And what lessons can we learn today, from the story about an event that took place in 1854?
They've got all the information they need from their friend, Johan Isaksson, who knows about the security precautions at the bank. Planning has been done and it is time to do the crime.
Nils extends his hand behind the door frame where the key to the front door is stored. They both quickly enter. Once inside, Lars the blacksmith begins his work. He manages to open the door to the safe.
The next morning, the staff finds the bank safe open. In it are only a few coins and a note with a taunting poem. The burglars get away with 850,000 riksdalers, about 4-8 million Euro in today's monetary value, making the robbery one of the largest in Sweden’s history. Some say that it is surpassed first by the Great Train Robbery in England 1963
The authorities in Linköping are perplexed. They ask for help from the neighbouring police district’s (Norrköping) own Sherlock Holmes, Police Commissioner H.M Larsson. Larsson visits Linköping's taverns and pubs disguised as an ox trader. He finds clues which lead to the arrest of the criminals. The loot was, for the most part, found, buried in a kitchen garden not far away.
While entertaining and historically true, the above story has important lessons for us working with protecting digital data. As key learnings, I would list the following:
Physical security often consists of a protective shell, an alarm zone and a safe. This concept translates quite well into our world of digital security.
Comparing physical and digital security, you could say that Next-Generation Firewalls, email protection and strong endpoint protection etc. correspond to the shell protection (walls, doors and external locks) in the physical world. But, since competent criminals can get inside the shell, we need a place in the IT environment where security is at an even higher level – the digital safe.
It is more cost-effective to secure a small amount of the most valuable data/assets than to secure all data/assets in the organization.
Today, almost all data is digital. Most organizations have data that needs to be protected to prevent damage or financial loss. It may be financial data, data relating to the security of the nation, personal data, or trade secrets.
When we collect this sensitive data and place it in one specific place in the IT-environment, restrict access and take necessary security precautions to secure it – thus you have a digital safe.
If you are a rare case, an organization which has only public data, then you do not need a digital safe. However, you still need to protect your infrastructure so that you are not exposed to sabotage.
To build a digital safe, the important thing is to not think only about technology; routines and policies need to be in place as well. The following list can be used as a checklist for first steps when building your digital safe.
Do you have a need for a digital safe? TietoEVRY can help with pre-packaged digital safes, adapted to different forms of data where the cost is adjusted to what you need to protect.
PS. We also have a SOC (Security Operations Center) with highly skilled security analysts. One of them is called Larsson just like the police commissioner in history, but he is not from Norrköping.
Develop Cyber Resilient Systems (NIST.SP.800-160v2)
Guide to Application Whitelisting (NIST.SP.800-167)
ICSA Guide to Cryptography by Randell K.Nichols
Digital Identity Guidelines (NIST.SP.800-63)