Nordic countries are in the lead when it comes to digitising society's infrastructure, but at the same time we see that awareness of threats lags behind the opportunities presented by technology.Want to know more about how we can help?
According to IBM (the cost of a data breach 2023), the average global cost of a data breach is 4,25 million dollars. We also know that in 74% of all data breaches, the human element is involved in, the breach through cases such as errors, privileged misuse, stolen credentials, or social engineering cases (2023 Data Breach Investigations Report – Verizon). Knowing this, one must prioritise awareness and risk management in a finely tuned harmony, rather than focusing too much on the technology itself.
Throughout October, we've participated in the Norwegian National Cybersecurity Month by visiting several organisations from municipalities to financial institutions, where we've discussed the challenges associated with phishing, deepfakes, and voice cloning in the light of social manipulation. These threats continue to evolve, thanks to the application of AI tools.
According to IBM (the cost of a data breach 2023), the average global cost of a data breach is 4,25 million dollars. Attackers are now using AI to personalise attacks, making them more convincing.
Phishing, the well-known method of deceiving individuals into sharing sensitive information, is becoming increasingly sophisticated. Attackers are now using AI to personalise attacks, making them more convincing. The global rarity of the Norwegian language has inadvertently shielded Norwegians from digital scams like phishing. Historically, Google Translate and similar tools struggled to effectively translate Norwegian, making it less appealing to cybercriminals seeking to cast a wide net. This underscores the importance of awareness and digital literacy.
Deepfakes and voice cloning also pose significant concerns. With AI technology, malicious actors can create realistic forgeries of video and audio, which has the potential to cause considerable harm, especially in a time when we rely heavily on digital media for information and communication.
To address these threats, we require frameworks and guidelines to steer us in the right direction. The National Institute of Standards and Technology (NIST) has developed a framework for AI risk management that can be immensely helpful. This framework offers a structure for assessing, controlling, and minimising the risks associated with AI implementation, serving as a critical tool to strengthen our digital resilience.
It’s evident that we cannot underestimate the significance of cybersecurity in our increasingly digitised world. We must work collectively as a society—comprising businesses, governmental entities, and academic institutions—to confront the challenges and opportunities that technology presents. Let's take responsibility and act now to ensure a safer and more reliable digital future.
Tietoevry recommends that businesses create a simple yet precise AI strategy. The strategy needs to focus on key characteristics such as:
What do we need AI to do for us and where can it generate value for our organisation?
Important external and internal demands the organisation needs to be compliant with should be defined and listed in the AI strategy.
The strategy should be clear on how its use of AI is synchronised with its information security strategy.
The strategy should define what kind of use is acceptable and what’s not.
The strategy should define company expectations and needs considering awareness and digital literacy.
Torkell Bjørnnes Håland specialises in information security and privacy. With a background in these fields since 2019, he has a strong expertise in safeguarding data and privacy in the digital age. With a strong focus and knowledge within governance, risk & compliance, he is determined to help clients protect their assets.