Governments must be held accountable and sanctioned
The illusion of digital security
We live in a digital age, where every aspect of our lives, from online payments to communications, is increasingly interconnected. This digitalization has made our societies more efficient, but it has also opened new frontiers for cybercrime. Billions of personal data are collected, stored and exchanged every day, creating a priceless treasure trove for hackers and cybercriminals.
State responsibility: a double-edged sword
States, as custodians of their citizens’ data, have a primary responsibility to ensure their security. However, we are increasingly seeing cases where this responsibility is being neglected, with potentially devastating consequences for millions of people.
Delegation to unqualified individuals: Many governments entrust the management of cybersecurity to internal bodies or offices that lack the skills and resources needed to deal with the increasingly sophisticated threats of cybercrime. This delegation often translates into a lack of investment in training, technology and adequate infrastructure.
The risk of cyberwarfare: Hybrid warfare and cyberwarfare are becoming increasingly common, with cyberattacks being used as a weapon to destabilize opposing governments. In these conflicts, a huge amount of sensitive data is compromised, exposing millions of citizens to the risk of identity theft, fraud and blackmail.
Impunity of those responsible: Despite the serious consequences of these attacks, the states responsible are often not sanctioned or punished adequately. This creates a climate of impunity that incentivizes further attacks and undermines citizens’ trust in institutions.
The case of Ukraine: a clear example
The war in Ukraine has dramatically highlighted the fragility of the cybersecurity systems of many countries. The Ukrainian DIA, the government agency responsible for managing citizens’ data, has been attacked several times by hackers, resulting in millions of documents ending up in the hands of criminals. This case demonstrates how, in conflict situations, even the most sophisticated security systems can be compromised.
Regulations: An Insufficient Palliative
States are trying to address these challenges by adopting new regulations and security standards. However, these measures often prove insufficient, as they take time to implement and are not always able to keep pace with the evolution of cyber threats. Furthermore, private companies, despite being subject to increasingly stringent regulations, are often the first victims of cyber attacks, as they represent easier and more profitable targets for criminals.
This madness must stop!
The tiredness of words and the need for concrete actions
The proliferation of round tables and international summits on cybersecurity seems more like a catwalk for declarations of intent than a real commitment to solving the problem. Meanwhile, critical infrastructures continue to be targeted, demonstrating a worrying ineffectiveness of the bodies responsible for cybersecurity.
A broken social contract
If a State decides to regulate every aspect of its citizens’ lives, taking on the role of guarantor of their rights and security, it must also necessarily take on the responsibility of protecting them from threats such as cyberattacks. When millions of personal data end up in the hands of cybercriminals, it is clear that this social contract has been broken.
The consequences of an inability
The inability to protect citizens’ data has very serious consequences, not only at an individual level (identity theft, fraud, blackmail), but also at a social and economic level. The loss of trust in institutions, the destabilization of economic systems and the threat to national security are just some of the possible consequences of inadequate cybersecurity.
The need for a paradigm shift
Ultimately, cybersecurity can no longer be considered an optional extra, but an absolute necessity. The time has come to move from words to actions and implement concrete policies to protect our data and our societies.
Change of course
It is clear that the current approach to cybersecurity is no longer sustainable. To reverse this trend, a radical paradigm shift is needed:
A new conception of cybersecurity: It is essential to transform cybersecurity from a mere technical exercise to a strategic priority, integrated into all government policies.
Experts instead of sellers: It is necessary to replace the “players” who sell products without real cybersecurity expertise with teams of experts capable of preventing and mitigating threats.
Investments in research and threat intelligence: Research is essential to anticipate new threats and develop innovative solutions. Threat intelligence, or the ability to collect and analyze information on threats, is essential to make informed decisions and prevent attacks.
Restrict journalists: I am not talking about muzzling the press, but fining sensationalism