Our Head of Cybersecurity Sigrun Hansen-Bock gives you a quick run through of five of the most important cyber threats you need to know about right now.
"Many have likely become more aware of the risk of hacking and data theft, but that doesn't mean the risk has decreased. On the contrary, it's more important than ever for both private and public entities to be aware of the digital threats they are facing and what can create a crisis if they are not prepared," says Sigrun Hansen Bock, Head of Cybersecurity at Tietoevry.
She recommends that the following five threats should be a part of your organization’s IT security readiness plan.
Ransomware does not only affect private individuals but also businesses and other organizations, explains Hansen Bock.
"Ransomware continues to be a lucrative cash cow for criminals. It can target both large and small entities, in both the public and private sector. While larger companies have generally become better at controlling, monitoring, and securing their business data backups, it is still essential to have an emergency plan that you do regular dry runs on so that you are fully prepared in case of an attack,
One underestimated risk is supply chain attacks, which involve data breaches occurring through suppliers or partners.
"Smaller suppliers invest less in IT security and have fewer defenses, while larger companies have stronger defense mechanisms. However, most businesses rely on smaller suppliers. Therefore, it is crucial to remember that your security is not only dependent on your own security measures but also on those of the subcontractors you integrate with. Often, we see that a small software supplier introduces vulnerabilities," says Hansen Bock.
She emphasizes that IT security should also be a part of agreements and guidelines.
"Many businesses have ethical guidelines that they also impose on subcontractors. These guidelines should also include IT security. There is significant room for improvement in this regard, and it is important to remember that it's crucial to test the entire value chain, including partners."
This year's theme for National Security Month is social manipulation, and with artificial intelligence, phishing threats have become more sophisticated.
"When we talk about phishing, it is all about how alert employees are when it comes to not falling for an email that lures them with a link or an attachment. Phishing threats still come through email, but new techniques based on artificial intelligence have increased the risk of more people being tricked into clicking on links they shouldn't or opening infected attachments," she says.
Whereas previously, criminals lured people with discounts or special offers if they clicked on a link before a given deadline, they have now moved on to impersonating the boss or a colleague who needs help approving something just before the weekend or a holiday.
"The latest trend is the manipulation of images or videos, making you even more likely to believe that the criminals are who they claim to be. It's essential to be aware of who the actual sender is," says Hansen Bock.
Cybercriminals have also used artificial intelligence to impersonate people to a much larger extent than previously seen.
"Identity theft, where criminals steal your information, is on the rise. They can then use your information to deceive others into thinking that they are you, by, for example creating a fake video."
"At the intergovernmental level, we see an increased risk globally due to the war in Europe. This makes crucial infrastructure that is managed digitally, such as water and sewage services, the electricity grid, and the internet very vulnerable.
In addition to the geopolitical situation, there is also an increased risk of espionage, says Hansen Bock.
"The very rapid technological development we are currently seeing, gives criminals conducting espionage online new tools. This is something we need to be mindful of".
The IT expert points out that it's important to allocate adequate budgets for cybersecurity.
"IT threats are not new, and while the awareness of this has certainly increased, it is still important to remember that this is not something that has 'gone away.' On the contrary, protecting your organization against data breaches is very important. I would therefore encourage all businesses to continue their good work on data security and make this a priority as they are now planning their budgets for next year".