate new threats and to strengthen the existing ones. Therefore, we should be very prudent when technologies are presented as a miracle solution for cybersecurity problems. The starting point is that technology has to be deployed under full human control. Then, critical thinking is needed to develop alternatives to improve the current approach to cybersecurity. In short, we need to develop a multidisciplinary vision of cybersecurity, involving other disciplines and assuming different perspectives.